Please help for ssl for splunkd - Splunk runs but cannot log in and is slow
Hello I want to secure splunkd DS->clients with self-signed ssl cert but for some reason it doesn't work. From splunk docs , I followed this:...
View ArticleCall custom command on drilldown from a dashboard.
Hello Splunk Developers I need to call a custom command on click of a drilldown on a table cell in dashboard. The action should call the custom command behind the screen and upon completion of command...
View Articlelookup csv file contains multiple occurrences of items. Need to query an...
lookup csv format where EVENT_ID can have multiple SiteID fields and SiteID can have multiple EVENT_IDs. Only SiteID is a field in the splunk index. YEAR, SiteID, earliest_date, latest_date, EVENT_ID...
View Articlecustom field values with space character
i can not search custom field values(with space character) that JSON type data coming from jira app. for example customfield1 ="abc abc" but if I use spath function inside Splunk search I can filtre...
View ArticleBest way to format out time field for average time
I am using the linux time command to see how long it takes to run a process. My logs show as runtime=0m0.000s So example would be runtime=2m47.012s What is the best way to parse the output that the...
View ArticleDynamically passing time-picker token in startime for "|gentimes"
Hello all, I have a dashboard and I need the "|gentimes" command to generate dynamic values accordingly to the selected time picker. Picking up the earliest event from the search. | gentimes...
View ArticleCLI Search comand: why does search that includes a field name fail?
This cli `search` command works from a machine with a universal forwarder: `splunk search "index="foo" earliest=-7d | sort -SensorDateTime | stats first(SensorDateTime) by bar" -preview false -uri...
View ArticleHow to make Eventgen replay raw data?
I am reaching my wits end on this issue, as I have been trying to get Eventgen to work for over a month now. I have many raw log files (XXX.windows) I want eventgen to replay into Splunk but I can't...
View ArticleBlacklist stanza not working
Hi , i am having an issue to blacklist a monitor file i tries using it blacklist but still the data is ingesting , Here is my stanza : C:\xxxx\logs\logfiles\x2svp*\*.log blacklist =...
View ArticleIs there a way to automate diag to support?
All, Silly question - Is there a way to automate the sending of diags to Splunk support? I'd like to know they have current diags on file at anytime. If I can submit one nightly to them and they keep...
View ArticleHow to Calculate Splunk User Password Age
Greetings, I use Splunk local authentication mode and have enabled password policy. I want to calculate the password age of all users to improve my user management, but I haven't found any REST API...
View ArticleCan I pass a time/date into the "latest" time modifier
I have a search created that alerts when a user has used remote desktop to log into a domain controller. It works splendidly. I am now enhancing the search to first check to see if there is an entry...
View ArticleUnderstanding KMeans Clustering
So I'm new to the Machine Learning Toolkit and I'm trying to model something that I thought would be somewhat straightforward, but I'm beginning to realize that I might need more of an understanding of...
View Articleextract uri
/hk-zh/shop/buy-phone/phone-1/5.8-%E5%90%8B%E9%A1%AF%E7%A4%BA%E5%99%A8-256gb-%E9%8A%80%E8%89%B2 1059 /hk/shop/buy-phone/phoneSS/5.5-inch-display-128gb-rose-gold 493...
View ArticleCan any one provide help on Sorting the result set or removing paging on...
Hi All, I am trying to create a trellis chart to provide the details of 32 components. Trellis chart is showing just 20 components on a page and next 12 components are showing in a different page. I...
View ArticleTrying to search two Indexes based on matching fields and add fields from...
I'm new to splunk And i'm trying to add some logic to reduce false positives I have two indexes Index=A index=B Both indexes have a field that have the same data I can match on Index A has a field...
View ArticleSplunk App for Infrastructure: Http Event Collector Tokens
Hello, I'm trying to set up some monitoring/dashboards for the infra in our team. I've installed Splunk App & Add-on for Infrastructure and it needs me to set up a HTTP Event Collector (HEC)....
View ArticleSplunk App For VMware. DCN. avoid collecting some data
Is there a way to not collect a whole sourcetype? I do not wish to collect vmware:perf:datastore, vmware:perf:disk maybe more. AFAIK, adding to "VM Metric Blacklist" will only not index specific...
View ArticleFormatMessage was unable to decode error (193), (0xc1)
10-07-2019 13:33:23.696 -0700 ERROR ExecProcessor - Couldn't start command ""C:\Program Files\SplunkUniversalForwarder\etc\apps\test\bin\abc.ps1"": FormatMessage was unable to decode error (193), (0xc1)
View ArticleOne user logging into multiple systems at or around the same time - Cisco ISE
Writing a Splunk report that looks for multiple users logged into the same machine at or around the same time frame. I can’t think of an ISE value that would indicate a user (such as myself) logging...
View Article