Admin user accout delete on splunk Enterprise 7.0.1
Hi Splunker I have a question about splunk Enterprise 7.0.1 For security reason, my customer want to disable or delete admin account(default) ? Are there people who experienced similar my case? Thank you
View ArticleHow To Fix Search Box's Timepicker Preset Truncate Issue
It wasn't like this before. All of a sudden, it truncated the options. ![alt text][1] [1]: /storage/temp/274853-preset-time.png
View ArticleHow can i parse the value in this line
I have the following line. I would like to parse the githash from it. [08/Oct/2019:05:08:31 +0000] 200 \"GET / HTTP/1.1\" 1203 \"-\" ,"source":"stdout", "tag":...
View ArticleUniversal Forwarder DNS resolution
Good day to all, Since I didn't find an search results on this topic, does UF do any DNS resolution for the events (windows or whatsoever) that reads ? I believe that doesn't do but I would like some...
View ArticleDisable SSL2, SSL3 and TLS1.0 globally
Hi We have a clustered index setup (two indexers) on 7.1.1 and 3 search heads (unclustered). What is the recommended method to disable SSL and TLS1.0 globally on all forwarders, indexers and search...
View ArticleHow to add inputs not use add-on builder?
Hello, I created an add-on using Add-on Builder and added inputs using Builder. Now I have to add new inputs to the add-in, but not use Add-on Builder, how can I do this? I am writing three Python...
View ArticleSplunk vs Dynatrace
Hello, I am trying to make a comparison between dynatrace and splunk. In my project we are already using Splunk and we will have dynatrace very soon. But i want to understand is it really worth having...
View ArticleCannot sum two numbers
I have the following problem: I have a variable "number_of_past_events" which comes from a **"| inputlookup file.csv"** and another variable from a sub search " **nr_events"**. When I try to create a...
View ArticleHow to get the count for this JSON value pair
I want to get the count for the key value pair and make it in a table. Could anyone please help me on this. My sample data looks like below: I want to take the count of Name alone. School {Name :...
View ArticleHow to get the count value for JSON key value pair
I have to get the count for the below JSON key value pair. Could any one please suggest the query to get those count. Sample data as below , here i has to get the count of grade to know how many...
View ArticleDMC ALert - Missing forwarder for zombie entry
Hi, I am getting a DMC alert for a missing forwarder even though that one (at least by client name, but not UUID) exists. Backgroud story: Forwarder was deleted completely on source system (don't...
View ArticleHuawei eSight Open API login authentication fails
**Step 1:** I have to use "PUT" to login to my system and obtain a login token. Webtools curl command only supports GET, POST and DELETE as stated in the documentation. When I choose **method=put** I...
View ArticleI want to publish a formatted .csv via email in splunk
Hi Team, I have well formatted data into a .csv, just I have publish the data(.csv) as it is on email in well color format. What approach shall I use in splunk(like Dataset, lookups or anything)...
View ArticleStats 2 results together and filling in the blank fields with...
I need to create volume-base alerts so we know when volume drops. The services we need to monitor are usually suffixed with its version (e.g. placeOrder is actually placeOrder_v1, placeOrder_v2, etc)...
View ArticleDynamic drop down list issue
Hi All, I would like to automatically populate the drop drop down list using one of the 2 fields or both. The issue is that I have to click in both input fields to trigger "Search on change" In the img...
View ArticleHow do you find the percent of each srcip within a stats command?
base search | stats values(srcip) as Source count by catdesc Above is my search. The results now yield each category description (catdesc) and lists each srcip for the catdesc. How do I break down each...
View ArticleUser access based on index
Hi, I want to set up various user roles to users in my splunk instances. Like Users from Group A should only have access to index A and So on. I tried 1. creating a new role called UserGroupA and add...
View Articlehow to setup a checkpoint for Team Viewer logs pull with Splunk Add-on Builder
HI guys I am using the Splunk Add-on Builder to create an app that would fetch us logs from Team Viewer. We can pull the connections logs by using a Rest Api call, The issue is that we are getting open...
View ArticleUTC to CST conversion
We are receiving event on our syslog collector in UTC timezome. Below is the sample event I have configured the below props on our search head, My assumption was it will pick the searchhead timezone...
View ArticleCan Splunk audit logs be deleted by a user who has access to the Splunk server?
Is it possible for a user who has access to the Splunk server delete audit logs in splunk? Auditors do not want our developers to have the ability to delete Splunk audit logs. But, our developers do...
View Article