Match field values of two fields
Hi, If I have a table 'X' and 'Y' , I want to be able to compare if any individual comma separated value in Y is a part of the values of X (values of Y remain fixed) X : abc/xyz.xlsx...
View Articlehelp on a clever stats count in order to calculate a volume
hello I use the search below in order to calcul a volume in % As you can see, I first calculate events where process_cpu_used_percent>80 (before appendcols) and then I count the total number of...
View ArticleMultiple sourcetypes and listenners on the same udp port.
I have some questions concerning a Splunk deployment i'm working on, we have a single Splunk instance and we want to forward all the logs from network equipment to it directly. Can we send all the data...
View ArticleYour Splunk license expired or you have exceeded your license limit too many...
I'm trying to use Splunk Enterprise at my company and I get this error about my splunk license. Our company is licensed, so I'm wondering if Splunk is somehow looking at my work PC/personal license...
View ArticleField extraction based on position of character
Hi, I have field that gives me NETBOS of a Host. Sample Host Name: 123456W12345678 The 7th character makes the identification for whether it is server or not a server. How to extract this 7th character...
View Articleis there a way to import local changes on SHC peers' apps back to the deployer?
Dear comunity, **I would like to maintain the search peers' status of every app in the deployer, and not on search peers' local folder.** I really like to have every single configuration and app in the...
View ArticleSplunk forwarder behind a one way data diode. UDP help
Hello, So as a high level overview, I have a raspberry pi 4 that i will use to configure a forwarder to purely forward UDP information through my data diode and into my splunk clustered indexers. My...
View ArticleHow to use regex to look for hosts from /24, /25, and /26 subnets?
I have a dozen /24 subnets that I am looking to find any IP addresses on that subnet in my search as well as a addresses from several /25 and /26 subnets. Thanks, in advance.
View Articlewhat are the possible causes for the marked sign?
i am logged in at indexer and getting red marked sign along with Administrator tab at web panel(port:8000) what are the possible causes for this? thanks in advance
View ArticleAlert if no Up alert received within 5 minutes
Hi, I am currently using Splunk for SNMP Up/Down traps for interfaces. We are currently alerting for each Up/Down alert that comes in via a log file and it's getting quite messy, as quite often an Up...
View ArticleSplunk App for Windows Infra: Group Changes dashboard "Member" field empty in...
So when performing a dashboard search for Group Changes it for some reason does not want to show the user account or member that was added/removed from the group in the 'Membership Changes' part of the...
View ArticleNeed help to speed up a search
the below search is what I have working now to see what users are not in the first event code. index="wineventlog" EventCode="4723" status=success | regex...
View ArticleWhy isn't Splunk ingesting new rows from my CSV file?
I have a 4-server Splunk scenario: 1. index server 2. deployment server 3. search head server 4. deployment client server (w/ a Splunk Universal Forwarder known to be configured correctly and working,...
View ArticleHow to build a chart on unique field
I am trying to achieve building multiple area graph on one chart where my input is: foo=blue foo=purple foo=red foo=red foo=red foo=purple And when I do splunk search, I would expect my search to be:...
View ArticleTime conversion from milliseconds to break down to days hours minutes seconds
I have been working on a search that gives a duration breakdown. I am trying to achieve: thehost theip c_time clean_date tap whocares diff vex 127.0.0.1 10/9/2019 10:02 7/2/2018 4:59 1.0.0.127 recluse...
View ArticleQuestion about MLTK: Does it support multi-output classification?
Does the MLTK support multi-output classification, i.e., more than 1 predicted field? Thank you.
View ArticleHow to migrate Splunk enterprise to new hardware
Is anyone here can share the best practice on how to migrate Splunk enterprise to new hardware? my system include: 2 deployment servers (one for each zone) 4 HFs (two for each zone) 1 cluster master 7...
View ArticleDo splunk commands send output to stdout?
When you run ‘splunk status’ or ‘splunk start’ etc., is the output sent to stdout? I’m working with an automations script, and while commands like ‘ls -la’ return the resulting text, for some reason,...
View ArticleIntegrate Splunk Support portal tickets with on-prem Splunk
Hey All, Kind of an off the wall question here. Does anyone know of an API or a way to query our Splunk support portal accounts to pull ticket information? Would love to be able to create a dashboard...
View ArticleCompatibility between forward linux server 32 bit and indexer version 7.2.6
¿Is there an incompatibility problem between the Linux 32 bit agent version (splunkforwarder-6.6.12-ff1b28d42e4c-Linux-i686) and the indexer version (7.2.6 Splunk Enterprise)? or are they fully...
View Article