Trouble trying to integrate Dropbox for Business app to splunk
I am trying to configure a new splunk instance to connect to my Dropbox for business team. I have downloaded the app and installed via https://www.dropbox.com/app-integrations/splunk. I am having...
View ArticleScheduled report runs slower each time (time creep) despite acceleration
I have a scheduled report that runs at minute 05 for events seen in the last hour on the hour (one full hour of data) for All Time (required for stats). The report is accelerated for All Time. The...
View ArticleAutomatic Index Creation on Indexer
Hi, I have a use case where we want build trust between app server and Splunk indexer such that whenever there is post message from app server to the Indexer it should check the index = app name ; if...
View ArticleRegex help
- com.texh.servers.policy.assertion.ServerAuditDetailAssertion: com.texh.log.custom.Applications: com.texh.log.custom.paymentRedirects: com.texh.log.custom.Permission: com.texh.logs.system.Application:...
View ArticleRegex Help! "Extracting words before column"
Events: com.texh.servers.policy.assertion.ServerAuditDetailAssertion: 9879: com.texh.log.custom.Applications: 9999: com.texh.log.custom.paymentRedirects: 8800: com.texh.log.custom.Permission: 9999:...
View ArticleLookup command doesn't support dot notation in field name
Hi, I'm working with Threatconnect lookup created by their add on, one of the kvstores has one field within a collection, the field name in the kvstore definition is tag, that field has multiple values...
View ArticleHow to compare fields value with old fields value
I am trying to make a search that will compare the fields value with the old fields value to determine if there is any change in the value over time or if there is a new field added. For example, say I...
View ArticleHow to pass values from previous search into map search
Hello all, my search is below: index=tcxelevate_webpos registerType=kioskBridge registerNbr=* countryCode=US tagName=CLIENT_INITIALIZATION enterpriseId=prod storeId=* storeId!=4184 AND storeId!=0001 |...
View ArticleIntermediate forwarder not sending data
I have a UF sending to a UF sending to Splunk. The intermediate UF is sending data but just from that host. The first UF's data is not getting to Splunk. Intermediate UF IP 10.0.1.18 Splunk IP...
View Articlelargest single day result in a 90 day period
I have a search to find total ingest into splunk, which i can run for a day or against a longer period by using the time picker. If you run it against a 24 hour period it tells you how much raw data...
View ArticleInstall apps for into the deployment-apps directory for deployment?
All, Is there an app or utility so I can from the forwarder manager UI upload apps into the Deployment-apps directory?
View ArticleHow to estimate indexer data replication time from complete failure?
I was asked to come up with some rough numbers on how long it would take to rebuild an indexer if one completely died. So, if I were to remove an existing indexer from my multi-site cluster (2 sites)...
View Articlehow to delete the unwanted special characters in alphanumeric string?
i have a string as below , I need to delete the below special character and make the below as a single value 123asdsd-123j;123gasds-1234iujh , with this create a new field value as...
View ArticleManual data import error - EOF occurred in violation of protocol (_ssl.c:741)
Hi, When manually uploading files through a Splunk 7.3.0 web interface I’m receiving the error “EOF occurred in violation of protocol (_ssl.c:741)”. The error occurs on the ‘select source’ screen when...
View ArticleRegex Help! "Extracting word before column"
Events: com.texh.servers.policy.assertion.ServerAuditDetailAssertion: 9879: com.texh.log.custom.Applications: 9999: com.texh.log.custom.paymentRedirects: 8800: com.texh.log.custom.Permission: 9999:...
View ArticleGiven log data, can I calculate accuracy and output it in a dashboard?
Hello, My events look like this: 2019-10-10T17:51:40+00:00 action="updateDate->saveDatesFromDataMining", 0={"urlupdateid":1371955,"datetype":"Review date","datevalue":"10/03/2019"},...
View ArticleGetting an Error in 'eval' command: The expression is malformed. Expected ).
Hello, So I know this exact same error has been brought up by others here. However, my query is a simple one and the error is not making sense to me. I have the parentheses opened and closed in what i...
View ArticleRegex for fields
Hi All, can you please help in extracting three fields from below data using regex Name code Type Below are three different type of values , out of which I need to extract Name code Type...
View ArticleCan anyone help me with my sizing and performance considerations?
Hello! I have a small distributed deployment consisting of 2 search heads (16 cores each) and 2 indexers (24 cores each). There are about 900 saved searches to govern critical alerting with the...
View ArticleMigrating an index configuration from a single instance to an indexer cluster
I have a custom index defined in `apps/search/local/indexes.conf` that receives data pretty much continuously. In migrating from a single instance deployment to a clustered indexer with seperate shc....
View Article