Transaction, ignore endswith if startswith doesn't exist
I've an issue where my transaction search finds endswith events with no startswith events. Not to go into too much detail but this is due to a funky way that Cisco logs OSPF events when DMVPN is...
View ArticleJoin multiple source to build a network path
Hi all, I have the following dataset: Source A: "DEVICE INFO" Source B: "SOURCE" (maps to SourceA DEVICE),"SOURCE_PORTS",DESTINATION, DESTINATION_PORTS Source C: "SOURCE" (which is the DESTINATION of...
View ArticleMicrosoft Azure Add-on for Splunk (TA-MS-AAD) Version 2.0.0 Hanging Post...
Upgraded app today - was able to enter configuration data but on entering the inputs menu it just hangs.. tried disabling all inputs that are new by editing the .conf to see if that helped but no luck....
View ArticleHow to send alert based on number of occurrences by using email trigger
Hi, I have an requirement that need to schedule the below search query for every 2 mins(it can be given in corn schedule */2 * * * *) but it should not trigger mail immediately even breach threshold...
View ArticleHow to get transaction to ignore endswith if startswith doesn't exist
I have an issue where my transaction search finds endswith events with no startswith events. Not to go into too much detail but this is due to a funky way that Cisco logs OSPF events when DMVPN is...
View ArticleEvents indexing with wrong time stamp
Hi, A csv file has the format dd-mm-year hh:mm. Splunk swap the day and month for the events for the first 9 days of a month. For example an event with a date 09-10-2019 05:05 (9 October 2019) is...
View ArticlePostgres input issue
I'm traying to migrate data from a Postgres database to Splunk. I decided to use Splunk DB Connect to indexing all information, at first we had some problems to configure the data input but now it’s...
View ArticleGet earliest and latest from time filter
I am using a dashboard with some filters including the built int time input for the events. For the queries in the chart Iam using **$duration.earliest$** and **$duration.latest$** for earliest and...
View ArticleHow do I set up inputs.conf to allow for a cloud application to send syslog...
Our anti-virus application is located in the "cloud" and is sending syslog data to the indexer over TCP port 6514. The application has the ability to use SSL to encrypt this data. Looking at previous...
View ArticleHow to join multiple sources to build a network path
Hi all, I have the following dataset: **Source A: "DEVICE INFO" Source B: "SOURCE" (maps to SourceA DEVICE),"SOURCE_PORTS",DESTINATION, DESTINATION_PORTS Source C: "SOURCE" (which is the DESTINATION of...
View ArticleWhy are events indexing with the wrong time stamp
Hi, A csv file has the format dd-mm-year hh:mm. Splunk swap the day and month for the events for the first 9 days of a month. For example an event with a date 09-10-2019 05:05 (9 October 2019) is...
View ArticleIs it possible to center the value of a panel?
Hi ! I have a question, it is possible to center the content of a single value panel if the panel width should be 2.8 px, as seen in the image the value is outside the panel width ![alt text][1]...
View ArticleeNcore eStreamer 3.6.1 fieldalias not being applied
Deploying eNcore eStreamer 3.6.1 I have found that the field alias for intrusion signatures is not being applied in my searches: ./splunk cmd btool props list cisco:estreamer:data | grep ALIAS ......
View ArticleHow to pass parameters in custom search command without field camp?
> **How can i run a search command passing an argument to python script via sys.argv?** **My script:** import requests import sys import json from splunklib.searchcommands import \ dispatch,...
View ArticleImporting Data From One index to my Splunk Enterprise
Hi guys, I am trying to import data from an index provided by the instructor of a **Splunk training course**. **Follow the steps below:** To Import Course Example Data: Navigate to...
View ArticleCisco IOS and TA not showing data in dashboards
I have a distributed environment: Splunk Enterprise 7.2.4 All infrastructure is RHEL 7.x Search head cluster (5 search heads) Multisite Index cluster (20 indexers) Cisco devices -sending data to-->...
View ArticleHuge duplicate and unwanted data into Index
Dear All, We are getting huge duplicate data and unwanted data into splunk and while we are querying the performance is getting effected. Below is the senario: We are using HF to push the data into...
View ArticleMicrosoft Azure Add-on for Splunk (TA-MS-AAD) Version 2.0.0 Hanging Post...
Upgraded app today - was able to enter configuration data but on entering the inputs menu it just hangs.. tried disabling all inputs that are new by editing the .conf to see if that helped but no luck....
View ArticleMulti search / correlate conundrum
Sorry for not spelling the problem out in the title, I'm a bit stuck even for the correct language to describe my puzzle. It's best I explain... I have one index full of log data like the following:...
View ArticleFilter dynamically based on string match across two different lookups
Hi, I am new to Splunk and am stuck at the this problem. To elaborate: I have attached example of datasets and the desired result table that I am working with here. Datasets that I am using are KVStore...
View Article