Quantcast
Channel: Questions in topic: "splunk-enterprise"
Browsing all 47296 articles
Browse latest View live

Bit9 Security Platform: Why am I not getting any "Trust" information in...

Followed the install instructions, everything else seems to be working as expected, but any dashboard panel that references Trust scores is showing no data... All other panels are working great. Any...

View Article


High RAM usage when index "os" is searched

Splunk is running on a VM with 6 virtual cores, 24 GB RAM and windows OS. We have installed Splunk Universal Forwarders one two Linux systems and we have also installed the nix add on. We have enabled...

View Article


Displaying largest value from Multiple Extractions in each Event

Hi all, I have multiple events, where in each individual event Im extracting multiple fields using regex, essentially it looks like this where each BU is a separate field I'm extracting from the event...

View Article

Add alert/report emails be added to a mail queue

We experienced an issue with having Splunk send mails via our enterprise mailserver. Due to the number of emails being sent within a short amount of time, the mailserver rejected a handful of the...

View Article

Timestamp lookahead questions

Hi I have the following configuration: timestamp format : %c timestamp prefix: `Start\sTime:\s+` lookahead: ??? I want a configuration that will look for the timestamp through the entire event...

View Article


Single slash as part of REGEX

Hello all, I have the following query which gives me the required results, but I can't get the regex command to INCLUDE the single slash in front of the file.exe. I want to do this to prevent the query...

View Article

how to make sure fields are available for custom ReportingCommand?

I have a working custom ReportingCommand in place, using the Python SDK 1.5.0. My command needs some fields that have been placed in the event by some transforms for the sourcetype. I have a problem:...

View Article

This license does not support being a remote master.

Error - Bad request- In handler 'localslave'. editTracker failed, reason='WARN': path=/masterlm/usage: This license does not support being a remote master. Actually what I'm looking is as of now I done...

View Article


Help with replacing values

Hi, I have my output I was looking for, but was wondering if there was a cleaner way to do it. Basically I have a field like such f1||f2||f3||f4. f2 and f3 can be null in some cases. If they are null I...

View Article


how to know app is synced between deployments-server and clients without RDP...

i have a deployment-server and 3000 clients, i made changes to one of the app, and it should pushed to all the forwarder agents which is associated with the app. Here comes my challenge, what if i have...

View Article

Is there a REST API call or other method to check which files were processed...

I have a customer complaining that one of the sourcetype data is not appearing for couple of days in the past. I see the files for those dates are available in customer's server, but Splunk didn't pick...

View Article

How do I edit my Splunk forwarder blacklist configuration to exclude a...

I am trying to customize the Splunk Forwarder to send only certain logs. It looks like it is working correctly when I only add event IDs to the blacklist. What I would like to do is also add specific...

View Article

How to get refresh tokens via Python script?

Hello dear Splunkers, I'm working on a connector between Google Analytics and Splunk. So far, I have everything working, except for one thing: getting a refresh_token. I've implemented the following...

View Article


After upgrading Windows forwarders from Splunk 6.1.1 to 6.3, why are we...

We recently started trying to upgrade our Windows forwarder installations from 6.1.1 to 6.3, after the upgrade, the Forwarder management page states the forwarder has errors installing. The...

View Article

How many search heads should I have in my environment for X amount of users?

I’m at the point where I think I need to increase the number of search heads for the current usage base and future user growth. Currently there is just the one search head serviced by two load balanced...

View Article


Why am I seeing an inconsistent number of results using the Splunk Java SDK?

I have a Java program that uses the Splunk SDK 1.5.0 to set up a service, create a job, and get the result count like so: HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2); ServiceArgs...

View Article

Is the Splunk 6.3 universal forwarder using 90% of your CPUs?

I'm not sure how long it has been happening, but I began to see it across our UFs today.

View Article


streamstats to get last value with field clause

I'm using streamstats to get some values from the last event, but I need to do it where that last event has a property matching a value. So I'm trying to solve the problem of inaccurate...

View Article

Splunk Support for Active Directory: LDAPSEARCH LDAPGROUP filter not...

Hello, I have used the LDAPSearch/LDAP group command to retrieve the members of a group. It returns the members "dn" and shows either "direct" or "nested", but the documentation states if it returns...

View Article

How to configure OAUTH2 for the REST API Modular Input ?

Hi guys. I've just downloaded the REST API Modular Input, and I have some doubts about its configurations using OAUTH2. Here are two fields I'm in doubt in: OAUTH 2 Token Refresh URL -> what URL...

View Article
Browsing all 47296 articles
Browse latest View live