Not able to schedule a report in report sender app
![![alt text][1]][1] [1]: /storage/temp/72218-report-sender.jpg we entered in the URL and Crontab fields but are not able to save it. i downloaded casper.js and phatom.js and placed it in the splunk...
View ArticleProblematic mvtruncate Search Macro in SA-Utils
The default mvtruncate(3) macro that comes with SA_Utils 3.4.0 is eval $output$=if(mvcount($input$)>$count$,mvappend(mvindex(**src**,0,$count$-1),NULL,"...truncated..."),$input$) It makes more sense...
View ArticleCisco CallManager RTMT AlternateSyslog
Hey Gang, I have a user that wants us to ingest Cisco CallManager AlternateSyslogs into Splunk. These apparently come out of a system known as Real Time Monitoring Tool (RTMT). I was curious if anyone...
View ArticleCreating SSL certificates for receiving vs for SplunkWeb -- different process?
I'm trying to setup new Splunk indexers to replace our older ones. I want to set them up similarly to the old indexers where splunkweb is secured but also the indexers receive forwarder traffic via...
View ArticleExecuting scripts that depend on Python scripts
Hi, I'm having a hard time executing a very small bash script that needs to call `yum` in my Splunk app. The script is written in bash, and attempts to execute the following command: yum check-update |...
View ArticleWhat's new in Splunk Enterprise 6.3.1?
Hi everyone What's new in Splunk Enterprise 6.3.1? I already have Splunk Enterprise 6.3.0. Where can I find the changes in this new version? Thanks,
View ArticleWhy are fields not being extracted from my iis logs
I am running version 6.3.0 on my indexer and all my universal forwarders. I'm currently trying to get things configured properly on one of my iis servers before pushing this configuration out to all of...
View ArticleHow to extract the date from CSV to use as the _time field?
Date Time Sail Date Ship_Code Duration Activity_Code Book_Type Cabin # Channel Id Location Code 20151023 000001 151116 FS 5 NBK I R57 IC IC Let me explain the scenario in details. I am very new to...
View ArticleSplunk App/Add-on for AWS: How to modify aws:s3 sourcetype?
So we are using the aws add on to retrieve elb logs from a s3 bucket. The logs are simply 1 event per a line. But splunk is having trouble indexing them. So the events look something like this: Svl...
View ArticleHow to set a Static threshold value on Line chart
Here is my search for transaction response times on web logs: index=bridger sourcetype=bridger_wbs_txns User_ID=rtm_primary_1 | eval "Transaction time"= Trans_time | timechart max(Transaction time),...
View ArticleIs there a version of the Bit9 Security Platform without Flash?
I really like the Bit9 Security Platform app, but not only do I really hate Flash, but it is banned from running in more and more browsers, and I refuse to allow it on my Linux workstation at all. Are...
View ArticleDo we need to install the Palo Alto Networks App for Splunk on all of our...
We want to install the app on our search head that is running our Security app. it seems silly to me to have to connect the app on all our indexers and search heads. the reason I am asking is that In...
View ArticleHow do I handle performance issues for large KML/KMZ files for geom /...
Hi, I followed the guide here: http://blogs.splunk.com/2015/10/01/use-custom-polygons-in-your-choropleth-maps/ to create my own KML files. After hours ... well **days** of diving into openstreetmap...
View ArticleSplunk App for AWS not pulling all Volume resources
Hello, I just deployed the Splunk App for AWS, and immediately, we noticed that the Splunk Addon for AWS is not pulling in all the EBS volumes information from AWS. The discrepancy is rather large as...
View ArticleIs there a way to save a dashboard slideshow?
I am attempting to create and executive dashboard slideshow, however, I can't find the function to save the slideshow dashboard setup so that I can provide it to the executives. Is there a...
View ArticleWhy is timechart returning null results if eval returns a value less than 1?
I'm finding that timechart is returning null results if my number is less than 1. earliest=-3d latest=-1d sourcetype=foo | timechart span=1h avg(value) as myValue by host If the overall average of...
View Articleepoch _time conversion
Hello, I'm trying to retrieve a readable time value from a time stamp, so I ran this command: eval "Time of most recent Update"=tostring(_time,"duration") and I get back a value like this:...
View ArticleWhy am I getting "ImportError: undefined symbol: PyUnicodeUCS2_Decode" with...
This isn't a question, but a heads-up. On Red Hat 7, the distro Python and the Splunk Python don't get along. Red Hat's management tools are written in Python so this can be especially problematic....
View ArticleHow do I configure props.conf to split a json array into multiple events?
Below is sample json input I am getting from REST API: { [-] calls: [ [-] { [-] apiName: Mobileshop apiVersion: 1 appName: MyAPP bytesSent: 228 datetime: 2015-11-09T10:30:38.786Z devOrgName: xyz...
View ArticleIs it possible to eliminate those default fields extracted by Splunk?
Hi I want to eliminate the default fields like punct, date_way, date_year, etc, or at least hide them.
View Article