What does passwords.conf for splunk add-on for office 365 contain
Hi, I have splunk add-on for microsoft office 365 running on a dev system, pulling Management API data. We try seperate out our configs from the splunk provided app, and create seperate apps that...
View Articlefiltering by hostname and sourcetype
Hi all, I need some leads on an issue. I am having trouble in data forwarding from splunk HF to 3rd party. My prop.conf file below: [host::hostname] TRANSFORMS-weblog-matrix =...
View ArticleMultiply values within each daily record but group by month
I'm trying hard to achive the following, assume i have this data: DATE=2020-01-01 ITEM1=1 ITEM2=10 DATE=2020-01-02 ITEM1=2 ITEM2=20 DATE=2020-01-03 ITEM1=3 ITEM2=30 .... DATE=2020-01-31 ITEM1=5...
View ArticleSPLUNK 7.x Fundamentals Part 1&2: Where could I find the total hours for each...
I am in the the process of gathering CEUs for my CompTIA Sec+. In order to have CompTIA give me credit for the SPLUNK course, I need to provide the amount of hours each course was.
View ArticleHow to create tenants with Splunk Add-on for Microsoft Office 365 that are...
Hi, Has anyone successfully created tenants via .conf files from the command-line? I've created them and restarted splunk, but data pull fails. The log files say that the splunk_ta_o365_secret could...
View ArticleHow to group search results for large amount of data?
Hello, First all, forgive me I am new at using Splunk, hoping someone can help me out. We use our SPLUNK instance to log Firewall traffic, specifically Cisco ASA FWs. We currently have 1 firewall that...
View Articleinputs.conf Windows event whitelist
Hi guys, it seems there's something wrong with my inputs.conf whitelist configuration : [WinEventLog://System] index = winsecevents disabled = 0 start_from = oldest current_only = 0 checkpointInterval...
View ArticleErrors seen after setup of Splunk App for Dropbox
I recently setup the Splunk App for Dropbox on a HF in our environment. I saved the Oauth token and configured the index as needed on my indexer cluster. I am seeing this error in the _internal logs...
View ArticleDivide the sum of all fields that end with X whose value == true with the sum...
Hello, My data looks like this: urlupdateid=4, urlid=1, payer=Aetna, EffectiveDate_datetype_correct=T, EffectiveDate_date_correct=F, total_datetypes_correct=1, total_dates_correct=0, total_datetypes=1...
View ArticleHow do you change one value in a multivalue field?
I have tried | eval mvindex(mvfield,0)="my new value" But it does not work. Is it even possible to change/replace/delete a single value in a multivalue field?
View ArticleSplunk App for Unix on windows server not displaying data
Splunk App for Unix default dashboard on a windows server is not displaying any data. I can run search from within the app and get data but not from the standard/default dashboard, any idea how to...
View ArticleHow to change settings in Splunk App for Unix in windows
ServerSideInclude Module Error! Invalid template path. C:\APP\splunk_app_for_nix\appserver\static\settings.html but my application is on a different drive and can't get into settings to change it?
View ArticleHow to create chart using web access logs as source and list all URIs
How do I create a chart using web access logs as a source ? I want a list of all URI's which shows counts of error codes 40* and 50* I am using below splunk search for getting list of URI with error...
View ArticleHow to format a website/service downtime duration calculation results
Hi all, I have the below dataset for a website. **Time,title, response code 01/10/2019 08:22 ABC_PORTAL 200 01/10/2019 08:24 ABC_PORTAL 01/10/2019 08:26 ABC_PORTAL 01/10/2019 08:28 ABC_PORTAL...
View ArticleWhat are the differences between heavy forwarder (HF) and http event...
What are the differences between heavy forwarder (HF) and HEC? Under which scenario is which option preferred on AWS environment and why? Thanks.
View ArticleWhat is new Splunk admin password?
Hi - I just installed Splunk latest version 7.3.2. It went well, but from the website, I can't login with admin/changeme as in the older versions. Anyone knows what is the new admin password or how to...
View ArticleHow to create alert search using mstats
I know that events and metrics use different index types. Does that mean I can't create an alert (outside of metrics workspace) using an SPL search with mstats? E.g., I am pumping collectd uptime info...
View ArticleEval not working
I am using regex to extract the subdomain from LDAP distiguishedName `- | ldapsearch search=”(&(objectClass=user)(!(objectClass=computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))”...
View ArticleBase search in Dashboard panel
I have a panel in a dashboard which is a search with 2 sub searches joined together. All of them are based off of the same starting criteria. Is there a way that I can have that starting search...
View ArticleWhere do fields come from?
This may seem to be a fairly daft question, but after a fair bit of head-scratching I can't see an obvious answer. The question is, where did a particular field come from? The context is that I had a...
View Article