How do I write a regular expression to extract 2 fields from my sample data?
So I have a search that will check if two variables equal a specific number, and then I get the count of these instances. I am having trouble regexing the numbers I needed to create the variables....
View ArticleSplunk Add-on for Microsoft Azure: When configuring storage account inputs,...
I am having marginal success. We are writing out Linux VMs syslogs to table storage, which I can see with Azure Storage explorer but does not show up in Splunk after having added this table to storage...
View ArticleHow do I group similar URLs into one event?
I am doing a search to get the total count of different URIs and their response times. My result has multiple events of similar URLs - Like /abc/{id1}/xyz; /abc/{id2}/xyz /abc/{id3}/xyz. Only the...
View ArticleWhy is the TA-forwarderquery Add-on missing files that are referenced in...
Does this App actually work "as-is"? Installed in a Search Head cluster environment and then went through the files from the provided tar file. Specifically the file "commands.conf" references 4 python...
View ArticleHow do I generate a report based on date on every Friday?
I wanted to generate a summary report for number of saved searches triggered based on the date (as column headers) on every Friday. For instance, savedsearch_name 05/27/16 06/03/16 06/10/16...
View ArticleHow do I construct a search for the average per day of the week, with my day...
I am trying to chart the average per day of the week (mon, tue, wed, etc) but unable to do it with the days arranged in sequence i.e., Sun, Mon, Tue, etc. I have the following search with the days of...
View ArticleSplunk add-on for microsoft cloud services - unable to copy json key credentials
Hi, I'm configuring the splunk add-on for microsoft cloud services, and generated a certificate, which Splunk displays, and I need to copy. However, when I hover over that information, an icon appears,...
View ArticleIs it possible to use SSH to connect Splunk to a MySQL database?
Hello, I am trying to connect Splunk to a MySQL database, however MYSQL is only listening on localhost. To normally connect, I use an SSH connection first then open the connection to MySQL. Is this...
View ArticleHow do I fix my host_regex in order to extract the hostname from my log file?
Hello all I am extremely terrible with regex and frankly I am stumped. I am trying to get hostname from the log file that is generated in the path. /var/log2/collab/bitdefender/ies-av-web-01.log...
View ArticleAfter creating macros in Splunk Web on a search head, where do I find the...
I have an app X configured in a search head and there are some x,y,z macros created in Splunk Web. Now I want to open the macros.conf on the backend. What is the possible path to find the macros.conf?...
View ArticleHow do you configure the Splunk for SiteScope App?
I Installed the Splunk for SiteScope App in Splunk but there is no documentation on how to configure the App to collect SiteScope information from a specific Instance.
View ArticleHow to create a single value panel that changes based on weighted values?
I want to create a single value panel that starts at 100, and when a specific alert goes off with an assigned weight, that weight is removed from the single value panel. So alert with a weight of 25...
View ArticleHow to use the C# SDK to return a large search result set (5,000,000 rows)?
Hi I have a "Saved Report" (Named- GetIP), which finds unique IP passed through firewall for th Last 30 days. It reports data approximately 5,000,000 rows. Search is like this: index=myIPIndex | stats...
View ArticleHow to and where can I add the timeformat string to a saved macro?
Splunk version: 6.4 Localization specifier in the URL : en_US search 1: earliest="01/08/2016:00:00:01" latest="01/08/2016:23:59:59" `getABC("xyz","abc123")` search 2: timeformat="%d/%m/%Y:%H:%M:%S"...
View ArticleWhat is the best way to extract URL information from logs?
What would be the fastest way to grab the URLs out of logs in Splunk? I am thinking a regex expression would work, but how would I format that? Some of the logs are Sourcefire, some are not. Any ideas?
View ArticleIs it possible to install the Windows Universal Forwarder in Low Privilege...
Is is possible to install the Windows Universal Forwarder as a user without passing in the password via plain text? We'd like to configure all our universal forwarders to use a single service account...
View Article"Failed to properly initialize the key-value parser for transform_name...
I extract various fields using the other delimiter " , Only the admin user can see the fields, but all users are supposed to be allowed to see the fields. Has anyone had this problem? Best regards, Lopes.
View ArticleWhy is the Kafka Messaging Modular Input adding additional fields to the...
I'm using Kafka Messaging Modular Input Add-on to index directly from Kafka topic. However I see additional fields like Wed Sep 14 16:15:48 EDT 2016 name=kafka_msg_received event_id= msg_body= is added...
View ArticleHow can I configure Splunk to properly index my file in production?
I have a file in production that appears to not be indexed as running a search for `index=` returns no results. The file has no header and has the following field format. 2016-04-05...
View ArticleHow do I write a search to find the top 10 max by field?
I am attempting to get a listing of the max top 10 by a field. I am able to get the the top 10 by doing this: [search goes here] | top limit=10 message.facets.duration I can get the max by doing:...
View Article