Suppresssion settings in inputs.conf - Windows Events and TA for Windows
Hey All, We have been experiencing issues with latency concerning Windows events being processed/indexed in Splunk. After numerous escalations and calls with support they suggested we enable the below...
View ArticleHow to send a single email to multiple email id mentioned in different rows...
Hi All I have following table as outcome of my query :- Name lastname Emailid A D abc@gm.com, xyz@redif.com B E bcd@dm.com C F fgh@yah.com I want to send this table to all the email ID's mentioned...
View ArticleUpgraded from 7.2.6 to 7.3.2, "upload lookup" shows 404 error
we recently upgrade our fairly large deployment of Splunk from version 7.2.6 to 7.3.2, and our users are unable to open "upload lookup" button or when trying to delete lookups.. Was there a new...
View ArticleWay to monitor splunkforwarder
How would I monitor splunkforwarder traffic output to indexers from the splunkforwarder? Have the target indexer listed in outputs.conf; url and port. This solution does **not** involve logging into...
View ArticleUsing DB Connect 3 in a large environment with connection pool
Hi, I am wondering if anyone can speak from experience with using DB Connect for a large number of sql server instances, each of which installed (so about 2,000 separate instances total). We currently...
View ArticleSend specific Index's from one Indexer to another without Clustering
We have a few silo'd networks and each has their own Splunk setup. My group is going to ingest specific index's from them but cannot be part of their cluster. How would I send (say for example the...
View ArticleHow to search more than 1 year data
Hello, I want to search more than one year data for particular machine. How to check is possible to get more than one year data? Could you please help me. Thanks in advance.
View ArticleReturn value based on another field using a muilti-value field
Here is my data in the table: Index Field1 Field2 1 0 A,B,C 1 -5 D,E,F 1 -10 G,H,I I have a complex query that returns a single row of data that includes index, field1 (as a multi-value field) and...
View Articlemaximum number of buckets in a multisite indexer cluster
I have a million dollar question I have a customer with > 200 TB daily ingestion of data and they have a multisite cluster My question is "What is the Maximum number of buckets they can have in a...
View ArticleChange App Logo from UI
Hi, our Splunk instance is on Public IP and before that it was on a VM, after pushing on Public IP I was mainly working on UI but now I want to push an APP Logo but the problem is I lost my VM...
View ArticleBreaking of one field values into 2-3 different fields
Hi, I have a field called Location and It have data like Call Type, Site, Wing and Room all in just one field called Location. I want to break it down and separate Call Type, Wing and Room as 3...
View ArticleV 2.0 With this app having an integration with Eventhubs whats the Overlap...
Does this pull the same metrics from Event hubs as Azure_monitor ? Activity log, ? Diagnostic ? Metrics, ? thanks.
View ArticleFilter a ldapsearch query for a specific group using a wildcard?
`| ldapsearch domain=default search="(sAMAccountNAme=%user%)" attrs="memberOf"`, is the query I am using but I want to filter the results to only include users that are part of a Citrix group, is there...
View ArticleHow to retrieve host names from forwarder management
I have two host names under clients in Forwarder management. I need to export these host names to a excel or csv so that i can use it in a search. Is that possible?
View ArticleURGENT REQUEST: how to pull specific values from given query?
sourcetype=abc "responseStatus=500" "abc.xyz.logging.yyyy.zzzzz" "cccccccccccccc88888883333hhhh" | rex field=_raw "\"customerBilledAmount\" : (?.*?)," | rex field=_raw "\"resultID\" : (?.*?)," | rex...
View ArticleCPU by SQL Query
I am trying to find a way to correlate Splunk Stream TDS events from SQL Server to CPU utiization. That is, I want to know which queries are impacting the server and by how much. If anyone has an idea...
View ArticleCan I filter logs coming from forwarders with config files under \etc\system...
Can I filter logs coming from forwarders with config files under \etc\system or logs can be filtered just from heavy forwarders? I installed splunk forwarders and wanted to filter logs so I have tried...
View ArticleSplunk ITSI Services,KPI base searches,Corr search , Aggregation policy all...
Hi All, Recently i upgraded my standalone env to SH and Indexer cluster one major thing i notice is all my previous works like Services,entities,correlation search,notable event aggregation policies...
View ArticleQuestion on how to use the lookup file for Exception monitoring
I have a lookup file which has below coloumns. Exception_Name Exception_Keyword Comments REXC RemoteException Alerted JNEXC Exception-NullPointer Ignorable Now in the logs when the Exception_Keyword...
View ArticleNeed Particular Host "DNS-DC-01" data from metadata
I want to search "August 2018 activity on machine DNS-DC-01" Could you please help me, how to use metadata for particular host ? I do not have any idea. thanks in advance
View Article