Cisco eStreamer eNcore Add-on for Splunk: eNcore process not starting
I have a host were TA-eStreamer is deployed, it was working fine last 2018 but it is now not running. This is the estreamer.log when it was working then stopped until the time I tried to start...
View ArticleNeed to remove particular character from a field value
Hi Ninjas, I have the following values for host name field . appra94a0350 appra92a0350 appra84a0201 appra25a0201 appra93a0201 apvra98a0540 appra03**v**0337 appra01**v**0337 appra02**v**0337...
View ArticleHow to extract in Splunk at index time (with tstats) json field with same...
We have to model a regex in order to extract in Splunk (at index time) some fileds from our event. These fields will be used in search using the `tstats` command. The regex will be used in a...
View ArticleKVSTORE main uses
collecting data works the same without kvstore installed? what is the advantage to install it in an environment splunk? what it does?
View ArticleADD-ON uses
why should i install the add-ons in splunk? collecting data would work the same without it? Compared to qradar SIEM they are like dsm?
View ArticleSplunk TA for Sales Force
Dears, While testing sales force TA app (Version 1.0.0) with UAT salesforce connection there was no issue. After changing the salesforce connection to production started to receive following error....
View Articlesplunk admins can able to see the JSON format data in splunk from OpenShift,...
Hi, we have recently implemented splunk integration with OpenShift and successfully able to capture the OpenShift data into splunk. but the Users couldn't able to view the same data/fields (OpenShift...
View ArticleSplunk Telecommunication App to ingest RADIUS Account START|STOP record
Hi there, I have a scenario that we are trying to design for a Telco to improve on overall IP/MSISDN subscriber reputation with Executive Summary or reporting. a. For 2G/3G/4G mobile networks,...
View ArticleCreate a coloured tile
Hello, Im looking to create a dahsboard for my proxy logs showing anomalies for certain banned categories. For example, We block the Pornography category so should see all get request being blocked....
View ArticleHelp charting or displaying multiple fields
I'm working on creating either a report with a table or a dashboard to visualize the status of my Windows Audit Policy. The purpose of the report/dashboard is to measure compliance and detect any...
View ArticleDisplay table with field values having spaces
I have a field named **Source** which contains spaces. *eg*: index=myIndex |Source=My Source Value|ComponentValue=My Component Value To make this field displayed in a table, I used the following...
View ArticleMicrosoft Office 365 Reporting Add-on for Splunk not pulling data - exiting...
Installed and configured [Microsoft Office 365 Reporting Add-on for Splunk](https://splunkbase.splunk.com/app/3720/#/details) but it doesn't seem to be pulling any data. Here's the error we see in the...
View ArticleHow to Splunk getting data from windows servers
Hello, I want to blacklist the first four host to stop getting data from these servers, I have blacklisted them in the serverclass.conf, but still I am getting data on Splunk search head. please advise...
View ArticleUpgrade 7.3.2 to 8.0, any browser gives incompatible message
As in title. Straight upgrade and any browser i try (al latest versions, chrome, firefox, safari) give the message about incompatible browser. revert to 7.3.2 and all normal again. What could cause this ?
View ArticleHow to make sure that addon is available to submit
I'm using AppInspect API for validation of my add-on. I can't find any information about the status checks explanation. I mean I know, that I can submit addon with warnings, but can't with errors. My...
View ArticleCompare time fields from different sourcetypes
Hi, I have two searches that output different things. Search.1 is a DB query that returns the latest DB record modify time - the timefield in concern is the **LATESTMODTS_Epoch**. **| dbxquery...
View ArticleAWS Apps on Splunk 8
We currently run splunk Version:7.3.1 with the Splunk Add-on for AWS and App for AWS both are supported by Splunk, we have installed a new verson of Splunk version 8 when checking for the Apps seem to...
View ArticleGetting error related Fishbucket in _internal logs.
Receiving following error on searchead for forwarder: checkpoint failed: removal of dir /opt/splunkforwarder/var/lib/splunk/fishbucket/splunk_private_db/snapshot.old failed: Directory not empty
View ArticleTenable.sc or nessus scanner?
Hi there, before I alter my workflows etc. could you tell me if the "Nessus Data Importer" uses the nessus scanner API or tenable.sc (SecurityCenter) API. The two are different, and it's not...
View Articlesystem performance counter
Hi Guys , is there some kind of alert from windows performance counter system up time to see when windows server restarted just to notify or even some sory of generic dashboard of all lives windows...
View Article