How can I connect my ionic app to splunk enterprise server?
So I am trying to connect my Ionic app to splunk entreprise server but I don't know how I can do this, I install a Javascript SDK for splunk on my Ionic project then I add a script to connect but he...
View ArticleApproaches to manage logging level of Splunk Universal Forwarder
With changes in Splunk pricing coming faster than our ability to increase funding sources, our team is stuck in a maintenance mode where we cannot on-board a new data source without freeing up...
View ArticleChange default search time for pivots from all time to 24hrs in splunk 7.2.1
Currently when building a pivot table the default time is set to "All Time". Is it possible to set it to some other value? I've tried overriding it by adding the following entries to...
View ArticleThreat PCAP configuration
I need guidance on how to configure Palo Alto panorama / firewalls to allow for requests for Threat PCAPs in PA Splunk app. I submitted a TAC case to PA asking if splunk only needed to communicate with...
View ArticleHow do I calculate time between these values?
I have an event that has two fields. PROGRESS_START and PROGRESS_END. Both of these fields contain multiple values. One PROGRESS_START and PROGRESS_END for each navigation a user makes. If a user...
View ArticleCreating a Conditional Field using Field Extraction
Hey everyone, I am new to Splunk, and I need to create a new sourcetype along with field extractions. I am using regex expressions in props.conf and so far it is working well. But for the next field,...
View ArticleDB Connect, MSSQL Availability Group, Read Only Intent.
I am trying to connect 3.1.2 to a off-node in a 3 host MS-SQL Cluster. The reason for this is to take load off of the live cluster node. The DBA has assured me that the Availability group flag is set...
View ArticleWebsite Monitoring: Different alerts for different websites
I am literally a couple of hours into using Splunk free so please bare with me. We currently have multiple websites that we need up-time reports on so I downloaded the website monitoring application....
View ArticleExtracting filename from verbose message
I am trying to write a splunk query to create a dashboard. I have message from where I need particular part as filename "**Copying the file : /mount/logs/output/fileName.xml to :...
View Articlechart only display when event exist at day / day hour
Hi how to display in chart only the days (or day & hour) when a „event“ (in my case speedtest results) is/are available. i do not need „count“, „avg“ … in the community i found: | timechart...
View ArticleWondering about success with TA for Defender ATP hunting API
Has anyone successfully used this app?
View ArticleComment utilisez inputlookup et un index
Bonjour à tous, Ci dessous ma recherche (pas très propre, je suis novice :) ) Par contre j'ai une idée, j'ai regroupé tous les host dans un fichier CSV et j'aimerai obtenir le même resultat que dans la...
View ArticleCheck for event that has not changed for X days
Hello. I'm struggling with a query. We want to search Windows Event logs for accounts whose passwords have not been changed (by admins) for more than 700 days. I have created a query that informs me of...
View ArticleTA-DMARC TLS Version Error
When attempting to add an input for TA-DMARC, I am receiving the following error: Error connecting to {imap.hostname.tld} with exception [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:741)...
View ArticleSplunk Windows App for infrastructure_200
I have load splunk-app-for-windows-infrastructure_200, splunk-supporting-add-on-for-active-directory_300 and splunk-add-on-for-microsoft-windows_700. When I run the guided install it finds the Domain...
View ArticleIs it possible to suppress errors for lookups that are intentionally hidden...
We have (here at the University) some course dashboards we’re working on. The source data has obfuscated userIDs, and dashboard dev is going swimmingly. We want certain privileged users to be able to...
View ArticleCan Splunk share memory data to different queries?
Hello, Splunk experts, I have a very big raw data, and need to pass the different rules. For example: query1: index=abc, sourcetype=xyz data=raw|rule1,rule2...ruleN and another query2 is ndex=abc,...
View ArticleHow to calculate time between these values?
I have an event that has two fields. `PROGRESS_START` and `PROGRESS_END`. Both of these fields contain multiple values. One `PROGRESS_START` and `PROGRESS_END` for each navigation a user makes. If a...
View ArticleData retention
Where and How can I set the data retention on splunk? Because I have seen there are many bow to set it like telemetry, main etc.. So it seems to be really not clear..
View ArticlePagination cursor with GET REST API
If I setup the REST API modular input - it'll properly read the API but I can't figure out how to get it to paginate. In the API response there's a field called next-cursor which its value should be...
View Article