How do people actually use the data ingested by this Btool Scripted Inputs...
The admins have set up the app to ingest the btool output, but with each property being a separate event, I don't see a way to make use of this. Can't tell which stanza a particular line belongs to. Or...
View ArticleHow to configure a search for metadata
I have a number of Jenkins jobs for which I would like to create a dashboard with search (pull downs, form fills). The searching would be on the metadata held within each job. For example, one of the...
View ArticleUniversal Forwarder Windows 2019 Server core --another domain
Is Windows 2019 server core supported for the universal forwarder? Need to install the universal forwarder into another domain to get security logs from domain controller. What domain account would I...
View ArticleHow to set the data retention in Splunk?
Where and how can I set the data retention on Splunk? Because I have seen there are many bow to set it like telemetry, main etc.. So it's really not clear...
View Articlednslookup very slow, odd results.
(Splunk 7.2.3) I have a single windows domain. Inside that domain I have 2 subnets, 192.168.1.x, 192.168.2.x. I have 19 hosts, spread across the 2 subnets. All devices report their "host=" as an IP...
View ArticleTime Picker in the Dashboard not working as expected.
We have a dashboard . When we select time period say 11/13/19 (9 am to 11 am ). The results are displying from 11/13/19 (8 am to 10 am) and the results consist of all zeros in between 8 to 9 am where...
View ArticleAlternative to subsearch to search more than million entries
Hi I have a sub search command which gives me the required results but is dead slow in doing so. I am having more than a million log entries that i need to search which is the reason why i am looking...
View ArticleHo to differentiate fields with same name but different values
I have log messages that have same field names and i am trying to create a table for the dashboard My messages are: { Message:"App Started" Timestamp: 2019-11-13 23:15:16.436156 }, { Message:"App...
View Articleshow all panels output to single panel in a dashabord
Hi Splunkers, I have 6 panels in my dashboard and all the panels have different underlying query but the output fields in the panel stats table are same and the results in all the panels look like the...
View Articleexport csv not showing up in splunk dashboard
Hi Guys, I have a dashboard with panels.Im trying to export the dashboard results to csv file but im seeing only export to PDF which is not very useful.Can someone help me how to enable export to csv...
View ArticleAssistance with Windows Firewall Logs
Hello, I'm fairly new to Splunk and am trying to extract local Windows Firewall Logs so they can be automatically indexed by Splunk. Universal Forwarder is installed and I validated that Event Logs are...
View ArticleHow to end a Rex search with mutiple characters or a string sub as } }?
Sample data:{ "active" : "Y“, “locationID" : 75942068, "existsFlag" : true, "manuallyUnarchived" : false, "pendingReminder" : false, "headerOperationType" : "TRN“, “headerCreationDateString" :...
View ArticleSplunk Practice Environment
I'd like to set up a practice Splunk environment so that I can practice various install methods of Splunk (clustering, distributed, standalone AIO, etc). I have chosen Linux as my OS build for all of...
View ArticleHow Can I make single report from two csv files.
| inputlookup SF_Week41.csv | fields...
View ArticleUF not forwarding logs from windows server
I am not receiving any logs from windows device. In internal logs i can see below ERROR: ERROR ExecProcessor - message from ""c:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe""...
View ArticleSimplest method of writing syslog messages
Simplest method of writing syslog messages? What technology I have to use to receive syslog messages in UF server and write it into a file? Free version which has almost all features required for...
View ArticleCompare the login IP of the last time or previous 7 days to find the abnormal...
hello everyone. I have an alert requirement . an administort has login the device. I want to compare his current IP address with that of the last time or previous 7 days,If different, then alert....
View Articleldapsearch not returing list of all AD groups and users
I'm trying to create a lookup of the domain, ad group and user using `ldapsearch` command from `Active Direcotyr Add-on`. The below query is schduled as report and generates the lookup. If I manually...
View ArticleHow to search in index with a condition from another index
Hi, I have 2 different indexes. Index1: _time Fehlermeldungtext 2019-07-01 22:01:30 Streckenüberwachung Auslauf! 2019-09-09 04:28:56 Streckenüberwachung Auslauf! 2019-08-26 05:40:59 Streckenüberwachung...
View ArticleSplunk Field extractions Key Value pairs with comma seperated data
Hi I am receiving data through a UF from a script running on a HPUX server. the for mat of the data is as follows. group=NAME1 group_id=ID1 group_mem=MEMBER1,MEMBER2,MEMBER3,MEMBER4 There are no...
View Article