conditional search
I've read other answers related to conditional searches, still cannot find an answer to my problem. The situation is following. I have one search (S1, runs on index1) which provides values to search...
View ArticleTimezone in props.conf doesn't have any effect
I am working on demo using Splunk. I have a tool which uploads json data to Windows Event Log and Splunk UW forwards the data to Splunk instance (on the same machine). The json event has a field called...
View ArticleTimetable/Schedule is been given in lookup table, how to use it in splunk query
Hi Splunkers, I am stuck in a situation where I have been provided an input lookup file containing operational hours of a train. 9-10 10-11 11-12 12-13 13-14 14-15 15-16 16-17 ...................23-24...
View ArticleDeployment of Universal Forwarder to Apple Mac fleet
Our company operates a fleet of Apple Macs. We would like to automate the deployment and configuration of the Universal Forwarder agent to these Macs via our MDM platform, but there is very little...
View Articledashboard with multiple dropdown menus not working
I have created a simple dashboard with 2 dropdown menus. Selecting an item from the second menu appears to work with no results being provided. If I open the question in search, the parameter is...
View ArticleSplunk Licensers Pools and Indexers Details
Team, We are managing License Manager for enterprise wide, so we need to know 1) How we can get the list of license pools along with GUID 2) Where do we see these data in server? which logs 3) We are...
View ArticleCombine Values into one event then search if one of the values are contained
Hi, Thanks in advance This is hard one to put well in the title Basically i have sets of data which contain Students Scores for tests. Students can take these tests multiple times. I need a search that...
View ArticleBasic question about scheduled search
hello In my dashboard, I use a scheduled search with a filter token because i have a dropdown list which allow me to do a filter by SITE But I need to execute the stats command after the loadjob...
View ArticleData model misses events when using a calculated field constraint
I have a data model in Splunk with a root event and two child events. The child events have a constraint that uses a calculated field. When I search the child events, only recent data is returned. This...
View ArticleHow can we control count in maps+?
Hi Splunker,Please help to find the solution this problem. **My task is to show the Bus location and Service center location in single Map** . Bus locations are stored in **Index A ** and Service...
View ArticleServer error while login
When I try login with correct or wrong Login informations always comes the message "servererror".
View Articlerecommended way to rename a kvstore collection that is not empty ?
Dear all, I am pretty new with KVstore, REST API and Python SDK, therefore my question might be trivial for an expert, but after some hours spent on answers.splunk.com I still don't get a real solution...
View ArticleSplunk eval if ELSE or case
Hi All, Im working on windows AD data and gathering info from various eventIds. i have grouped the eventIds and each group has a specific Action field in the output table based on the fields related to...
View ArticleHow do I break a multi-line event with regex, provided that the date is...
Hello, How can I break this multiline event, with the condition if the date is changed and only the date at the beginning of the line. This log has dates in the middle of the line, but this event...
View ArticleHow to break a multi-line event with regex, provided that the date and time...
Hi, I have the following log format, How can I break this multiline event, with the condition if the date is changed only when the date containing time is at the beginning of the line. Example:...
View ArticleHow can i run some script (python or powershell) if i receive some particular...
How can i run some script (python or powershell) if i receive some particular log ?? either in search or in alert ??
View Articlecharting the percentage from more files based on value field
Hello, I'm facing with a chart representation monthly based. Every month I receive 3 files like the follow: ------------------------------------------------------------------------------ 01/10/2019 63...
View ArticleQuerying auth failures using ldapsearch and inputlookup
Hello there, There are a couple of queries that I use to search for authentication failures on members of high-privileged groups. After testing, I noticed that the query is hit-and-miss. Specifically,...
View Articleusing greater than comparison on a property is not working
I am trying to filter my results on a property that is greater than a certain value and it is not returning any results. If I do an equals to comparison it works. Below is my filter criteria and the...
View ArticleWhy is my KV store not being initializing after new app install?
After migrating from OSSEC to Wazuh , I installed the Wazuh app ver. 3.10.2. When starting the app, the API screen comes up with the message - "Kv Store is being initialized please wait some seconds...
View Article