How to move data from an index in one environment to an index in a new...
I need to move index data from one environment to another while [hopefully] consolidating them into fewer indexes. Is there a way to extract the data and then in turn import it into whatever index I...
View ArticleIssue with Python modules when attempting to execute app script....
I am trying to use an app that appears to call some Python scripts to get the data into Splunk. Splunk is having some trouble with the Python modules required to run the script, and I am not quite sure...
View ArticleSourcetypes with Docker and HTTP Event Collector
(Trying to pull a few similar discussions together and recorded for posterity) # Challenge The current [Docker Logging Driver for Splunk][1] sends HTTP events to Splunk as single-line JSON events...
View ArticleHow to pass only the value object of the result key using webhook?
I am trying to use webhook to post the results of my search to a REST service. The REST service has 2 major criteria: 1. It only accepts JSON object 2. The JSON object passed should have 6 mandatory...
View ArticleAfter configuring the HTTP Event Collector, why am I receiving a "Server is...
Dear all, I have configured the HTTP Event Collector but can't successfully send events. My configuration in inputs.conf [http] allowSslCompression = true allowSslRenegotiation = true...
View ArticleHow to extract fields with differing lengths from cs-uri-stem entries?
Hello, I am trying to pull certain criteria out of cs-uri-stem that contain different lengths for cs-uri-stem. I am trying to get one field extraction from all the examples. Here are some examples of...
View ArticleHow do I prevent initial delta value from breaking my visualization?
I am trying to get the delta of several key-value pairs over a period of an hour. The initial ingestion of data is from a few hours ago yet the earliest time slot for this timechart is empty and the...
View ArticleHow to count the number of times an event in one sourcetype is occuring in...
I have two sourcetypes, TICKET_OPENED & TICKET_ACTIVITY, both of which have a common field TICKET_NUMBER. I am able to narrow my search on sourcetype TICKET_OPENED using the following: index xyz...
View ArticleIs SAP PowerConnect for Splunk Enterprise compatible with CRM 7.0 EHP3 and...
Hi We have an SAP ABAP instance with with splunk add-on BNWVS 400_700. Now we are planning for upgrade to EHP3 and EHP4 which is based on Netweaver 7.5 Is BNWVS 400_700 is compatible with higher...
View ArticleIs there an easy way to implement a dynamic navigation menu for an...
Hi Splunkers. Is there an easy way implement a dynamic navigation menu for an application based on permissions? To elaborate, I am trying to set up a single landing page for all users of a particular...
View ArticleWhy is an alert still sending emails when it is not present in the Alerts page?
I've got Splunk 6.2.5 installed, and getting email alerts that list an Alert name, but that alert is not present in the Alerts page. Thoughts?
View ArticleHow to find the index footprint by hot, cold, and frozen?
Good morning those more knowledgeable than myself :) The index usage default panel which shows such useful information as earliest event, is not quite giving me what I need. Trying to manage Hot/warm,...
View ArticleHow to get home (hot/warm), cold, and frozen effective indexes' data...
Hello, I've found this doc: http://docs.splunk.com/Documentation/Splunk/6.2.3/RESTREF/RESTintrospectExamples and indexes-extended looks interesting, but bucket_dirs.cold.event_max_time doesn't seem to...
View ArticleWhy does a scheduled PDF delivery show a different result than a PDF exported...
I have example code like this for my dashboard, and when I try to export to PDF, everything is fine, but when I schedule PDF Delivery output, it's different. Have any one found problem like this?...
View ArticleHow to edit my search to create a table to show User, Failed Authentication...
Hi Splunkers: I am trying to create a simple table that has the columns: User, Failed Authentication Attempts, Domain, and Locked? User would be, of course the user Failed Authentication Attempts would...
View ArticleWhy is the streamstats command not returning all events when used with a "by"...
I'm using `streamstats` to pair up events by username so that timestamps, IP's, latitudes, and longitudes can be analyzed for land-speed violations as a possible indicator of account compromise....
View ArticleHow to modify my configuration of Splunk SSO with SAML and ADFS as the...
I'm attempting to configure SSO for Splunk with ADFS as the IdP. I have mapped an Active Directory group to the admin group in Splunk like this: [rolemap_SAML] admin = splunk_admin Whenever I attempt...
View ArticleMultiple index join with different formatted data JSON and RAW is not working
I have esbetalog in JSON format and etaprd in RAW format and outer joined as with CUSTOMER_ORDER_NUMBER column both has same CUSTOMER_ORDER_NUMBER data but etaprd data is not coming in result etaprd...
View ArticleTimechart, last value is always 0
Hi, I have this query index=os sourcetype=vmstat OR sourcetype=cpu OR sourcetype=df host=betamax-admin Filesystem="/dev/mapper/vg_betamaxadmin-lv_root" | timechart span=5m max(PercentUsedSpace) All it...
View ArticleExtracting multi-level host name
I would like to extract both directory and subdirectory information while importing data. So basically the directory structure is like this...
View Article