インデックスのデータを時間経過で自動削除したい
現在インデックス内のデータ量が増え続ける為、自動で1年経過したデータを削除させたいです。 どのように設定すれば、1年経過したデータを自動で削除させることが出来ますか? -English- Since the amount of data in the index continues to increase, I want to automatically delete data that has...
View Articlehow to join two columns from different "Souce" files
I have two join two different source file having similar column Source1 ( basically iostat data and loaded to splunk for every minute) _time,hdisk,host,disk_usage... 20191128.024935,hdisk1,host1,30...
View ArticleSplunk Alerts Sync
Hello, I am working on version control of mine organisation Splunk. I am able to manage push changes of splunk alerts/dashboards via Git/Jenkins. Problem: Every time Jenkins is to pushing all...
View Articlerefresh for sub set of admin role
@MuS I would like to give access to some user to do refresh, i know they need admin role. However admin has 99 capabilities, do you know what ones are needed? As i would like to create a sub set of...
View Article| refresh entity=savedsearch not working (Add-on Debug Refresh)
@MuS Thanks for you app first - great stuff :) I am running | refresh entity=savedsearch but I am getting External search command 'refresh' returned error code 1. . any ideas would be great thanks :)...
View ArticleWhen will Splunk Enterprise 8.0.1 be released?
When will Splunk Enterprise 8.0.1 (version with timestamp fix) be available? What version of Splunk ES will be fully supported with Enterprise 8.0.1?
View ArticleWhat are the most common questions you are answering?
I answered several times, but there are several similar questions. **What are your most frequently asked questions?** If you have your best answer, please provide a link. I will study.
View ArticleCannot migrate DBConnect 2.4.0 -> 3.2.0 on Splunk 7.3.2.
Hi Has anyone done this migration? Based on short try it seems that bin/dbx_app_migration.py needs python3 but on splunk 7.3.2 has only python2 installed. 3.1.4 supports migration with python2, so...
View ArticleError with DBConnect App Inputs Verion:3.1.4
Hello Experts, I am using DBConnect app of version 3.1.4. with Oracle DB. I have set up a SQL and saved the DB input. But data is not showing up in the index. When I did a search on _internal index, I...
View ArticleSplunk UFW - Indexing Headers as Events
Apologies as I know this has been asked a few times, but none of the answers I have found seem to work. I have some fairly simple scripts that output 2 row CSV files, like this: examplefile.csv...
View Articlexyseries removes field line break
Hi, I have the following search where I create two fields which has a line break (Topic and value): index="example" sourcetype="trial" | stats avg(availability) as value, dc(name) as Number | eval...
View ArticleHow to add a row into a table, the row depends on a search result, which is...
index="*Value of index*" tag="*Value of Tag*" DATA="*code for data1*" | chart count by parameter1 | rename count as "Count of DATA" | sort - "Count of DATA" As a result, i want to see a table, which...
View ArticleApp and Addon for infrastructure and AWS App and Addon
Hi, we are using the latest AWS EC2 AMI for Splunk Enterprise. We installed the Addon and App for infrastructure. SInce AWS is no longer a supported data source there, I wanted to install the separate...
View ArticleDatasets: Bruteforce and internal scanning
Hi I'm very new to splunk and would like to setup a demo and show how brute force attacks and internal network scanning is being detected by splunk. I will use this tutorial:...
View ArticlePhilips Hue Alert Action does not work under the SPLUNK Server 7.3.x?
Hello everybody, It is possible that the Philips Hue Alert Action does not work under the SPLUNK Server 7.3.x. After installation, it is not possible to adjust the configuration. The web page (Edit...
View ArticleRead a field value which field name is in another field.
We have this table: ![alt text][1] And we want to have a field (for example, named "value") that gets the value of the field which name is in the "name" field. In the first row it would be value=3d, in...
View ArticleSearch process did not exit cleanly, exit_code=-1, description="exited with...
I'm getting the following error in the Search head. How do I troubleshoot? Search process did not exit cleanly, exit_code=-1, description="exited with code -1". Please look in search.log for this peer...
View ArticleCluster Command Grouping
Hi, Need help on below issue. I am using cluster command for Summary field. source="sample_data.csv" index="incidents" sourcetype="csv" | makemv Summary | mvexpand Summary| top limit=500 Summary | eval...
View ArticleTimestamp Issue Impacting Splunk Products
Hello, We are using Splunk Enterprise version 7.2.3. We do not use two digit time stamp, we use Linux style time stamps. These will work also after January 1st 2020 right?. But if I got it right, they...
View ArticleLinux logs on app for infrastructure
Hi, on the docs page Collect Linux Unix metrics and logs with Splunk App for Infrastructure it gives an option for using a script generated by the UI. However, there it asks for a HEC port and token. I...
View Article