How to migrate KV store data from a search head standalone to a search head...
Hello, I have a standalone search head with KVstores. I want to migrate the KVstores to a search head cluster without, if possible, exporting all data (in csv or other format) and importing them again...
View ArticleFile Precedence in splunk
Dear All, When i was going through the document of splunk related to file precedence. https://docs.splunk.com/Documentation/Splunk/8.0.0/Admin/Wheretofindtheconfigurationfiles In **About configuration...
View ArticleInputLookup search query
Hello everyone! My initial search give me events with the URLs that users clicked using the outlook client. After a bit of REGEX magic, I have extracted the URL from the event which looks something...
View ArticleError when i install Splunk stream :"Error to connectting to...
After that error i still see 2 folder splunk_app_stream and Splunk_TA_stream in $SPLUNK_HOME/etc/apps. But when i start app i see nothing. Check _internal i see 'The path...
View ArticleSplunkforwarder - log to file?
Hi, Is it possible to forward logs to indexer and at the same forward logs locally to a new file? I mean forwarder would crete a new file and put indexed data there.. Thanks -Pete
View ArticleHow to change order of result in splunk query
Hello, I have not found a method of bringing values ​​backwards in a simple splunk search, always show from last to first, is there any way to reverse this result? Just reverse the order of the...
View ArticleThe newly added Searchhead in SHC not replicating the "Search Peers (Indexers).
Adding new SH in the existing SH cluster not replicating the "Distributed Search peers".
View ArticleError when i install Splunk stream :"Error to connecting to...
After that error i still see 2 folder splunk_app_stream and Splunk_TA_stream in $SPLUNK_HOME/etc/apps. But when i start app i see nothing. Check _internal i see 'The path...
View ArticleSet the token value from linked dashboard to a dynamic search drop down menu
Hello, I have two dashboards linked to each other, and i am passing the parameters for the linked dashboard in the drilldown url. The values passed for one of the drop downs is having a dynamic values...
View ArticleMovement of buckets in an indexer cluster
Hello All, today someone asked me a question about bucket movement in an indexer cluster. Lets say i have 5 indexer in a cluster and i have an index called operations. My question is as follows....
View ArticleThe events are not paring
Hi, I am using Expanded Snare syslog app in HF. But the problem here is the data is not getting parsed as per the props.conf in the app. Do we have to install this app in indexers as well ? OR HF will...
View ArticleThe events are not parsing
Hi, I am using Expanded Snare syslog app in HF. But the problem here is the data is not getting parsed as per the props.conf in the app. Do we have to install this app in indexers as well ? OR HF will...
View ArticleSearching and matching from two different indexes and retrieving values from...
I have two indexes that contain the same ip address but only one index contains hostnames for the ip addresses. How can I search and match the ip addresses from both indexes in the same query and table...
View ArticleHow to extract the prefixed words from logs
Hi All, I require help in extracting the words that appear right before the word. Example: Null.set.error Nullerror Set-get-error Timed out error Unknown - error From the above,the expected result is...
View ArticleSplunk Platform Upgrade Readiness App on OS X
Platform: OS X 10.14 Splunk: 7.3.1 When trying to access the instance scan page from "Splunk Platform Upgrade Readiness App" on my local instance I always receive the following error. URL:...
View ArticleMaking a Dynamic (On-the-fly)REST API CALL from Splunk to an application
I am trying to create an on-the-fly REST API call to an application from Splunk. So, the Scenario is like this - I have some cyber attack related indicators in Splunk - one of the fields represents the...
View ArticleTemplate for Citrix XenDesktop 7
Hi @jconger Is there a plan to launch a new version of Template for Citrix XenDesktop 7 that is CIM compliant? Thanks.
View ArticleInputlookup parametrized does not work as expected
Hi all Splunker! I'm actually dealing with a Dashboard problem and i need your help. In particular, i call an **inputlookup** command which filename need to be a variable related to today day. The...
View ArticleProduct Timestamp Issue: no existing datetime.xml in $SPLUNK_HOME/etc
for the Action Advisory: Product Timestamp Issue (https://docs.splunk.com/Documentation/Splunk/latest/ReleaseNotes/FixDatetimexml2020), we have downloaded an updated version of datetime.xml and tried...
View ArticleHow to find a host which is missing a speccific value?
Hi all, My question is focused on open ports but the condition applies to a wide range of scenarios. My question is the following: I need to create alerts for specific ports when they are not open, and...
View Article