export splunk Report to csv
Hi, I am trying to export the results of my reports to an excel sheet. I have 5 different reports, each of whose output should go to the different tabs of one single csv file. Eg - My csv file is...
View Articletable on click change the row color in splunk html dashboard
HiAll, I have a dashboard and i am trying to perform a onclick event in the row of the table and that row need to be highlighted in the splunk. Please can someone guide me in this. I am using splunk...
View Article(beginner) how to use splunk universal forwarder?
Hello. I want to import some data(not kubernetes logs, metrics) to splunk (Enterprise). I've heard I should use splunk universal forwarder. (My data is like commit info of Git (who commit, when, how...
View ArticleBackup Search Head
Hi, I try to backup Search Head in a cluster (Splunk/etc) with a script but i can't backup few folder (For example, i can't backup few users in Splunk/etc/users). I tried on forwarder or indexer, the...
View ArticleDHCP lookup to output fields for user, mac based on IP Address by lease time...
Hi, I was wondering if anyone could help with this problem. I have created a lookup for DHCP logs which consists of columns that i have screen shot![alt text][1]: [1]:...
View ArticleIndex Retention Time
Hello, I did some reading up on the hot, warm and cold buckets and data retention of indexes but I am not sure I 100% get it. What I am simply trying to do is to set my indexes to keep data for 180...
View Article"NOT TERM" removes results
When using NOT TERM, please keep in mind the following bug and workaround: index=myindex NOT TERM(b=c) will yield zero results if all the events contain “a_b=c” like this: foo a_b=c b=d bar The problem...
View ArticleIs Splunk compatible with Enterprise SSO ?
Hello, We would like to use Enterprise SSO to authenticate the users on one of our Splunk platforms. On another platform we had used the PingFederate solution so we know how to configure this type of...
View ArticleSplunk ProxySSO – Logout or session time-out redirection not working as expected
We have a Splunk cluster setup configured to use ProxySSO. Our LB is playing role of Proxy server and it passes all the required credentials, group Info, user identity etc. to the Splunk Web through...
View ArticleSplunk Platform Upgrade Readiness App Read Error
I'm trying to run the app version 2.0 on Splunk 7.3.3 on Windows Server 2016. Even as Admin I always get the error 'read'. In the instructions this is referred as a known issue if the permissions are...
View Articlesplunk kafka connector SSL setting
hi all, I am trying to set up a POC to use the connector. The splunk HEC end point is SSL enabled and the cert does not match the end point and the connector is throwing this error. The HEC end point...
View ArticleHow to search 5 min interval after summary index is populated
Hello, I have a search that will extract a field to a summary index and I want to search that field in a specific index after 5 min Ex; index=applications message="Request from suspicious actor*" |...
View ArticleHow to find a host which is missing a specific value?
Hi all, My question is focused on open ports but the condition applies to a wide range of scenarios. My question is the following: I need to create alerts for specific ports when they are not open, and...
View ArticleSplunk Events Do Not Show for recent dates
Hello, I am using the rex command to extra information on the automation and having it count the number of times a host is logged into . Here is my search: index=monitoring...
View ArticleLimiting duration to 2 decimal places (without round function)
Hello, I was using the round function in my search to limit the results to 2 decimal places. I have gotten it to work for some numbers, but there are a few numbers that do not work, and typically...
View ArticleHow to dynamically route logs uto multiple indexes and sourcetypes based on...
Hi, I am working on OS log onboarding data under multiple hostname folders and these hostname folders are located at same file path. My plan is to dynamically onboard these logs to indexes based on...
View Article[7.3] Index Selection for roles does not show all indexes
upgraded to 7.3 and they can no longer see all 208 indexes that we have when editing roles. When you edit a role and try to add it as searchable it does not display them all and you can not search for...
View ArticleIngest only rows containing certain text from log file
Have a very large log file (20,000+ lines per log file) and I only need the rows that contain "tell_group.pl" in them. Some start the line with that text, others have a "+ " before it. Hoping to build...
View ArticleUnique events from last 24hrs, that have not occured within the last 30days
Hello, I have an index with ALPR (license plate) data. I'd like to create a table, that shows unique plates detected within the last 24hrs, that were not previously detected within the last 30 days. I...
View ArticleFunctionality of a Splunk app & add-on with differing version compatibilities?
I'm currently trying to understand how an app and add-on would interact if the app's version is out of date, but the add-on is not. Example: The Splunk App for Unix & Linux only supports Splunk...
View Article