Need Regex help in parsing specific fields
String is ----------------- OfferRedeemedRequest [**partnerID**=1234, partnerName=MCenter, messagePriority=9, userID=2a28bc-119d7597, channel=rest, **offerIds**=1bf6-16a0fdd59fc4,...
View ArticleSAML authentication with LDAP authorization/grouping
Our enterprise IdP does not support groups. So, for a simple-to-manage RBAC, I must stick with LDAP for now. However, I am being asked to adopt SAML. And SAML would be nice because executives could use...
View Article>1 Lookups in a search for a timechart Returns a SIngleRow only.
I have a need to pull a couple of totals from a lookup table within a search statement. I have a "nat_total" and a "test_total" that are computed from a sum from a lookup table. In these lookups a sum...
View ArticleVMware ESXi vmkernel error search
Hi Splunkers. A year ago we had a hardware issue that disabled our operation for 24 hours. The VMware vmkernel error looked like this: 2015-11-09T21:55:08.687Z cpu28:37026)MCE: 222: cpu28: bank7:...
View ArticleIs it possible to 'create new eventtype and tag it' from javascript sdk?
Is it possible to create new eventtype and tag it with some data using Javascript?
View ArticleRaid10 no need to set replication factors
Hi, It may be stupid question. I'm considering raid 10 with splunk index cluster. In this case, should I also need to configure index replication factors? Thanks, Joon
View ArticleLicense warning :- "slave had no matching license for data it indexed" in my...
I have a stand alone environment X(Indexer, Search head, License Master) and I'm seeing the below license warning with two different indexers Y and Z. "slave had no matching license for data it...
View ArticleWhat should be the proper Unix permissions for files in a locally-written app...
We're installing locally-written Splunk apps via puppet and are curious what the proper permissions for a user-written app under $SPLUNK_HOME/etc/apps should be. The Splunk gui does things as its...
View ArticleHow to remove events from each summary index and backfill using...
Hi, I am new to summary indexes. I have scenario to work with. i have summary index searches for 1min, 5min,1hr,and a day. My 1min & 5min indexes have events from main index and 1 hr summary index...
View ArticleHow do I modify this regular expression syntax?
I have a field with value like this `(R14760) 16.5.2 - FRI, 27 MAY 2016 13:46:07 EDT` I want to extract `16.5.2` into a different field I'm using `eval =` I'm seeing errors like `illformed expression`....
View ArticleHow modify the HTML in a python script to force page breaks in a PDF...
We have a need to force certain panels of a dashboard to start on new pages. Since some of the panels will have variable dimensions, we don't want a kludge to space things around - we are hoping to be...
View ArticleDatamodeling for subsearches
Hi, can some one please advice how can we implement data model for below scenario? this query has transaction and it also includes subsearch in it? index=idx sourcetype=hadoop(host=l*pv*) ( EventDesc...
View ArticleHow to develop a subsearch on multiple fields in the same sourcetype and have...
Hi there, What's the best way to search where I need to search from a CSV sourcetype file. I need to use multiple conditions Here is how my current sample search looks like: index=* sourcetype=csv...
View ArticleIs there a way to customize the SPL safeguards feature released in 6.4?
All, Below is a link to the new SPL Safeguards feature that came out it 6.4. It is set up to warn users about dangerous commands to review before running. I would like to know if this can be customized...
View ArticleIMAP Mailbox: Is it possible to have the attached file names?
Hi guys! I'm doing some tests with the IMAP Mailbox app. It's awesome! It will reduce the delivery time for some reports from days to minutes. But I have a special situation... I need that the attached...
View ArticleIs it possible to include log contents from one sourcetype in an email alert...
I've found a few different answers that approximate, but nothing yet that I can synthesize into a new solution for my environment. Essentially, I have one log file that keeps a running log of the...
View Articlelookup table not working to see time offline
I have a few searches I have added a lookup table to. All of them work, but one. The one below uses metadata and I'm not sure how to make it work with the lookup table. My goal it to find host that...
View ArticleHow to calculate the duration of a single event?
Please bear with me as I’m sure this is very simple. I’ve seen examples here of calculating duration for a transaction with multiple log events, but this one has the start and end times in a single...
View ArticleWhy am I getting "Splunk certificate expired - ssl3_read_bytes:sslv3 alert"...
new to splunk and getting these errors on my server. if i look at any of my server it has a cert.pem Splunk server is installed on a Linux. what do i need to do to generate a new splunk
View ArticleIndexer Cluster and Search Head Cluster with Datamodel Acceleration
Hello There. Even if all the docs and certifications, it's not clear how is the best (or only way) of doing Datamodel Acceleration in a Full Clustered Environment. We have a Indexer Cluster with 3...
View Article