Json event breaking not working as expected
Original log: [{"username": "xxx", "event": "session_start", "event_category": "session", "timestamp": "2019-12-11 08:26:23.547000+00:00", "context_ip": "xxx", "context_page_referrer": "xxx",...
View ArticleWhat is the best app for monitor remote linux server?
What is the best app for monitor remote linux server? That also provide a good configuration documents, for configure in standalone and distributed env.
View ArticleCustom Python Command to read a CSV file
I have created a custom python command but I'm facing this problem. I have a dynamic **fileName**. The filename that I want to read changes everyday. It works fine before I package the code using the...
View ArticleHelp on bar chart color
hi I need to use a different color the 5 series of my bar chart | eval cpu_range=case(process_cpu_used_percent>0 AND process_cpu_used_percent <=20,"0-20", process_cpu_used_percent>20 AND...
View ArticleDoes this TA have the capability to log when a scan is failed?
Is is possible to bring in failed scan events? I've attached a screenshot of a sample failed scan that I'm seeing in the Qualys web UI. I can find *no* associated event in Splunk for this failure...
View ArticleHow to increase height of input text box html dashboard
Hi, i've been banging my head against the wall for a while on this one. I have an HTML dashboard that i would like users to be able to input details on particular issues. These updates will generally...
View ArticleLicense usage
How to find the maximum license usage limit. How to find the license usage of yesterday How to find the license usage of today
View ArticleSummary Index token drop down help
Hi Team, My current configs has drop down with one token , 3 choice value and 1 search query below. $api_cached_realtime_token$ is replaced by choice value as per 3 dropdown(All, RealTime, Cached )...
View ArticleDarktrace connector not showing data on dashboard
Hi all, We have installed the darktrace app in the search engine and we have confirmed the data is being sent from darktrace on the relevant port but we have not got any data in the dashboard. the...
View ArticleHow can I create a time chart grouping the data per 5 minutes, but showing...
Example: _time---value---group 00:01------2---------2 00:02------3---------5 00:03------4---------9 00:04------2---------11 00:05------3---------14 00:06------1---------13 00:07------2---------12...
View ArticleDoubts in PCRE RegEx
I just started using Splunk in my current project. Went through the documentation and found Splunk supports PCRE Regex. I am searching peak hour API calls and segregating data. Since am a newbie got...
View ArticlePCRE Regex not working in Splunk
Required API call, RegEx i tried in https://regex101.com/ and the Regex which works in Splunk are given below. /Contact/v1/15965755/Order \/Contact\/v1\/[0-9]{1,}/Order /Contact/v1/*/Order Why PCRE...
View ArticleTime difference between events | multiple events that are in chronological order
I have the following data, and i want to find the time difference between start and end of the request for SID, need to ignore the START with no END, Note : in the below list Events (2,3), (4, 5),...
View ArticleSplunk Add-on for Infoblox: Why am I getting DNS, DHCP, Log Data into Splunk...
We have a clustered environment, we have the Splunk Add On for Infoblox setup and configuered. We are getting the DNS Captures and the DHCP and DNS data from the logs over UDP port. This seems to be...
View ArticleHow do I get my transaction search to use the first start event as the...
Hi, i have log file and i am using startswith Starting Dispatcher and endswith completed. but some times in the log there are 2 Starting dispatcher, so i want the transaction to consider first start ,...
View ArticleTable under table row expasion automatically inherits drilldown from parent...
Hi there! I have a use case where I need to put a table under a Table row expansion and I need to have the ability to drilldown from both tables (parent & child). My XML + JS code works Ok, but I'm...
View ArticleOne of the panels in dashboard is not getting connected and updating the...
I have panel which performs the look up on the csv file and have the additional code as below. | eval _time=strptime(date,"%m/%d/%Y") | where _time>=relative_time(now(),"-1q") Now currently I have...
View ArticleSmartStore with on-prem S3 : Best Practices & Sizing Guides
Looking for guidelines on how to size a SmartStore configuration with an S3 on-prem solution. Does anyone have any rules of thumbs or concise analysis for sizing SmartsStores for on-prem across various...
View Articlesplunk db connect: java.lang.StringIndexOutOfBoundsException: String index...
Splunk Enterprise: 7.2.5 Using Splunk DB Connect for Oracle and running into error when adding an Input and on "execute SQL" message: java.lang.StringIndexOutOfBoundsException: String index out of...
View ArticleHow you can send Fire-eye data using HEC methood
Hello Splunkers, Im posting this answers here since lack of documentation from splunk side to get fire-eye data using HEC method. Step1 - Generate HEC token in your splunk side as normal way and select...
View Article