How do I create a text area in a dashboard without using CSS or Javascript?
HI Team , I am creating a input page with some text area fields. Is there a simple way to add a text area without CSS and JS. I am using the "add input" >> "text" for input field . I am using...
View ArticleHow do I extract two different variations of a timestamp from the same...
For one of our syslog devices, some events that come through only contain the syslog datetime format, while there are others that contain the syslog datetime AND a "timestamp=" field at the end of the...
View ArticleSplunk Add-on for Cisco ESA: Which directory sends the data to Splunk and...
I am trying to figure out which directory the Splunk Add-on for Cisco ESA is sending the data to Splunk as noted on step 4 "Click Browse next to the File or Directory field."...
View ArticleIs this statement on Splunk search types correct?
I have found this entry in one of the blogs (non-Splunk). Do you think this statement is correct? The following are search terms we will be generating based on a 10,000,000 line file. · Very Dense...
View ArticleHow to configure Splunk to create an email alert that sends out a CSV file...
I need to create an alert to send 250,000+ records in the CSV attachment. Initially it allowed me to send only 10K results. Have added new stanzas in savedsearches.conf, alert_actions.conf and...
View ArticleIs there a version of the universal forwarder that is compatible with Windows...
Is there a version of the universal forwarder that can be used or is compatible with Windows Server 2016?
View ArticleWhat is the web address to use on a local Splunk instance?
i have installed Splunk on my laptop a few months back. Now after the training, I want to use it. What is the web address to use?
View ArticleError with DB CONNECT 2
I am facing the below error while configuring one of the data inputs, External search command 'dbxquery' returned error code 1. First 1000 (of 6459) bytes of script output: "RuntimeError: Failed to run...
View ArticleHow to aggregate multiple error events into a single event and create an...
We have logs in the following format: E Thu Jul 28 01:05:30 2016 progname1 cid1 msg1 E Thu Jul 28 01:05:30 2016 progname2 cid1 msg2 E Thu Jul 28 01:05:30 2016 progname3 cid2 Some other msg E Thu Jul 28...
View ArticleHow to create a table that shows multiple failed logins on the same...
Hello, So I'm looking to a use case where I have to create a table that shows multiple failed logins on the same workstation by different usernames. Here's what I have so far: index=windows*...
View ArticleWhy isn't the per_index_thruput matching up with the license usage number?
This may be 2 questions, but... In order to measure ingestion rate we have been using "per_index_thruput" index="_internal" source="*metrics.log" per_index_thruput starthoursago=24 | eval...
View ArticleIs "bad4-Linux" in Splunk Enterprise 6.4.3 tgz file intended as a warning?
I'm assuming the characters "bad4-Linux" in the 6.4.3 tgz ("splunk-6.4.3-b03109c2bad4-Linux-x86_64.tgz") are just a coincidence, and not intended as a warning. It raised an eyebrow at a customer site...
View ArticleHow to edit my regular expression to retrieve the first 7-8 characters of...
I am trying to extract router names from syslog messages. Need the regular expression to get the first 7 or 8 characters of variable length strings that end with abcd.com. Example below:...
View ArticleGrouping Column Results after Stats Output
I'm trying to combine count of Ipad and iPhone to a single result. I tried appendcols function but no luck. Can anyone please let me know how to combine this two fields and sum of them as single...
View ArticleHow can I compare a list of users to another set?
All, Say I query Splunk and get a list of 1000 users today. And tomomorrow I do the same thing and get 1002 users. How can I get the 2 new users appeared over night? Basically diff the results of two...
View ArticleHow to build a form that does a drilldown to events around the selected event...
How to build a form that does a drilldown to events around the selected event timestamp 1 - show a list of results 2 - click on one of them to select the timestamp 3 - populate a panel that will show...
View ArticleAND | OR Rex field
Hello. I have a few servers: a,b,c and 1,2,3 Servers a,b,c work with this - base search | rex field=cs_uri_stem "(\/apps\/)(?P< test>[\d\w]+)(\/\w+)(.*\b\w+)$" | top limit=1000 test cs_uri_stem=...
View ArticleAWS Load Balancer URL Log setup in Splunk
Hi All, Have a requirement like need to collect AWS LB logs into splunk enterprise to analyse access related stuff and some error via LB logs. So I wanted to know is there a way to collect logs from...
View ArticleNeed help for monitoring files
I am monitoring couple of files by specifying same source type. Inputs.conf:- [monitor://D:\*\*\\Installations\*\Logs\*\XYZ] sourcetype = abc index = ****** disabled = false ignoreOlderThan = 2d...
View ArticleWhen getting started with Linux Auditd, is it necessary to have a data model...
I have the "Splunk Add-on for Unix and Linux", the "Splunk App for Unix and Linux", and "Linux Auditd" applications installed. When I bring up the "Linux Auditd" and look for data, there is a lot of...
View Article