URL Toolbox
Hi all, Does anyone know if or when splunk URL Toolbox will be compatible to python 3.x ? In addition will it be compatible with the new versions of splunk ? Thanks !
View ArticleStreaming AWS data to Splunk using Firehose
Hi, I'm trying to stream AWS logs using the Kinesis firehose method. I followed a tutorial and verified each step a few times. I have generated a certificate for my Splunk Enterprise server using Let's...
View ArticleEncountered the following error while trying to update: Importing the...
i got following Error Message While adding Capabilities in Splunk **"Encountered the following error while trying to update: Importing the following role(s) creates a cycle in role inheritance:...
View Articlepull search terms from a single column csv file (for scheduled reports /...
I have several search queries that i then save as reports (and schedule them), they ultimately are displayed on a dashboard (some are displayed on wall monitors). Once seeing these dashboards Quite...
View Articlehow to configure new string for Linux servers CPU check,how to configure...
I have index=os-icon-rhel and there are many sourcetypes are confirmed except CPU check. how to add sourcetype=CPU for the existing index=os-icon-rhel?
View Article*Nix add-on with official universal forwarder docker: cannot run cpu.sh nor...
We're able to partially get the official Splunk universal forwarder docker container to run the official *Nix add-on so an endpoint can collect & send its basic host metrics, but some of the...
View ArticleChange value of field at index time based on condition
Hi, I am wondering if its possible t change value of field based on condition at **index time**. For example: If the log contains field X with value XX, then in case field Y exists, change Y value to...
View Article"No results found "when I run a search on the dashboard
I create a dashboard to monitor the device Using the network toolkit application Set in Data inputs> ping Run every 30 seconds search field with Visualization Below is my dashboard codeMonitor...
View ArticleHow to compare 2 values from Same field?
I am having one field and it has 2 values. Comparing them with each other I want to generate a message whether "Success" or "Failure". Below are details: // Search | table _time, ErrorCount | sort 2...
View ArticlePlease help me : These followings event type which may dump from Splunk TA.
These event type which I search the definition for quite a while, I do not find any comments about its. So listing the Event type below, hope someone can help me to explain its meanings. By the way,my...
View Articlecan Splunk HF run multiple Python scripts and forward it to multiple indexer
I am having 2 scheduled python scripts running in HF. First script is scheduled for 2 mins and get SNMP data and forwards to Indexer1 (IP:xx.xx.xx.123) second script is scheduled for 2 mins and...
View ArticleHow to pattern match with the extracted field
I have a report generated with following fields, Field 1 , Field 2, Field 3. I have to create an alert based on the Field 1(it's a phone number field which consists 0-9 , - , +, *) value satisfying...
View ArticleProblem with "Show more lines" in a event
Hello plp, I am having this problem , when i am trying to show more lines of this event, google chrome crashes. It could be a problem of the limits.conf /props.conf , i update to version 7.3.3 and this...
View ArticleUnspecified upload error. Refresh and try again
Unspecified upload error. Refresh and try again. Frustration!!! I have tried all of the recommendations posted and so far nothing. I tried Chrome/ Explorer/ Firefox and so far i still get the message....
View ArticleSending logs to splunk using python script
Hi, Is there a way to send logs to splunk using python script? Can you please send me the sample script?
View ArticleOn Splunk Search UI, The column and "edit mark" to edit the column are...
When I run my custom search command, the results in Splunk's Statistics tab are appearing in a weird UI. The column and the "edit mark" icon are overlapped. Ideally, the column title shouldn't be...
View ArticleLDAP Query: Pull the Description and Office fields within AD
Hi, I need to pull the description and office fields in active directory in my SPL query. What would be the best syntax to use. What I am doing is simply a basic string search for "TOR" and would like...
View ArticleTrouble for reading logs on Solaris 5.11
Hello everyone, Does anyone face with any issue while monitoring files on SolarisOs 5.11 ? i can read the desired file with splunk user on ssh session but when i check agent logs, there is a permission...
View ArticleHow to search records sequentially?
I have a search: `index=lab-testresults sourcetype=lab-testresults type=testCase` and inside of the testCase I have a field called success, that tells me if the test passed or failed. What I want to do...
View ArticleHow do I find the average time (by day) of an event?
I have a search that returns the time of the first instance of a specific event (field "firstaction") by date (field "ldate"). search yadda yadda yadda | stats earliest(time) as firstaction by ldate...
View Article