What are the technologies, methods we can use to create automated tests for...
As a software team, we need to be able to write automated tests for the splunk app we are developing. Therefore are there ways to write automated tests? Or is it that we only can test the application...
View ArticleData not being displayed with previous working query.
Hi Community, I've been using Splunk enterprise search and reporting since a month now and now when I try to search with the same old query which worked previously, the results doesn't even shows up....
View ArticleProblem With keeping Correlation between data while expanding multi value fields
Hello, i have been trying to expand multi value fields from different source-type. Problem is that when i do expand link between relevant data gets lost. I have described a similar scenario below. Any...
View ArticleI want to filter alerts which contains invalid attribute or invalid attribute...
Some of the alert's attribute name has been changed hence those alerts cannot be triggered. I want to find out such alerts. Currently, I am thinking to check each alert one by one which is tedious and...
View ArticleUpgrading Lookup file editor 2.7.0 to 3.3.3 in SHC
Hello, is there any recommandation to upgrade 2.7.0 to 3.3.3 on Splunk 7.1.4 (clustered SH)? Should we just delete "lookup_editor" in /etc/shcluster on deployer, extract new version then deploy it? We...
View ArticleIs it possible to integrate logs to Splunk with REST API??
Is it possible to integrate logs with Splunk using REST API?? If yes please let me know the steps and the REST API command.
View ArticleDoes Splunk support double NIC interfaces on the private network to improve...
First, some background info on our Splunk system. We are setting up a 2-site cluster with a replication factor of 2. We have a search head cluster of about 3 to 4 nodes and our indexer cluster has...
View ArticlePython script to get splunk status
Hi, I need a python script to get the splunk status. Already we have a shell script for this one, but now I need python script for knowledge purpose.
View ArticleHow do I ingest Microsoft .xel logs?
I have a need to ingest certain SQL Server logs, in a proprietary .xel format, into Splunk. Do I need to somehow first get these logs into a common file type/format before ingesting them? If so, how...
View ArticleHow to create one webhook for an entire Slack instance?
I would like to generate a single webhook so that I am able to dynamically enter different channel names instead of having to create a URL for each one. Is this possible?
View ArticleRemove Health messages
Is it possible to remove the health warnings for certain users/roles from the top splunk bar? We have an error that will likely occur no matter what and we don't want certain end users to see it. ![alt...
View ArticleAppDynamics APM add-on (events)
How do I configure the add-on to pull events for APP_SERVER_RESTART for all apps.
View ArticleHow to configure a license slave when the GUI won't allow access to Settings?
This is for splunk 7.3.3 enterprise on Win 2012 server. In order to connect a slave to a license manager, an admin user would normally go to Settings > Licensing and select Change to Slave. However,...
View ArticleProblem With keeping relevant data in the same row while expanding multi...
Hello, i have been trying to expand multi value fields from different source-type. Problem is that when i do expand link between relevant data gets lost. I have described a similar scenario below. Any...
View ArticleFilter to last value for each day
Hello, I have a query like this: action="dateAccuracy" OR action="updateDate->handleEvent[dateAccuracy]" | reverse | streamstats sum(total_dates_correct) as totalDatesCorrectRunning,...
View ArticleIs there any way to customize the default list of data fields collected by...
We are using Splunk Mint SDK in our iOS app. By default it collects a lot of fields listed here -...
View ArticleIssues with props.conf and EVAL function
Hi, I am trying to add new evaluation for a field in search-time. For some reason, when I run query from my search head, I get the old values and it seems that the props.conf is not working. Here is my...
View ArticleSingle site clustering - License manager and cluster master
Hi , 1.Could you please let me know if one of the indexers in Single site Clustering be made as Cluster master? 2. Is it a good idea to have Indexers, SearchHeads on Windows servers (2012 and above...
View ArticleSplunk Stream is not capture interfaces
Hi, I install stream-app on Splunk Search-Head and deploy independent Stream forwarder via `"curl -sSL http://stream-cont-func02:8000/en-us/custom/splunk_app_stream/install_streamfwd | sudo bash"`...
View ArticleSimplify test value of a field
Hi all, I have a field which contain different value such as : Malformed CLAPP : (Root) or Malformed record or 59 or EDICPP 4-1-1-0 exception: Mandatory element is missing. Error at +0001AASU'Last...
View Article