Customized Text Selection Dashboard
I have multi input text selection scenerio. the text input is comma seperated input(thanks to @niketnilay). 1- initially I dont want to load any search query OR text value output OR you can say that...
View Articlesplunk forwarder stop to send log packet
It was working fine until 1 month ago. There was no splunk forwarder and network configuration change. no packets from the forwarder to the indexer.. How can I solve the problem?
View ArticleA bytes like object is required, not string - Splunk DB Connect
Hi, When I try to set the JRE Installation path(java_home) during configuration of Splunk DB connect 3.2.0 I get the following error; "A bytes like object is required, not string". I'm currently using...
View ArticleUnable to initialize modular input
Hi, I designed a modular input using the splunk plugin for eclipse. After building the file with Ant, I installed the .spl file on splunk instance running on windows and the modular input was...
View ArticleCSV - Dates Columns Removed when Indexed - How can I retrieve/show in raw data?
Hi all, I have a CSV file that contains 8 columns and 3 of the row entries contain time/date fields. Two are not appearing in the raw event data within Splunk. (I'm using RegEx to create fields and my...
View ArticleSplunk - Adding stanza in input.conf file
i am using Splunk enterprise trial version and trying to push the windows logs to Splunk from the customize location . I gave the path location of my file which i want to push in /etc/system/local...
View ArticleAws macie field extraction
We are trying to do field extraction of the aws dns events, currently we are getting the events with below indexname, source and sourcetype index = aws-cloudtrail source =...
View Articlehow to convert query to splunk
Hi, How to convert this sumologic query to splunk _collector="M2" "Memory Monitor" | parse ",DB Job-Connection-Pool: */*/*/" as db_job_1,db_job_2,db_job_3 | parse "Host/Appserver/Version: */*/*" as...
View ArticleAws dns field extraction
We are trying to do field extraction of the aws dns events, currently we are getting the events with below indexname, source and sourcetype index = aws-cloudtrail source =...
View Articlehow to convert sumologic query to splunk?
Hi, How to convert this sumologic query to splunk _collector="M2" "Memory Monitor" | parse ",DB Job-Connection-Pool: */*/*/" as db_job_1,db_job_2,db_job_3 | parse "Host/Appserver/Version: */*/*" as...
View ArticleDynatrace "tags" response field
Hi all, I need to retrieve "tags" field from dynatrace using Dynatrace Add-on for Splunk. Dynatrace API call sends this field into the json response as indicated in documentation page:...
View ArticleAfter upgrading my Indexer Cluster to 8.0.1, why is the replication status...
I have two indexers in my Splunk environment running in the cluster mode. After upgrading the Splunk cluster from version 7.2.0 to version 8.0.1, I have the problem with replication data. One machine...
View ArticleHow can the results of multiple notifications (triggered alarms) be written...
I would like to monitor each individual queue. The alarm can be parameterized for individual queues via lookup. My goal is to build a dashboard in a way that each line does not only show the monitored...
View ArticleIssue with eval in Dashboard XML Source
Hey all, Cause of the Y2K bug we recently did an upgrade of our Splunk environment to version 8.0.1 - after this upgrade we do face a strange issue, which does not make any sense for us and maybe looks...
View ArticleSplunk Add-On for Okta: How to troubleshoot error "ConfigException: Failed to...
Since from last 1 week okta data is not coming to Splunk.. checked the logs and found the below error.. Can anyone help me out to fix this issue.? 2020-01-07 11:13:22,971 INFO pid=24690 tid=MainThread...
View ArticleSplunk Add-On for Microsoft Office 365: How to resolve "AuthenticationError:...
Since from last 1 week index=o365 data is not coming to Splunk. checked the logs and found the below error Can anyone help me out to fix this issue.? Thanks in advance! 2020-01-07 14:13:25,110...
View ArticleDecomissioning indexers
I am working to decommission some indexers from my cluster. I am using splunk offline --enforce-counts and letting them decommission on their own. I tried to do 8 at a time and it would not let me, but...
View ArticleHow to get Alert details to show in dashboard?
Hi , I want to show dashboard showing Alert statistics. Like total number alerts exists on app , Number of alerts sent , Number of alerts triggered , Number of total alerts notified to slack channel...
View ArticleCalculate Maximum transaction per seconds (TPS) day wise
Hi, I want to calculate max TPS on a particular day for last 3 months for some specific URL's. I just have 5 URL's so I can run the query separately for separate URL's. Looking for a Table something...
View ArticleSymantec mail security appliance
Dears Is there any any add-on or steps to onboard (collect and parse) logs from Symantec mail security ***Appliance*** not cloud. which is sending logs using syslog to Splunk Collecter (HF) Thanks for...
View Article