mobile access splunk
Hi, I am using splunk version 7.3.3 and I want to access splunk enterprise on mobile . Is it possible to access splunk? is there any documentation? Since I heard about End of life Splunk Add-on for...
View ArticleAdding "count" to my existing table
Hello, Here, I have a screen shot of my dashboard: https://imgur.com/C5jzsGq I am attempting to add the bottom table to the top table (the number of inactive aliases bit) Here is the search or the top...
View ArticleSelective Filtered Indexing and Forwarding to 3rd party syslog
Hello, Our setup is as follows: Windows/Unix UF -> HF -> IDX Clusters Currently we are sending everything to IDX cluster and 1 copy of the logs to a 3rd party syslog server from the HF. What we...
View ArticleSearch query: Unique values based on time
Hi Community, I'm using the search query to search for the user activity and I get the results with duplicate rows with the same user with the same time. The time format is as follows: YYYY-DD-MM...
View ArticleHeavy Forwarder not receiving logs
Hi, After migrated Splunk Enterprise to a new hardware, my HFs stop receiving logs over port 514/1514. It's verified these ports are open on the new HFs. The new system is receiving logs from UFs...
View ArticleWhere can view all the HTTP inputs created in the CLI?
I have created multiple HTTP Tokens via GUI and I want to see all of them in the backend .I checked the local folder in splunk_httpinput app under etc/apps but I dont see the one that I created. Thanks...
View Articlehow can I get Hostnames anits respective IP address through a query.For e.g...
how can I get Hostnames anits respective IP address through a query.For e.g (index=winlog | Stats count by host) only returns hostnames .I would like the hostname and IP address by modifying the search.
View ArticleIf I created a Power User account in the trial version, how do I change my...
If I created a Power User account in the trial version, how do I change my role to Adminstrator?
View ArticleFind IN does not OUT
Hi I have log file like this: 09:04:04.042 module1: F[6]L: IN 09:04:01.417 module1: F[6]L: OUT 09:04:01.418 module4: F[6]L: IN 09:04:01.419 module4: F[6]L: OUT 09:04:01.420 module12: F[6]L: IN...
View ArticleText Box not updating Dashboard
Hi! In Splunk 7.2.0, I'm trying to get a Dashboard that has a Text Box in it, and when you type a value in, I would expect it to update the Dashboard. I've tried multiple ways, even trying with the...
View ArticleLOOKUP operation in default/props.conf disable FIELDALIAS in local/props.conf
Hi, I upgrade in 7.3.3 and i have a problem with one fieldalias I know the ASNEW settings since 7.2.4 restore old behaviour but not working when field create by OPEARTOR LOOKUP (not FIELDALIAS)...
View ArticleHow to set time zone of logs by source?
I’m trying to specify that logs from a certain source coming from a UF are UTC. This should be pretty straightforward, however the following props.conf on the indexers does not work....
View ArticleAfter upgrading my Indexer Cluster to 8.0.1, why is the replication status...
I have two indexers in my Splunk environment running in the cluster mode. After upgrading the Splunk cluster from version 7.2.0 to version 8.0.1, I have the problem with replication data. One machine...
View ArticleSmartStore disk options
Looking at moving to SmartStore and had a quick question. We are planning on putting SSD's in the servers for the Hot/Warm storage, but can we also put spinning disk in the servers for the data that is...
View ArticleSplunk Dashboard with more than 20 Tiles and Drilldown.
I have a table with tow columns. Col1 Col2 -------------------- x 1 y 2 z 5 and so on. I have more than 20 rows and im trying to display them as tiles in a single page, And also drill down to the next...
View ArticleLog ingested having xml tags that are not having fields extracted and named...
• Attached you will see a sample of the log I am working with. <-- tried to attach it but not enough points. Haha! • You will see in the body of the log row there are xml tags. Like CorrelationId,...
View ArticleF5 app problems with Splunk 8.0.1
hello guys, I have updated splunk to 8.0.1 and now the f5 app is not going well. I understand that the version is not yet compatible with this version of splunk, but I wanted to confirm if someone else...
View ArticleCreate splunk alerts for suspicious activities of EC2 instances
Hi, I was assigned to set up splunk alerts that deals with malicious activities done in our EC2 instances, including: 1. SSH sessions / any login activities 2. changes to critical system config files...
View ArticleRunning splunk container and getting apt-get not found
Hi ..I have pulled docker image splunk/splunk and running the containter successfully. Able to login splunk GUI. I am trying to install net-tools package inside container. Followed the below steps....
View Articlewhy is /opt/splunk/var/run/splunk/cluster/search-buckets filling up?
Indexer '/splunk/var/run/splunk/cluster/search-buckets/ ' Files are still piled up. 1. What is the purpose of the file? And 2. do you know if there is a cycle or setting method to delete automatically?
View Article