Exclude specific output in XML search
I am trying to exclude results from a set of data from an XML data source. I can search for events containing the particular string but when I change the search to "does not equal" it will return no...
View ArticleSplunk App for Windows Infrastructure: Why am I not able to collect data from...
Not able to collect data from Splunk App for Windows Infrastructure - Network Monitoring - Network activity dashboard. Search produces no results. All my other Windows drop downs work and I am able to...
View ArticleHow to merge a search result with multiple fields and a dbquery with multiple...
I have a table in Oracle that monitors user logins to web apps. When a user accesses the webpage, I see the following in my access log: 192.168.100.12 - user1 [28/Sep/2016:13:11:17 -0700] [ecid:...
View ArticleSearch formatting in Splunk 6.5 for easier readability
I saw a feature in Splunk 6.5.0 where you can press a single button in the search bar and it will autoformat the query so it's far easier to read. Does anyone know what this shortcut is?
View ArticleWhy is information missing after editing serverclass.conf in the deployment...
I am trying to edit the serverclass.conf in the deployment server to push app to one of the forwarders. when I tried to open it I don't see any of the previous entries in the serverclass.conf except...
View ArticleHow can I end a long running search job using the Splunk API?
If I make a POST request to "services/search/jobs", it will return a job-id. Let's say the job is taking too long, and subsequent jobs are being queued because we cannot exceed the concurrency level....
View ArticleWhy is my SAML (SSO) session not destroyed after logout?
Hello, I have configured SAML auth (SSO) with AD FS on Splunk 6.4.3 and the login function works fine. The problem is when I clicked "logout", it redirected to a new page showing two lines: User logged...
View ArticleCisco Networks App for Splunk Enterprise: Why is the app not displaying the...
Under Inventory -> Devices tab it is not displaying the correct Software versions for my 2901 IOS devices. Call home is working properly and all the other data is showing like model, serial number...
View ArticleHow can I set up LDAP for all my Splunk servers at one time?
How can I set up LDAP for all my Splunk servers at one time? Am I going to have to set this up individually on each server or do they sync this config?
View ArticleScripted input stops working: "Not added to run queue" in DEBUG ExecProcessor
I have a Python scripted input on a Splunk UF which calls a Kafka bin script (bin/kafka-consumer-groups.sh) and re-formats the output into Splunk-friendly key=value format. Sometimes a broker is...
View ArticleWhy does this alert keep firing?
I have this alert [nitro_F308-failed-to-launch] action.email.inline = 1 action.summary_index = 1 action.summary_index._name = nitro_splunk_summary alert.digest_mode = True alert.expires = 10s...
View ArticleSample eventgen.conf file for the .csv file with more than 100...
I have a test environment in which I would like try the eventgen app. So I had successfully installed the eventgen app and trying to create a eventgen.conf which can replay the network_events.csv file...
View ArticleHow to set up a scheduled alert based on a matching field over a specific...
Hello, I would like to set up a scheduled alert that triggers when a field value is matching for 2 hours. To give a further explanation, when our job runs long or stops running, one of the fields...
View ArticleMaking a where statement that checks run time?
I have this query index=nitro_prod earliest=-30d ESK** (job_class=* OR NOT job_class=*) compl_code=* | fields app_id job_name job_no appl_gen appl_sys job_qual job_start_datetime job_end_datetime...
View ArticleHow to set up Splunk Web to support TLS 1.2 with PFS ciphers?
Hello, we are trying to set up Splunk Web to support TLS 1.2 (only) while allowing all TLS 1.2 "high" ciphers. The problem is, I am only presented with four suites (RSA_WITH_AES_128_CBC_SHA256,...
View ArticleHow to create multiple drilldown in a pie chart?
Hi, I have a search query through which i am creating a pie chart. one piece of the pie chart will show the successful events, other piece will show the Error events from the search. My requirement is...
View ArticleHow to develop a cron schedule from Sunday 10pm to Saturday 5am every 15 mins?
Please help me with a cron schedule from Sunday 10pm to Saturday 5am every 15 mins
View ArticleWhere is data input configuration information entered from Splunk Web stored?
When I create a new data input (TCP port), where are these settings stored? I would have assumed it would be inputs.conf, but it is not located there.
View ArticleAfter configuring the master node, why is the host value on inputs.conf not...
Hi everyone. I am using an Splunk Enterprise environment with one Master and two peer nodes in cluster. I set this inputs.conf configuration on my Master: [udp://192.168.0.200:10514] connection_host =...
View Articlehow to replay the events in an index other than index="main" through eventgen...
I had uploaded the eventgen app on my splunk and used the following eventgen.conf file in $splunkHome/etc/apps/eventgen/local/eventgen.conf (which I found in the eventgen app website). I could see the...
View Article