Splunk App for Windows Infrastructure and Splunk 6.5
I have been running the Splunk App for Windows Infrastructure for a while and then updated to Splunk 6.5 and no longer get anything displayed. I re-ran the setup from the application and it says I got...
View ArticleWhy is my search head not connecting to the master and displaying "Generation...
Not sure why - I have one master and one search head and the search head gives me this error: Generation error Cluster has only 0 peers (waiting for 1 peers to join the cluster). Server can connect to...
View Articlepantag & panuserupdate version 5.2.0 of PA splunk app invalid credentials
I have an odd issue with pantag that I cannot figure out. I have a PA-200 device, and the pantag script fails in debug mode like this: 2016-09-29 20:20:53,351 +0000 ERROR common:183 - Unable to get...
View ArticleClik here to view.
How to create a dashboard that displays text from a HTML file and and an...
HI Splunkers. I'm attempting to create a dashboard as a landing page (essentially a simple panel with with a separate navbar at the top). The page needs to display text from a .html file on the left...
View ArticleHow would I join fields from Splunk DB Connect to DB Input to avoid...
Hello, I am using Splunk DB Connect -> DB Input to import data from a MySQL Table successfully. Rather than create additional automatic lookups/DB Lookups which will be extremely slow against this...
View ArticleAny way to use _time with a bubble or scatter chart?
I need to show changes of a numeric state over time, of multiple series. Several state changes may happen very quickly, which a single aggregation in timechart will just swallow. Ideally I'd like to...
View Articlea couple of MS Windows AD Objects add-on macro fixes
Hi, I just installed version 2.0 of this add-on and found a couple of issues with some macro definitions. I've fixed them in the patch below. Cheers matthew $ diff -u...
View ArticleAre my duplicate indexed fields causing missing calculated fields?
I'm seeing two issues that I'm pretty sure are related, but I can't figure out. I have json events as data (using Splunk Enterprise 6.4.1). I am extracting 2 fields at index time, but also have...
View ArticleCan i take Power User Certification after taking the prerequisite course(s) ,...
Hi Good Day I am new to Splunk and I have taken the following 30 days self paced courses which is prerequisite for power user exam 1) Using Splunk 2) Searching and Reporting with Splunk 3) Creating...
View ArticleBubble chart too small - Drilldown from Single Value
Basically I have a bubble chart set to display when a user clicks on a Single Value Visualization. For the single value, I have:true And for the Bubblechart: The issue is that the bubble chart is being...
View ArticleGetting below error when click in Test button on Jenkins server
The proxy server received an invalid response from an upstream server. The proxy server could not handle the request POST...
View ArticleWhere to add certificate info for port 8089?
I added a signed certificate from InfoSec to our Splunk indexer and currently pointing to that `.pem` and `.key` file in `/etc/system/local/web.conf`.. He scanned it with the nessus scanner and says...
View ArticleLinux Auditd: Why is the UserTTY tab not reporting data?
Despite having the Linux Auditd app configured properly, the UserTTY tab doesn't return anything: [|inputlookup auditd_indicies] [|inputlookup auditd_sourcetypes] type="USER_TTY" host=* user=* ses=* |...
View ArticleHow do I rename and extract multiple data from a search?
I have log lines of the form (relevant excerpt only, they contain also hostname, timestamp, etc): data_name: A B C D E data_name: A data_name: A C D basically, data_name is a collection of strings in a...
View ArticleHow can I schedule a search to throttle repeat results but still supply any...
I have a regular scheduled search in Splunk that is producing a large volume of repeat events. I attempted to throttle these using the once per result option, per throttling fields. I have two fields...
View ArticleEventGen: Why is the app not appearing to generate events after modifying the...
I am trying to run EventGen's tutorial 1 on a Windows host. Generated data is not going to my test index. I have tried modifying the .conf file to: [search2.csv] mode = replay sampletype = csv...
View ArticleWhy can't I re-enable or re-add one member of my search head cluster after...
I am following the upgrade instructions at http://docs.splunk.com/Documentation/Splunk/6.5.0/Installation/UpgradeyourdistributedSplunkEnterpriseenvironment like so: **Upgrade the search heads** 1....
View ArticleWhy does the subsearch example in the Splunk Search Tutorial seems to repeat...
I'm stepping through the main Splunk Search Tutorial. I'm at the "subsearch" section: https://docs.splunk.com/Documentation/Splunk/6.4.3/SearchTutorial/Useasubsearch The cited example search is the...
View ArticleWhy would data show up in _raw but not in search results after SEDCMD?
Hi there, I have several multivalue fields that are sometimes uneven. To make up for this, I'm trying to use SEDCMD to add a value anytime that value would otherwise be empty. Example before SEDCMD:...
View Articleeval and coalesce return unicode list. How to separate each item into a new row?
So when I run the following search, 'event_name' returns a list of all event_name values which match the `coalesce(src_ip,host_ip)`. The output looks to be a python unicode list. i.e. :...
View Article