Difference between eventgen and SA-eventgen?
I am familier with the eventgen but does eventgen app and sa-eventgen are same or does they different? I'm just curious to know more about them. Can anyone having better idea please answer me
View Articlehow to calculate the results of a particular search in terms of MB or GB?
I have a search string "xyz" now how can i calculate how much amount of date got generated with that particular search in terms of Mega bytes or giga bytes? Is it possible to find out Note :- "xyz" is...
View ArticleHow to filter certain Cisco ASA device logs to not be indexed?
Professional Services set up our Splunk and has it set up to where it pulls in the Cisco ASA data. The device feeds data into the Splunk Add-on for Cisco ASA but I would like to filter the data before...
View ArticleSearch Activity App: Why am I getting multiple errors in the Datastore...
Hi, I'm trying to install the Search Activity app and I'm facing the errors in the Datastore section of the setup. Can someone help me to understand the errors and how to fix these errors? The...
View Articlehow to calculate the average of my search result for past 7 days. Also how...
I have a search as follows field_id="X" | eval b=len(_raw) | stats sum(b) as b | eval mb=round(b/1024/1024,2) | eval gb=round(b/1024/1024/1024,2) Which displays the result in bytes,megabytes and...
View Articleif i change my tstatsHomePath location, will splunk move the files?
Hi, I want to move my tstatsHomePath location, so that it follows the same standard as the standard buckets. The data model already exists - if I change it, do I need to stop the data acceleration? And...
View Articleuniversal forwarder delay - 8 minutes
Any ideas why I am seeing an 8 minute delay in the UF -> Index data? The UF is monitoring a logfile that is consistently generating realtime data. When I view the index from my SH, I am unable to...
View ArticleMatching events that happen within the micro-seconds apart
Hello guys, I'm working on monitoring our mssql error logs and running into a probably simple issue but I'm stumped. I'm searching for something like this: sourcetype=mssql:errorlog error_id=17806...
View Articlehow can i configure my search head to get the data from a heavy forwarder...
I am aware of getting the data from an universal forwarder?. Can anyone explain me the process of getting data from a heavy forwarder using CLI? I would really appreciate if anyone can explain the step...
View ArticleWhy am I receiving "jQuery is not defined" error when attempting to use...
I am trying to use the SplunkJS Stack to bring Splunk visualizations to a separate web application without using an iFrame. Below is my attempt:CORS tests
View ArticleHow can I can configure the Splunk App for Unix and Linux to make its links...
I use Splunk behind nginx proxy and the Search and Reporting main app works fine. But when using Splunk App for Unix and Linux, I get lots of errors like this one in browser: Mixed Content: The page at...
View ArticleSplunk Add-on for Google Cloud Platform: When will there be a 6.5 compatible...
When will this be updated to utilize 6.5? I upgraded to 6.5 and did not realize this add-on wasn't supported yet. Can't add credentials or anything.
View ArticleLicense Duplicate
Dears, i have scenario where i have three nodes node one master and indexer and searh head node two indexer and search head node three heavy forwarder all three node are configure as license slave for...
View ArticleHow to modify my search in order to create stacked bar chart that shows...
HI , I am new to using Splunk Enterprise and not so familiar with the search strings and other stuff :-) here is my requirement : search the logs for errors/exceptions/timeout/etc... and display it as...
View Articlestats count by date
earliest=10/1/2016:00:00:00 latest=10/2/2016:23:59:59 sourcetype=iis | stats count by date date count 2016-10-01 500 2016-10-02 707 2016-10-03 205 earliest=10/1/2016:00:00:00 latest=10/2/2016:23:59:59...
View Articlepairdelim using more than one character
Hello there.. Trying to parse cameronfix logs and the fields are separated by " , " (note the extra space) - and the fields are separated using space. When I try to separate them using extract...
View ArticleHow can i search for attacks for network devices inside my perimeter?
I like to use US Cert notifications to query my SEIM in case I can find data on known malware. However, now we are close to indexing our IT security data and I plan to use Enterprise Security for...
View ArticlePotential bug in R Analytics App
Hi guys at Itility, I attended your session at .conf 2016. I've been playing around with your R app and am seeing that frequently when using the runRdo custom command that I get inconsistent results...
View ArticleSyslog failed event to be viewed in a table format?
Hi all, Just like to know how to convert this syslog log event to be viewed as a table format in Splunk? Guessing this needs be in a rex format similar to another splunk answer post that i saw but i am...
View ArticleHow to append multiple searches in one search ?
Hi, I tried using the following command to append few searches in one: index=network host=sg624* "fatal" NOT (Non-fatal) | timechart count as "Fatal Error" | appendcols [search index=network...
View Article