Splunk 8.0.1 App for Unix and Linux
I'm doing a new install with 8.0.1 and want to install the Splunk App for Unix and Linux that is compatible with ver. 8.0.1. to collect data. I have a HF, SH Idx and Deployment servers. The document...
View Articlefield in add-on PaloAlto
Hi Splunk Team! I recently found filed "dvc_host" in paloalto add-on has no data. I need to get back to that field data Thanks All
View Articleblocking specific input files
Hi Team, We are using Splunk Enterprise on AWS environment. So long back there is an Cloudtrial app configured on the same. Logs are directly getting pushed to splunk indexer through S3 bucket based on...
View ArticleHas anyone indexed Azure Devops audit log?
Hi. It seems Microsoft has exposed the audit log for Azure DevOps, https://docs.microsoft.com/en-us/rest/api/azure/devops/audit/audit%20log/query?view=azure-devops-rest-5.1 Has anyone tried to index...
View ArticleHow do I show full series name while mouse over on the legend?
Hello, I have a line chart with multiple series in my dashboard. The series names are quite long, so they cut in the legend by default. Is there any way to display the full series name while mouse over...
View ArticleHow to count top results in each column?
Hi everyone, Trying to find out the top 10 values from different host long_message index functionality.. So tried like index=* "error" OR "FAIL" OR "fatal"| stats values (functionality)...
View ArticleSplunk App for Infrastructure
I have installed V2.02 of the app and configured manual performance metrics inputs to Windows hosts with UF already installed. Problem is that the Overview dashboard panels are not working. |...
View ArticleRecheck the alert, after the alert is raised
I have configured an alert to notify by Microsoft Teams when CPU threshold reached to 90%. The alert comes when it reaches to 90%. And immediately the CPU usage comes down to 80% within 5 minutes. Is...
View ArticleTA-MS-AAD - Daily billing data
Hi all, I'm trying understending how TA-MS-AAD add-on works. I configured a data input to collect data about billing and Consumption setting interval to 600 and Max days to query 4 on my local...
View ArticleIs it possible to have multiple break_only_before regex for one sourcetype
I'm currently working through each of my companies Java apps and updating their sourcetypes using transforms and regexing each sourcetype. With a few exceptions, most apps will have an app, access and...
View ArticleRising column not working as expected
Hello experts I have a DB Connect connection to my DB that validates. The query that I send to the DB is displayed here: WITH "dte" as (SELECT * FROM "T_AUDIT_LOG_HISTORY" UNION SELECT * FROM...
View ArticleConvert Date Timestamp in Lookup for Drill-down
I have a dashboard that queries a Lookup file. The Lookup file contains a column containing Date Timestamps in this format DD/MM/YY. The column name in the Lookup is Date. It is called "Date...
View ArticleWill the Extrahop App for splunk app work on splunk 7.3.0
Trying to setup the app on 7.3.0, I am able to see the device groups and Activity groups when entering the EH ip and api key during the configuration process within the Extrahop app, the Data Inputs...
View Articlereassigning ownership for large amount of knowledge objects
I see that when i reassigning ownership the schedule wont kick in (next_scheduled_time just reads none), for example until i open the search and manually hit save it seems like none of them will run on...
View ArticleCombine rows with overlapping MV values
I have data from a couple different sources that I am trying to combine together into coherent results. The issue I am running into is that sometimes the data does not line up perfectly. Both data...
View ArticleWhy is a bash script running if I have disabled the input stanza?
I have been ingesting data from an Akamai WAF using the Akamai TA from SplunkBase. Once I have sorted all of the firewall issues and such with the team I have it working how I want it. I have the TA...
View Articlehow to extract a string before the @ symbol from an email adress?
I have the username filed extraction as follows in the props.conf which extracts the email address:- [sourcetype_X] EXTRACT-XYZ = username="(?[^+\"]*)" which extracts the field as follows...
View ArticleHow to trim everything from a field after a comma?
I have a field that contains: CN=Joe Smith,OU=Support,OU=Users,OU=CCA,OU=DTC,OU=ENT,DC=ent,DC=abc,DC=store,DC=corp I'd like to trim off everything after the first comma. This information can always be...
View ArticleConvert JSON into Specific Table format
This what we have in logs: ```index="xyz" INFO certvalidationtask ``` And this prints a JSON object which consists of a list of commonName + ExpirationDate > ```Stage.env...
View Articlewhat would be the perfect props.conf for this event
Date=2020-02-10|StrtTime=09:56:08|EndTime=09:56:08|Duration=7|EvntType=MSG|UUID= props that i am using : TIME_PREFIX = ^ TIME_FORMAT = %Y-%m-%d MAX_TIMESTAMP_LOOKAHEAD = 40 LINE_BREAKER =...
View Article