What connection type should be used for mongodb to SPLUNK db connect
Currently we have Splunk db connect app 3.1.4 version and I want to connect to MongoDB .In the DB CONNECT under the connections what connection type should be selected for MongoDB.I dont see anything...
View ArticleExtract integer value in search from string JSON in log event
I am trying to extract 'timeTaken' value from json inside a log event string in order to build a dashboard. Example log value: `2020-02-12 17:50:15.228 INFO 1 --- [io-8080-exec-45]...
View ArticleSplunk json request for model template validation for structure
Hello, I have complex json being written to splunk and want to do json structure validation for model template , this is to ensure that json is not corrupted for some fields missing or out of order,...
View Articleextract a string from email id from raw logs ?
One of the sample log is as follows :- time="2020-02-12 13:45:37" user-name="abc12345@def-ghi-01.com" proto="HTTPS" Now I want to extract the abc12345 from the raw logs user-name as "user_name". For...
View ArticleTransforms.conf not using match_type = CIDR(ip) when searching
Leveraging the app ASN Lookup Generator - https://splunkbase.splunk.com/app/3531/ to build a lookup table for that has the following in a lookup table called 'asn' ![asn][1] the transforms.conf file...
View ArticleSplunk DB Connect 3.1.4 requires Splunk version 6.6.0
Hello dear community, I noticed that with version 3.1.4 of Splunk DB Connect prerequisit Splunk version was raised from 6.4.0 to 6.6.0. In 3.1.3 Splunk version 6.4.0 was still supported. see...
View ArticleHow to configure non domain account for WMI access
Hello Everyone, I have a service account that I need to configure to collect WMI data from domain controllers. This account can't be an admin on the domain controller, so am trying to provide least...
View ArticleModifing macros.conf to include multiple indexes.
How do I modify marcos.conf to include multiple indexes ? Will it recognize wildcards in the index name ? example: [event_sources] definition = (index="win*" OR source=*WinEventLog*) disabled = 0
View ArticleHow to extract integer value in search from string JSON in log event
I am trying to extract 'timeTaken' value from json inside a log event string in order to build a dashboard. Example log value: 2020-02-12 17:50:15.228 INFO 1 --- [io-8080-exec-45]...
View ArticleHow to modify macros.conf to include multiple indexes
How do I modify marcos.conf to include multiple indexes ? Will it recognize wildcards in the index name? example: [event_sources] definition = (index="win*" OR source=*WinEventLog*) disabled = 0
View ArticleMonitoring for failing SSL on a Squid proxy with Stream?
All, I have a Squid web proxy with an in house cert on it. We've gone through and applied the root certs to all our hosts and set it as trusted and it's working great. What I am looking to do is create...
View ArticleCalculate event time, given a startup time and an offset per event?
I have a log source with a terrible timestamping scheme. The first line contains the startup date/time, and each event in the log is marked with a seconds.millis offset from that time (left...
View ArticleWerid issue with eNcore App
I am doing some testing with this app on 7.3.3 servers. I have noticed that if I Disable the App and Renable the App, when I click on the App link it sends me to another App or a 404 page. If I do a...
View Article[systemd] splunk start keeps on asking to enter password
I am running 7.3.3 using systemd and running into issues with running splunk restart as splunk user. *[splunk]$ splunk restart Send restart to systemctl **==== AUTHENTICATING FOR...
View ArticleXSD schema validation on json data
Hello, I have complex json being written to splunk and want to do xsd schema validation on the json , this is to ensure that json is not corrupted for some fields missing or out of order, what is the...
View ArticleI want to join externally.
I want to join externally. Index A id,issue.id,man-hour a c 2 Index B issue.id,parent.id,type,subject b null 111 null c b null test Now I want the output as: id,type,subject,man-hour c 111 test 2
View ArticleHow to do XSD schema validation on JSON data
Hello, I have complex JSON being written to Splunk and want to do XSD schema validation on the JSON, this is to ensure that JSON is not corrupted for some fields missing or out of order, what is the...
View Article親IDと子が持つ親IDが一致している場合に子にデータを追加する方法
お世話になります。 以下のようなデータがあります。 Index A(工数データ) id,issue.id,man-hour a c 2 Index B(チケットデータ) issue.id,parent.id,type,subject b null 111 null c b null test 以下のように結果を出力したいです。 id,type,subject,man-hour c 111 test...
View ArticleHow to input data via "TA for Nutanix Prism" add-on?
As I read the guide from "TA for Nutanix Prism" on Splunk Base. There's some description of data input as below: "On you Splunk Enterprise instance, navigate over to Settings —> Data Inputs —>...
View ArticleLicense Utilization from a Disabled Index when collecting data using HEC
Why splunk counts data sent via HEC as consumed license even when destination index is disabled? I am observing similar behavior in our Pord, Dev and POC environments.
View Article