How to find non-json records
I have a bunch of sourcetypes which are supposed to contain only valid JSON data. I've been asked to verify that in fact they do contain only json. Is there an easy/elegant way to search to find...
View ArticleHow to compare 2 field values and exclude matching results from the final...
Below is my search output for the SPL i am running. ` **db_1** oracle_test db2_bio oracle_890 n88888 n7777 **server_2** n87896 bg8768 j987653 n88888 n7777` ` How do i exclude the field records which...
View Articleextract a value from a field by ignoring some of the characters
The first query I run is index=sec_proxy_web sourcetype="bluecoat:proxysg:access:syslog" | top 10 url I have web proxy log and a field url but in url it contains tcp, http and some ad blocker sites...
View ArticleHow to monitor network bandwidth at Windows and Linux host and forward to...
Hi, I am trying to monitor bandwidth at computers (using Windows and Linux) in a network and send it to Splunkserver via Splunk Universal Forwarder. I need some guidance. Thanks.
View ArticleRunning php script in alert with adding results as arguments
Hello Ninjas! I need help with setting an alert which triggers a php script with results. This script should pass the results to 3rd party system. For example: script.php "date | field1 | field 2 | _raw "
View ArticleUsing a lookup table to fill multiple subsearches to show hierarchy of user data
I have a lookup table that shows all the next-level managers of a particular manager as UserManager UserManagerx1 UserManagerx2 UserManagerx3... UserManagerx20. The top-level manager has about 20...
View ArticleGetting this error "Could not dump KVStore collections. Connection failed."
What does this error message mean? 02-10-2020 07:52:50.896 -0500 ERROR MongoModificationsTracker - Could not dump KVStore collections. Connection failed.
View Article_introspection index error of hot bucket
Hi, I am getting below error for '_introspection' index- The percentage of small buckets (75%) created over the last hour is high and exceeded the red thresholds (50%) for index=_introspection, and...
View Articlehow to modify the expiry of splunkweb_csrf__token_443?
Hey Splunkers, Our security team, executed Micro Focus Vulnerability on 1 of our Splunk Application, We are stuck at resolving one of those vulnerabilities. Please have a look in below content:...
View ArticleIndex showing latest data as over a month ago but events are still coming in
Hi, I have recently started looking at .conf files and configuring them to log specific site data. After I made my changes and everything was getting logged I have come across an odd issue where by my...
View ArticleAdding a Time Range (Extending to the Future) and Use it in a Timechart
Hi everyone, We have logs that contain field named "var" with num data type, the value of this field changes through time, so we have two more fields in the log, startDate (when the var acquired the...
View ArticleUniversal forwarder executes regmon, powershells and others with out them...
Hi, why is my UF on Windows executing various splunk-* tools without them beeing configured in any input? Every few minutes I see them in sysmon: splunk-powershell.exe splunk-regmon.exe...
View ArticleSplunk Field Extraction
I have indexed few sample logs in to the Splunk.. *2020-02-15T10:41:54.305Z servername.com sev="INFO" msg_details="Audit success" pol_name="policy_name"* Splunk by default extract the fields sev,...
View ArticleNetstat time of Established connections between LocalAddress/Port and...
Source is the Splunk NIX netstat output which typically includes details: LocalAddress ForeignAddress Statue tcp 0 0 10.X.X.X:7443 10.X.X.X:18068 ESTABLISHED tcp 0 0 10.X.X.1:7443 10.X.X.2:18069...
View ArticleSplunk Add-on for ServiceNow:about the table to get (inputs.conf)
Hello,I will post for the first time. Please tell me about the table to get from ServiceNow using addon. I want to import "sys_update_xml" via Addon,what should I do? "sys_update_xml"is not listed by...
View ArticleDetect most delay transactions
How can I find most delay transactions? Here is the log file like below, I want to find which transaction delay and sort them descending, show result in table and subtract time stamp and show in front...
View ArticleNeed to get the help about the substraction.
Hi, status count ERROR 9346 PROCESSED 148066 PROCESSING 149571 I want to do the subtraction for above example. Total = ERROR+ PROCESSED-PROCESSING Total= 9346+148066-149571 Total = ?
View ArticleHow to ignore the duplicate count
Hi Team, As per below output I want to know the exact count of disconnected status of each server_name by ignoring the duplicate counts. As we are using script from splunk to ingest the server status...
View ArticleSearching for exact string match
Hi , I have logs like this a) 04:55:21.8630 Info {"message":"16 A Process completed, notification displayed" b)04:55:21.8630 Info {"message":"Process completed" Here i need to search for exactly...
View ArticleHelp: Extract fields from the header
Hello, I would like to leave the "header.JMSDestination"="topic/testTopic/Durable-Non-Subscription/20" the last two fields extract us as a field by creating an eval function so that it looks like the...
View Article
