How to search all fieldA values where fieldB is a certain value?
We have a __single source__ with data (in table form) looking something like this: Name | Position | Department -----+----------+----------- John Whatever 5 Jack Boss 5 Jane Particular 5 Multiple...
View ArticleSplunk Enterprise Security: How to display all notable events and indicate...
My SOC wants a page showing all recent notables, and which ones were suppressed by the current suppression rules. Obviously I can list notables with index=notable but how can I easily indicate the ones...
View ArticleWhy is the regular expression to match URI patterns in my Splunk search not...
I want to match the line 1 and line 5 pattern kind of URI in my search /services/contracts/D7C3D8AD7B616D7ABA7B /services/contracts/?owner_id=36E6057857FB41820A494109...
View ArticleIs there a way to update the slave_name when connecting to the license master?
Hi, I'm wondering if there's a way to update the slave_name when connecting to the license master. My slave_name is the same across all my imaged indexers as I am trying to deploy them in my test...
View ArticleHow Are You Managing Users Who Want To Develop And Deploy Apps?
I have a use case in my company where we have someone who has certifications in Splunk and wants to help his organization by developing and testing TAs for use with the data we are ingesting from his...
View ArticleIs there a good/better/best way of excluding hot replicated buckets from...
Splunk generally recommends not including hot buckets in your backup schema. We currently exclude all of the local clustered originating buckets using the regex "hot_v1_*". We were notified that a...
View ArticleIs there a way to Splunk two dimensional motion data in a defined space...
I am looking to Splunk two dimensional motion data in a defined space without individual GPS sensors and display the data graphically. Anyone done this before and have any best practices,...
View ArticleIf we remove a corrupted peer in an indexer cluster, will hot and warm...
We have 4 indexers, and if 1 peer is corrupted, we have 0 hot 0 cold 0 frozen now. If we remove the corrupted peer from cluster and add new peer node, will it populate the hot and warm buckets from 3...
View ArticleSplunk Add-on for Bromium: What is the input file?
Trying to figure this app out. In the directions, all it references is "the malware event logs file generated by the Bromium server", but doesn't give any more information to go on. The only log file...
View ArticleHow to resolve error "Could not create path ... appearing in indexes.conf:...
I am in the progress of attempting to migrate an on premise Splunk instance to the cloud. I have a new instance all set up in AWS. Running Splunk Enterprise 6.5.0. My old instance of Splunk was running...
View ArticleWhy can I not create a collection with no owner in the Lookup File Editor App...
I just got the Lookup Editor app and I created a test kvstore lookup (or rather a collection since this app doesn't actually create lookups) and there was no option to have the owner be nobody. After I...
View ArticleWhere can I download Splunk Demonstration Videos to play offline?
I need to download a short Demo / Splunk commercial that we can play on a loop at our vendor booth.
View ArticleHow can I have 3 charts for 1 panel display on the same row instead of each...
My goal here is to save my panel as a "pre-built" one that can be distributed to other users dashboard at my company. What I'm running into is a lack of formatting options that I figure have to exist...
View ArticleSplunk DB Connect: How to resolve "JRE Status: Unsupported JRE detected"?
I have just installed Splunk DB Connect on a fresh install of Splunk. When I go to set it up, it says: JRE Status: Unsupported JRE detected Using Oracle Corporation JRE version 1.8, OpenJDK 64-Bit...
View ArticleHow to change the font size for single value visualizations in 6.4.1?
Hello Team, I am trying to change the font size of several single value visualizations and tried various methods mentioned in this forum but none are working. I created my.css file in appserver/static...
View ArticleAfter all clients are registered to a deployment server, why are only half of...
I want to configure dedicated deployment server for 50 clients, my deployment server specification is Oracle Linux, 12GB RAM, 8 CPU Cores. But after all clients are registered to deployment server,...
View ArticleError when running /Splunk/etc/apps/alexa/bin/alexa.py
I installed the Alexa app, and ran through the setup steps to connect it to my Dev account. When testing the new skill, I get this error:> There was an error calling the remote endpoint, which...
View ArticleConfused with the usage of si-commands
I'm trying to dig deeper into summary indexing, but at this point I feel a bit confused. What I did so far is: - created an index to use for summaries (to not to use the built in summary) - stored some...
View ArticleHow to write a cron schedule to run Splunk alerts biweekly on Mondays?
I have a requirement to Trigger Splunk Alerts Bi-Weekly Mondays (Not 1st and 3rd OR 2nd and 4th weeks) and if a month has 5 Mondays...it could be 1st, 3rd, and 5th Mondays. I can't think of a cron...
View ArticleWhy is the fit command resulting in error "Failed to find Python for...
On either Splunk 6.4.3 or Splunk 6.5, I have both the latest Machine Learning Toolkit 2.0 and Scientific Python 1.2. The apps are enabled, I am admin, the permissions are good. Splunk search that...
View Article