Eval with multiple values
I have three event types: eventtype="windows_login_failed" eventtype="duo_login_failed" eventtype="sremote_login_failed" I am trying to run a search in which I rename the event types to a common name:...
View ArticleCan we set a time range from today 00:00:00 AM to real time now?
Hello, I would like to set a search for the 24H of the current day: a time range from today 00:00:00 AM to real time now? Is it possible? If yes, could you explain to me how to do that? Thanks, Chris
View ArticleIs there an operator similar to the SQL 'in' operator?
I've been looking through the search documentation to see if Splunk has an operator similar to the SQL 'in' operator. I'm not seeing anything so my hunch is it does not exist, but I thought I would...
View ArticleError when gathering "metrics" in Add OPC UA input screen.
Hello I can browse my local OPC UA server (Siemens simatic net OPC) using a third party opc browser. However I am unable to connect using the SPLUNK "add OPC UA Input" screen. When attempting to...
View Articlelookup failure after upgrade
Hello, I just upgraded the App to the latest version and is giving an error when doing Indicator lookup as seen in the image![alt text][1] the indicator has been obtained from custom search, so I know...
View ArticleHow to display the 2nd through n-1 values of a field?
I have some Windows event log data that shows the ID when a user logs in and logs out. In addition, it shows me the audited actions taken by the user throughout their session. The generated table...
View ArticleHow can I pull and alert on a value found from a search?
I am trying to pull data from Splunk via a search and send it to Netcool OMNIbus. Right now I am just sending it via an Alert Action to my email to figure this out. In doing so, I cannot seem to find a...
View ArticleHow to get Linux OS logs off a Splunk server, where Splunk is started as a...
I have a Splunk indexer cluster that is using a service account (non-root) to start Splunk. How do I get the OS logs, like /var/log/messages, /var/log/secure etc... into the cluster indexes? I know...
View ArticleHow do I validate the connection again after disabling and re-enabling Splunk...
Splunk DB Connect was disabled in an effort to find out why we were exceeding our license based indexing quota. When DB Connect was enabled again and Splunk was restarted, the ID and Connection were...
View ArticleSplunk's bin/.cache is growing out of proportions. Is there a configuration...
I have a python script which returns all kinds of images via REST interface by going for some external sites to fetch them first. Apparently, the results of all such requests to the external sites are...
View ArticleHow to write a search to list roles and their capabilities in a Splunk...
Hello Guys, Can someone help me with a search to list the roles and their capabilities in a Splunk environment?
View ArticleCan I extend the purpose of the Deployment Server for general software...
Can I piggy-back (insert) a Win32 setup.exe (windows program) onto a Splunk App, and use Splunk Deployment Server to deploy the Splunk app, and have the deployed Splunk app run a script that performs...
View ArticleAre there any Splunk training materials for new users?
I've been tasked with creating training sessions for new Splunk users in our organization. The training will need to include recorded classes that will be hosted on our SharePoint site. I will also...
View ArticleFiltering on lookup field values using multiple values on a few field
Searching for events which match any of multiple values for the same field times several fields in a lookup using the subsearch filter or the mv_append eval function.
View ArticleHow to get a token to only display on a label if set via a drilldown on a form?
I have a dashboard which includes a grid, that when a row is clicked, displays info in graphs below that based on what you clicked. What I want to do is label those graphs below with the token value...
View ArticleReport to monitor logon/logoff time and duration on Windows
I was using the following question/answer: How can I use windows events to monitor logon sessions https://answers.splunk.com/answers/127012/how-can-i-use-windows-events-to-monitor-logon-sessions.html...
View ArticleForwarding text file to destination TCP or syslog server
Requirement: Have a log file that is always appended with data. I wish to send the log file details as it is appended, to a destination server which is either run as a typical TCP server or a syslog...
View ArticleHow to get existing KV Store to initialize after replacing one of the three...
Splunkers, Having trouble getting the kvstore to indicate that it is ready on any of the three members of the shcluster running Splunk 6.4.0 on CentOS 6.7. There are 5 existing KV Stores and none of...
View ArticleWhat is the status of Splunk for Change Management?
What's the status of Splunk for Change Management? I don't see any app for that on Splunkbase. Thanks!
View ArticleHow to create a time chart of HTTP error codes as a percentage of a total...
I am trying to display the percentage of a rangemap as related to the total events while excluding the httpcode=200 from the chart. I don't have to use a rangemap, but it would help to make the chart a...
View Article