Tuning logs for Splunk App for Palo Alto
Does anyone have any recommendations on how to tune the logs for the App for Palo Alto? I found the following Splunk Answers article that I've applied:...
View Articlecurl get command outputs xml after add maxresultrows
i'm trying to output a file in CSV format with maxresultrows in it, using curl. It Works like that, the way i want: $(curl -s -u user:pass -k...
View ArticlePer index report of disk used by warm cold, etc
Hi as the title suggests, I am looking for some SPL that will show per index disk used by warm, cold, etc. buckets. Your input is greatly appreciated.
View ArticleLogging frequency of my index,sourcetype and host
Hi Splunkers, How do I calculate the logging frequency of my index=xxx sourcetype=yyy host=zzz? Explanation: I have a different set of logs which sends logs with different frequency, some of them send...
View Articlecurl get command outputs xml after add maxresultrows
i'm trying to output a file in CSV format with maxresultrows in it, using curl. It Works like that, the way i want: $(curl -s -u user:pass -k...
View ArticleExtract data from a txt file
Hello everyone, I have the attached file that is generated every night through my client's internal system and I need to index the information to collect metrics. I need these files to be indexed based...
View ArticleCan I specify Modular Input introspection python version at the script level?
I have put together a python Splunk Modular Input that depends on python3 to execute and works just fine if I have python3 as the default server level python version to use (via `server.conf` -...
View ArticleRegEx help
Hi All, need help in getting a regex code for the below message. 2020-04-04T15:08:01+00:00 usdaldc <44> %WAAS-HTTPAO-4-131001: (843570) worker pool isn't healthy 2020-04-04T15:08:01+00:00 usdaldc...
View Articletimechart limit: pick top 10 series with the highest peaks (of all time), not...
I'm looking to investigate IP addresses with highest peak loads on our service. Here's my current query: application="my-app" index="my-index" request client_ip="*" user_agent="*" request="*"...
View ArticleI want to create an app which should show all the other apps in splunk ?
Hello, I want to create an app which should show all the app as home page for admins. I have like 15 apps which should be in one single app where all other apps need to be dsiplayed. Please check the...
View Articleshow unconfigured forwarders from deployment server search
We use Deployment Server for managing all our universal forwarder inputs. I need to take an accounting of all devices, from the deployment server, where the Universal Forwarder has been installed (and...
View ArticleHow to get a percentage calculation ?
I am writing a query which is going to a scheduled report. I have 3 servers/hosts (serv1, serv2, serv3) whose average response time i am calculating like this, timechart span=1d...
View Articlecan some one help me with SPL
index= xxxxxx sourcetype=xxxxxx | eval import_time=strftime(_time, "%Y-%m-%d:%H") | eval import_timeday=strftime(_time, "%Y-%m-%d") | eventstats latest(import_time) as Last by import_timeday | where...
View ArticleTimechart and Order of Operations
I am struggling with the order of operations in my timechart query. I need to show the number of Users who accessed a system daily over a 7 day period. My query shows the correct numbers for 1 day, but...
View ArticleShowing baseline result relative to a other results
I have a line chart that plots results for a bunch of tests. One of the tests is a "baseline" result. Each result includes a value that indicates the baseline to compare with. I currently have a query...
View ArticleCustom Message for "search is waiting for input" Splunk 7.3.2
I want to replace the message for a custom message in HTML so I can let my users know what they need to do (many of them has problems with english so I want to replace the message for it in their...
View ArticleInputs tab never loads
On latest version of app, Splunk 8.0.2.1. When watching the browser's network tab, I see this return a 500 error:...
View ArticleUnable to configure SecKit for geolocation with Maxmind
After installing the app I am unable to configure it. Neither the "Input" or "Configuration" panels will load - they simply clock. The one message i am able to find is: *"Unable to initialize modular...
View ArticleSplunk db connect 3.3: Can not load any driver from files...
Trying to connect to Oracle OCI database. Followed the instructions in the "Connect Splunk DB Connect to Oracle Wallet environments using ojdbc8" troubleshooting guide, however, the drivers won't load....
View Articleweb legacy mode detected as blocker
We have a custom app that reports as a "Blocker" due to: > Check 6: Splunk web legacy mode.>> If you upgrade Splunk Enterprise 8.0> without addressing this check, this> app may...
View Article