Workday Support for 8.x
Does the publisher intend to release a version of this app that is compatible with Splunk 8.x? The Add-On as it exists now does not pass validation/upgrade preparedness. Please advise.
View ArticleShowing baseline result relative to other results
I have a line chart that plots results for a bunch of tests. One of the tests is a "baseline" result. Each result includes a value that indicates the baseline to compare with. I currently have a query...
View ArticleHow can I change the field values to another value ?
Hello Guys! I need to change the values that are present in the field "Item Codigo" . ![alt text][1] For example: 040500603S007C10 to Product 01 010300404S014C01 to Product 02 I had searching the...
View ArticleHow to use iframe in Splunk 8.x?
Hi Folks, Has anyone had success with using iframes in Splunk Enterprise 8.x yet? I have tested in multiple 8.0.1 environments and the panel fails to load, while the same code is working on 7.0.0 and...
View ArticleDashboard Access
Hello, I have a user that just needs to view a particular dashboard when logging into Splunk. I do not want him to have access to anything else, just the dashboard by default so that he can view and...
View ArticleUnable to access /configs/conf-server endpoint when validating modular input...
I would like to pull the proxy configuration from **server.conf** when validating my modular input so I can validate the input's connectivity through a proxy. I am using the Java SDK to access...
View Articlehow to loop through json array based on expression and create counter
i'm hardcoding some data like names, where i will pass in a token in the future, to create a simple example of what i'm trying to achieve. I want to loop through all values, which has objects...
View ArticlePassing comparison operators in a variable
Is there a way to dynamically pass a comparison operator as a variable without a macro? I am looking to achieve something similar to what is shown below. | eval number=8 | eval operator=">=" | eval...
View ArticleSplunk Security Essential not loading correctly
Hi, I am building a lab environment, loaded with the boss of the soc pre-indexed data. I installed all the apps, and everything was working. I needed to restore my VM from a previous snapshot, though,...
View ArticleUniversal Forwarder - Repeating message TcpOutputProc - Found currently...
I am getting the following messages on my forwarder running on Windows 10: 04-06-2020 18:05:52.171 -0700 INFO TcpOutputProc - Found currently active indexer. Connected to idx=192.168.218.6:9997,...
View Articlewhat would be the Host IP address of Forward data under Forwarding and receiving
I have installed splunk enterprise and wanted to configure receiving and forwarding. For receiving I know the default port is 9997, but I want to know what would I update in Forwarding in "Host" field....
View ArticleSplunk Query for user accessing assets
Hi All, I need to create a query where user access a same destination from 5 or more sources, also in that query opposite should also be achieved i.e. 5 or more destination and 1 source, is it possible?
View ArticleInvalid value "$week$" for time term 'earliest' ?
I am getting below error when the page first loads, after that when I manually select "Last 1 week" in the dropdown, the timechart displays. Below is the error , please help resolve the issue ? Invalid...
View ArticleInvalid value "$week$" for time term 'earliest' ?
I am getting below error when the page first loads, after that when I manually select "Last 1 week" in the dropdown, the timechart displays. Below is the error , please help resolve the issue ? Invalid...
View ArticleWebsite Monitoring Alert: host to set exclude_from_alerts
Hi, in the alert for the Website Monitoring app, there is a check: tag!="exclude_from_alerts" Which seems to control exclusion of a specific site from alerts. But I have no idea how to set this up....
View ArticleHow do I monitor Splunk DB Connect Health when using SplunkCloud?
We have a working and up and running Splunk DB Connect installation on an onprem HeavyForwarder that we installed the SplunkCloud app on. So now all data is sent to our SplunkCloud instance. The...
View ArticleHow to Make a panel disappear when "Search is awaiting input..."
Hello guys, I've got a dashboard in which it has two hidden panels depending on a textbox. When the textbox is empty, the panels won't show, as expected. When i add values into it, the panels appear,...
View ArticlePalo Alto Network App for Splunk: No data showing in GlobalProtect dashboard...
Hello, I am working on upgrading from an older version of the Palo Alto Network App for Splunk. I have installed the TA on all indexers and the APP/TA on the search head. Most of the dashboards are...
View Articleincomplete log for overwriting log file
Our system is generating log files named stdout.{pid}.log, the 'pid' here is the process id of current login session, and the log file will be reused when system reusing same pid, and it will overwrite...
View ArticleForward indexed logs from an Indexer Cluster to a third party system
Hi Fellow Splunkers, I am looking to forward all Indexed data from an Indexer Cluster to another third party system. I have read through many posts that suggest configuring a single instance of an...
View Article