Is there an app or add-on for Juniper MX and EX hardware?
How does everyone handle Juniper MX and EX hardware? Generic syslog? I do not see a TA for either class of hardware. Thanks!
View ArticleWhy do I only see version 5.3 of the Palo Alto Networks App for Splunk on...
I just noticed that in Internet Explorer, the Palo Alto Networks App for Splunk has release notes for Version 5.3 (with a date of 10/5) while Firefox and Chrome show version 5.2 (with a date of 7/7)....
View ArticleHow to install a SSL certificate in 6.4.3?
I have some troubles when I try to install a certificate from DigiCert. When I restart Splunk, the webservice didn't start. I need to install in the ports 8089 (management), 9097 and 8000 (splunkweb);...
View ArticleNeed advice on a complex field extraction
I have some data which are of the following format:...
View ArticleSplunk DB Connect 2.3.1: Creating a new DB Lookup results in "Script for...
Went through the wizard to create a new DB Lookup in Splunk DB Connect 2.3.1. All the previews work fine during the creation process, the "Preview Your Lookup" step indicates that this should work...
View ArticleSplunk Add-on for Microsoft Azure: Is there a way to rename the host name?
When polling the server the host is reported as "localhost". Is there anyway to rename this? Perhaps with a lookup or some other method?
View ArticleSplunk 6.5.0: When viewing an alert, why does custom time change to the...
We recently upgraded to 6.5.0. I have several alerts set up to run on a chron schedule and to alert when >= 15 errors. I get the alert. When I view the results in Splunk, it gives me the result as...
View ArticleIn order to retain a small subset of events for a longer retention period, is...
I have a need to retain a small subset of events in an index for a longer retention period. I have all the Windows Event Logs from all my servers going to an index with a 90 day retention period. But,...
View ArticleHow can I turn off license metering in Splunk Enterprise?
Starting with version 6.5.0, Splunk Enterprise no longer disables searches when you exceed your licensed data ingestion quota. If you’re an existing customer, you will need to upgrade your licensed...
View ArticleCIM: If I have an event that does not describe a relationship between two...
in case I have an event which does not describe a relation between two systems, e.g. the size of an Oracle table space or a filesystem size, should I use src_host or dest_host (or the other src/dest...
View ArticleHow to set a different drilldown for each cell in a table in my Simple XML...
Does anyone know of a way or have a good link on how to set a different drilldown for each cell in a table? I'm using a Simple XML dashboard and I'm able to make a whole column to go to one page, but I...
View ArticleIs there a known issue with importing a large number of logs at once?
Hi, I have setup a file/dir import input to look at a folder and injest the contents of the log files into splunk, there are a huge number of existing files (5000+) I'd like to import to analyse for...
View ArticleHow to create two seperate navigation menu for two different categories of...
I have list of some 50 dashboards in dashboard panel.My requirement is to create a separate menu like (Production,operational) each production dashboard and operational dashboard which should have...
View Articlehow can i add permission or role for users using autorize.conf ?
hi i have some user need to update her own application splunk and i want to affect her the permission to update specific applications. what's the config can edit it on autorize.conf to affect to user...
View ArticleHow to deploy Check Point OPSEC LEA on several heavy fowarder servers?
Hello, I have a couple of heavy forwaders running but only one with Checkpoint LEA 3.1 TA installed. Thus in case of failover I'll loose all log grabbing from my Checkpoint CMA's. But if I install the...
View ArticleTokens set by "Condition match" are not working in my dashboard
I try to use `condition match=" "` to check the value of the "range" field in my search and display a table according to icon status.Titlemyquery | rangemap field=Status low=0-1 high2=2-3 severe=4-5...
View ArticleSplunk ODBC field lengths paded to 5120 characters
We have recently setup an ODBC connection to Splunk to import data in SAS and we noticed that character fields although having max length in Splunk of 15 characters, they get imported with length 5120....
View ArticleIs it possible to monitor file system /opt disk space and trigger an alert...
Hi All, We have an requirement to monitor the disk space of the file system /opt and /splogs in all the splunk servers and trigger an alert if the file system reached 75 % of the total disk space....
View ArticleHow to customize my statistics table to display field-value pairs vertically...
I have a statistics table that only contains one row in my dashboard, but the table has more than 20 fields which are hard to view by end-users. I would like to find out if there is a workaround to...
View ArticleHow to use the foreach command to list a particular field that contains an...
I have events in JSON format as follows - Event 1: { QP_A:abc@gmail.com, QP_B:123, COUNTRY:USA} Event 2: { QP_C:XYZ@gmail.com, QP_B:123, COUNTRY:USA} Event 3: { QP_f:100, QP_Bb:123, COUNTRY:USA} Event...
View Article