What is the best way to index old data with fixed dates?
Hi all. I have a set of logs without a timestamp field, so, this value is taken from "Current time" on each sourcetype (16 in total). It is assumed that one of my users put these logs in a local folder...
View ArticleIs it possible to get diagnostics of the login process on Splunk Mobile App...
Is it possible to get client side diagnostics to troubleshoot login issues when using the Splunk Mobile app on iOS
View ArticleAny suggestions for Splunking SAS logs?
I'm being asked to ingest the SAS job logs into Splunk. So I thought I'd ask out here if anyone has already done this? TIA, Jim
View ArticleSplunk Support for Active Directory: Is there a way to exclude a particular...
Is there a way i can exclude a particular OU from a search when searching for Active Directory logs? The idea would be to set up an alert to tell me when someone chooses the 'Don't Expire Password'...
View ArticleWhy am I receiving "Login Failed" message on the Splunk Mobile App after...
We are using a Reverse Proxy, with 2.3 Splunk Add-on for Mobile Access After upgrading Splunk to 6.5.0, when we tried to sign in on the Splunk Mobile App, the following failure message occurred: “Login...
View ArticleWhat is the best way display events from 2 indexes in chronological order,...
I have two indexes and I want to display events from both indexes in chronological order, filtering by a specific IP. What is the simplest way to accomplish this? Thanks, Jonathan
View ArticleHow to audit access to the Windows Event logs?
Hello, I've been asked to audit the access to the Windows Event logs themselves... this might be more of a Windows Server question, but still Splunk relevant. To access Windows Events, I have...
View ArticleIs option name "count" deprecated for Simple XML map visualization?
While trying to edit Simple XML map visualization I see this warning - `Unknown option name="count" for node="map"` I am not sure if this is not a valid option or if its deprecated. I would like to...
View ArticleMy Python scripted input does not run and I receive "setting...
I'm having an issue with a Python scripted input. Up until the past week, this scripted input (as a Splunk object) plus the actual Python script worked fine. I made a couple changes, and now I'm always...
View ArticleAdd-on for JIRA: Is it possible to avoid storing password information in...
We got the Add-on for JIRA for Splunk Enterprise working ( https://splunkbase.splunk.com/app/1438/ ) however it requires us to authenticate using credentials that are stored in clear text in C:\Program...
View ArticleWhat does an asset's priority mean?
All, I am setting up asset center in Splunk ES/PCI. The idea of an Asset priority is sorta vague. Is it left that way on purpose? For me to define? "Example: Must be one of unknown, informational, low,...
View ArticleHow to create an email alert when the error count on a server is more than 10...
Hi, I have this simple search to find out some errors in the logs: index=cohl source=msmq earliest=-24h@h latest=now "System.Data.SqlClient.SqlException: Timeout expired*" "Servername*" | xmlkv | dedup...
View ArticleSplunk Add-on for Amazong Web Services: Is it possible to have to the...
Is it possible to have the configuration forwarding password masked on this add-on? From what I am reading, if you configure the command forwarding it will store the password as plaintext in the...
View ArticleCan I upgrade my Linux system to RHEL 7 without upgrading Splunk from 6.1.4
I'm planning on migrating to another X86 box which is running RHEL 7. I am currently running Splunk 6.1.4 Enterprise (which is very stable) and don't really want to add upgrading Splunk to the mix...
View Articleuse of getSearchFilters not recommended---more specifics please
[In Splunk Documentation such as "Securing Splunk Enterprise" the following is stated:][1] Note: User-based search filters are optional and not recommended. A better approach is to assign search...
View ArticleCharting vehicle layover time
Suppose I have vehicle data of the form: 2016-10-18 17:37:05 GMT vehicle_id="1011" vehicle_distance=185 stop_tag="5239" 2016-10-18 17:39:25 GMT vehicle_id="1009" vehicle_distance=51 stop_tag="4532"...
View ArticleWhere does the local data resides ?
Hi Team, I've recently downloaded Splunk Enterprise 6.4.4 trail version for windows 7. I've uploaded a local log file using "Add data" option. After following the wizard the file got uploaded...
View ArticleHow to find repeated events that has fixed time pattern?
This would go inn too Big data Analyzes. I have a huge load of events coming from our network infrastructure. When I look at one host and fan failure, I do see that it send syslog message every 10...
View ArticleIs there a way to get percentilerank?
One of the most useful functions in Excel is percentilerank, which calculates the percentile of a value within a range of values. The closest I've been able to get is to do a p10, p20, p30, etc. and...
View ArticleIf you're running 6.5.0, you should disable search_optimization::predicate_merge
In 6.5.0 Splunk added a bunch of search optimizations, see http://conf.splunk.com/files/2016/recordings/optimized-search-optimization.mp4 /...
View Article