I cant understand the buckets segrigation in Indexes.conf
Question 1: In my org have Splunk ES 7.2.X with 4 VMs(win os) i.e., 1 Search Head, 1 Deployment server, 2 Indexers ***Search Head:*** In search head we installed **Splunk Add-on for Amazon Web...
View ArticleHow to export dashboard to pdf with variables
Hello; I've searched a few moment and found an answer to my problem... I'd like to understand why my pdf dashbaords expors show "$field1$" instead of "PE0101" (serveur name) in graph title. I found...
View Article"ModuleNotFoundError: No module named 'sn_sec_util'" error on loading python...
I have created a custom python script named "sn_sec_util.py" in the bin folder of the splunk app. I want to load this file in the python REST handler "my_submit.py" which is also in the bin folder. But...
View ArticleHow to do the addition of content loaded from a Page
Hi, I have a requirement where I have a page say https://www.abc.com/mobile and this page loads various assets like css, js, images etc. In my access logs I get everything like size of the pages and...
View ArticleWhat is the least expensive way of removing multiple substrings from a...
Hello, My objective is to clean three distinct substrings from a comma delimited string. Those substrings may all be present in the string, may not all be present in the string, or may not be present...
View ArticleHow do I change WildFire settings for GovCloud API
I'm looking for how to change the WildFire configuration to pull reports from the GovCloud API in the Splunk App. Our internal Splunk engineers weren't able to find any ways to change the URL to...
View Articleunable to install universal forwarder windows 10
Every time i try to install the universal forwarder on a windows 10 64bit machine it ends prematurely immediately. When i check the event logs i see the Event ID's 1033 (with status code 1603) and...
View ArticleA data model consists of how many types of datasets?
Data model datasets have a hierarchical relationship with each other, meaning they have parent-child relationships. Data models can contain multiple dataset hierarchies. There are three types of...
View Articleeval tokens in Dashboard
I am having an issue with a dashboard not populating all hosts when I select ALL in the host drop down. For reference I have a token $env$ which populates inside the host before $host$ is set. The...
View ArticleHow can I monitor a servers CPU/RAM/apps running by user?
Hello, I was wondering if it would be possible to see what apps are being used, amount of ram and cpu per user? What kind of logs and events do I need to be sending in. I want to be clear this is to...
View ArticleStandard or Basic Qualys API
We're looking to license the Qualys API so we can use this TA. We only run a monthly Qualys scan so I'm unsure if we need the Standard API's 300 calls per hour. How likely is this to work with the...
View ArticleHow do I find scheduled searches that are timing out
I run into searches from time to time that time out. I want a way to capture those searches and alert me on them.
View ArticleHow to compare when a field value changes from current to previous?
I am looking to find events where IP address changes from previous to current, however using fist(ip) and last(ip) misses the events in between the first and last... Ideally I am looking to find when a...
View ArticleSplunk export to 3rd party system in batch mode
We have a requirement to send Splunk processed data as a CSV to 3rd party system. Currently the csv file is sent in email, but they want it to be kept into a shared location (or folder) where Control-M...
View ArticleHow do I find scheduled searches that are timing out and create an alert?
I run into searches from time to time that time out. I want a way to capture those searches and set up an alert.
View ArticleHow to export CSV from Splunk to a third-party system in batch mode?
We have a requirement to send Splunk processed data as a CSV to a third-party system. Currently the CSV file is sent via email, but we want it to be kept in a shared location (or folder) where...
View ArticleWhat is the difference between single-instance and multiple-instance modular...
Hi Dear Splunkers, I am trying to develop a Modular Input for our REST API which will ingest some data from our API through a python script implementation. The idea is simple. The modular input will...
View ArticleCannot figure out SSL configuration beween Indexer and Forwarders (7.3.4)
I have followed all of Splunk's documentation to be able to use certificates signed by a local Certificate Authority and have tried to set up the SSL configuration in server.conf, inputs.conf, and...
View ArticleDashboards App (beta) - Wrap text in a table
Hi, I'm using Splunk Enterprise Dashboards App (beta) and inserted a table in my dashboard, but I need to wrap text and show all content. Instead of this: ![alt text][1] I need something like returned...
View Article[Splunk HEC] having trouble connecting to HEC port.
We are seeing following a lot from HEC servers and users are complaining of failures connecting to HEC . 04-16-2020 19:02:04.513 +0000 WARN HttpListener - Socket error from 10.1.32.176:3655 while...
View Article