Add CVSS vector information to Rapid7 App for Splunk Enterprise Vulnerability...
I'm using the Rapid7 App for Splunk Enterprise (https://splunkbase.splunk.com/app/1882/) to pull vulnerability data into splunk. I would really like to add to what is imported. Specifically the CVSS...
View ArticleHow to display Y axis as HH:MM duration instead of seconds in timechart
I have race data for a regular monthly race, where race time is given as elapsed time in the format MM:SS, e.g. 42:56 I am trying to chart a person's performance each month with timechart max(RaceTime)...
View ArticleConfigure Apache Web Server infront of Search Head
Hi Experts, I want to configure Apache Web server infront of Search Head ( without load balancing or https). So that user comes to Hardware Loadblancer > Web Server > Search Head. I am looking...
View ArticleSNMP MIB for Splunk
Hi at all, I found the script to send Splunk alerts to an external console (e.g.: IBM Netcool) using SNMP, but anyone knows if there already is a SNMP Splunk MIB to do this? Usually MIB is defined by...
View ArticleRegex help for indexing sourcetype
Hi, I'm struggling to create a regex to capture all the information correctly from a sourcetype we have and make them into interesting fields. The structure of the logs is: username: "User1";...
View ArticleHow integrate and monitor Cherwell data with Splunk?
Hi All, I have found a link to integrate Cherwell with Splunk, but as per my understanding the integration is for Cherwell application logs, such as Error/Debug/Info. How can we monitor Cherwell...
View ArticleHow to generate a search to count the number of rows present and if it is...
Need a search to count number of rows present and if it is less that a certain value to send alert. Also, i want the list of rows in that same mail.
View ArticleSplunk App for Unix and Linux: Why am I only able to see localhost activity?
Hello, I have installed and configured the Splunk App for Unix and Linix and the Splunk Add-on for Unix and Linux. At the moment I can see on the dashboard only logs from the Spunk host itself. All my...
View ArticleNetflow Analytics for Splunk: Why am I unable to see data from Palo Alto...
Hi, I have installed Netflow Analytics for Splunk and Splunk Add-on for Netflow. The problem is that Netflow is not displaying the data is captured. But when I type sourcetype="netflow", I don't have...
View ArticleCan move_policy actually move things?
Hi all, I'd like to move a batch input after reading. Except not to /dev/null. The manual is pretty clear: move_policy = sinkhole * IMPORTANT: This setting is required. You *must* include "move_policy...
View ArticleAfter installing Splunk 6.4.1, splunkd is consuming high CPU and memory. How...
I am new to Splunk. A week back, we have installed Splunk 6.4.1. Now we see splunkd is consuming high CPU and memory, please help me to reduce swap usage
View ArticleTranslate App. Extract i18n and edit in Poedit.
Hello, i need help. After use command "splunk extract i18n -app " , i'm translate text in Poedit, but not all the text translate. How to fix it? And, how to extracted the attributes of the table?![alt...
View ArticleHow to keep the format of JSON and non-JSON logs during automatic field...
I have a non-JSON as well as JSON data in my log events. While indexing, I formed a regex and used TRANSFORM to convert non-JSON part of the string to JSON so that automatic fields extractions take...
View ArticleSplunk DB Connect: Why do I receive "Checkpoint value is required in Advanced...
I'm trying to setup Splunk DB Connect with a new DB input. When i get to the choose and preview table i'm doing an advanced input type, it keeps failing with error "Checkpoint value is required in...
View ArticleSplunk for Tivoli Netcool: Is there a fix for "ERROR TailingProcessor -...
has anyone fixed the issue around these error in splunkd.log? 10-24-2016 06:57:24.770 -0500 ERROR TailingProcessor - Ignoring path="/opt/IBM/tivoli/netcool/omnibus/var/file_output.log" due to: Bug:...
View ArticleHow to add pagination to SimpleResultsTable panels and how to resolve a...
I've trying to add pagination to my simpleresultstable panels. My default the panel shows a count of 10; I can achieve more results by modifying the count parameter for the simpleresultstable module...
View ArticleHow to hide a dashboard panel when there are no results displayed?
I would like to hide the panel of the dashboard when there are no results displayed. When I incorporate the piece of code from Splunk Answers into my dashboard, the entire panel is hidden although when...
View ArticleI have a common field name for different sources. How do I view results from...
I have common signature fields for both devices (Palo Alto and McAfee IPS) in the results. I just want to see the results from McAfee IPS signature filed. Please advise.
View ArticleAdd-on for LDAP: Why am I only getting a few attributes back from ldapsearch...
Hi! I am using the ldapsearch command on my Splunk 6.3.2 system and SA-ldapsearch 2.2.3 and not getting all of the fields that I am expecting. The command is: | ldapsearch...
View ArticleHow to run a search that looks for instances of DNS cache poisoning (pharming)?
Hey Everyone, I'd like to run a search that looks for instances of DNS cache poisoning (pharming), but don't know where to start. Has anyone setup a similar search? Any help is appreciated. Thanks!
View Article