How to calculate concurrency using value in event?
Hi all, I have the following type of data with session information: starttime=1477419810 endtime=1477419818 count=5 user=abc starttime=1477419811 endtime=1477419819 count=3 user=def...
View ArticleIs there a method to remove the "Share" button from user access view?
Currently, "sharing" a search allows all users access to that particular search's results, even if a certain Splunk user does not have access to the index which contains these results. The only two...
View ArticleIs there a way to schedule a delivery of dashboard reports to multiple users?
Is there a way within Splunk to schedule the delivery of a personalized dashboard report to multiple different users? I'm trying to write a user activity report. I've got the dashboard created, but I...
View ArticleIs it possible to switch to Windows authentication in the Website Monitoring...
Hi Whenever i am adding inputs in the Website Monitoring app it fails (http 401 response). I figured out that it was, by default, taking Authentication type as Basic. Is there any way we switch to...
View ArticleSplunk Add-on for Atlassian JIRA Alerts: Is there a way to add the results of...
Splunk Add-on for Atlassian JIRA Alerts - Is there a way to add the results of the Splunk search (that resulted in the Alert) to the ticket description?
View ArticleWhy has the Universal Forwarder stopped sending events from Windows Forwarded...
We have a couple Windows Event Collectors which have between 4,000 and 6,000 Windows systems subscribed to them sending Event IDs 4688 (heavy hitter), 4698, and 4697s. For some reason the Universal...
View ArticleHow to loop through results of a main inputlookup and combine with a child...
hi, i have a main search- |inputlookup wlaa_hosts.csv | eval Host=split(HostList,",") | stats count by Host that results with- Host count host1 1 host2 1 host3 1 i have another lookup that looks like-...
View ArticleIs there any support in Splunk .Net logging Library for Acknowledgement?
I was looking in Splunk Enterprise 6.4 and it seems that the acknowledge change available is not supported in the Splunk .Net Logging library. If that is so, can you tell if this is in pipeline for...
View ArticleI lost extracted fields after updating the Splunk for Symantec app. Is there...
I updated my Splunk for Symantec app to the latest Splunk_TA_symantec-ep app. Once I did that, I lost all of of the extracted fields for Symantec. Is there a way to retrieve the extracted fields? Does...
View ArticleREST API Modular Input: Is there a limit on JSON size before parsing?
Hi, Is there any limit on the size of the JSON the REST API Modular Input add-on can handle before the responsehandlers.py goes to work? I have written a custom response handler to parse a large JSON...
View ArticleAfter upgrading to 6.5.0, why is there a runaway splunkd process using up an...
After upgrading to 6.5.0 from 6.4.3 on RHEL5 x86_64-bit, we're noticing a single runway splunkd process chewing up an entire CPU. It appears to be doing "nothing", according to strace:...
View ArticleIs there additional configuration required for the nslookup add-on?
Is there additional config required for the nslookup add-on? Installed the add-on, checked permissions, and did a search. Error received : Error in 'script': Getinfo probe failed for external search...
View ArticleWhy is our third party logstash only receiving half of logs forwarded from...
Hi Team, We are currently forwarding Windows logs to third party siem and logstash but there is problem. Looks like third party receiving receiving only 50% of logs although we are forwarding all logs....
View ArticleHow to subtract dates from two events to find the duration?
Hello Everyone, I have two events which I have uploaded in CSV format and the events will be consistent as below: **Ticket_Number,Created_Date,Ticket_Status,End_Time** INABCDEF,07/14/2016 06:36:47...
View ArticleSplunk Input step in Pentaho PDI is unable to run query on Splunk with error...
Hi All, I am trying to use Splunk Input step in Pentaho PDI. I am getting the following Exception. Any idea what is going on? I am using port 8089. Thanks, Bindu java.lang.RuntimeException: Remote host...
View ArticleSplunk Enterprise Security: After upgrading from Splunk 6.3.3 to 6.5.0, why...
After moving to Splunk 6.5 from Splunk 6.3.3, the following threat intelligence sources fail to download. **Splunk ES was upgraded to 4.5** I checked the server has internet access. I also excluded...
View ArticleHow to modify my search to add the count of a particular field next to its...
I have a search as follows My search | bin span=1h _time | stats values(field_1) as Field_1 by _time Field_2 Which displays the result as follows _time Field_2 Field_1 123 jkl gsad Now I want my search...
View ArticleAfter installing Splunk DB Connect on my search head, how do I select what...
I have two servers in my Splunk Deployment: 1 Indexer 1 Everything else (not indexer) I installed Splunk DB Connect on my Search head, however, when I was trying to configure the DB Inputs, I was not...
View ArticleWhy is TCP data not being indexed?
Hi, I have a feed of events coming into my Splunk Heavy Forwarder, but they aren't being indexed, and I'm baffled. Here's my inputs.conf: [tcp://:1918] index = istr_security sourcetype = bcoat_proxysg...
View ArticleWhy do I receive an "Error while deploying apps to first member..." message...
Hello, I have a search head and 2 indexes setup as well as a standalone Splunk instance. I have followed every documentation to push out an app using the configuration bundle from the Splunk instance...
View Article