Error when trying to use REST API modular input using BaboonBones.
Hello Spunk team, I want to use REST API Modular Input but I am getting this error: 6-01-2020 16:45:56.588 -0500 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7...
View ArticleHow to create an alert that triggers when field value status changes?
Actual requirement is when a status field value changes from one to another, an alert needs to be triggered. Below are the status field values: Extended recovery Investigation suspended False-positive...
View ArticlePrevent duplicated data REST API MODULAR
Hello Splunk TEAM, I have a question. How Can I avoid or delete duplicated data in my index when the rest api do a GET. Thanks all.
View ArticleREST API Modular Input: How to prevent duplicated data in my index with a GET...
Hello Splunk TEAM, I have a question. How Can I avoid or delete duplicated data in my index when the REST API does a GET request? Thanks all.
View ArticleHow to stop Palo Alto TA throwing "minemeld" lookup errors?
I am on Splunk 7.3.3 and I installed the Palo Alto TA on the SH, FH, and IDX for field parsing. The TA works but I am getting errors... 6 errors occurred while the search was executing. Therefore,...
View ArticleRoute Data based on Heavy Forwarder Host?
We're approaching this from an MSSP standpoint. We're looking at having an intermediate forwarder layer where we route data in a shared layer based on the client heavy forwarders. Essentially it would...
View Articleneed assistance with extraction - regex
I'm requesting help constructing a regular expression for the following: I need to extract two values from the string below: [app/task/function/5] field a='app' (string after first [ before first...
View ArticleHow to extract two values from a string using regex?
I'm requesting help constructing a regular expression for the following: I need to extract two values from the string below: **[app/task/function/5]** field a='app' (string after first [ before first...
View ArticleHow to Top 10 table from Index-A and match hostnames in index-B?
Hi, I am trying to get the top 10 table from Index-A to have corresponding asset information from Index-B as additional columns. Hostnames field in index-A is called: HostxA Hostnames field in index-B...
View ArticleRemove host name in Account_Name field
When people RDP into a server, the results I am getting into splunk is Account_Name=Sever1$ Account_Name = jdoe. When I try to display the data in a table it displays... Account_Name: Server1$ jdoe I...
View ArticleEnable TLS1.2 for splunk 6.5.3
Hi Splunkers, I am receiving a vulnerability on all my splunk servers saying that Issue The PCI Data Security Standard requires a minimum of TLS v1.1 and recommends TLS v1.2. In addition, FIPS 140-2...
View ArticleHow do I change field names (extracted field name) to field values?
I have a json structure that contains an object map: { "correlation_id": "f9535d13-f75b-4dd7-8c39-1e77b1559afe", "targeting_data": [ { "attribute_values": { "1013": "005", "2056": "07", "2057": "01",...
View Articlemongod - kvstore is not starting
Hi folks, We have custom certificates in our indexer cluster, search head cluster which are expired BUT replication is happening, forwarders authenticating and so on... Strange that mongo process is...
View ArticleWEBSITE MONITORING: Change response Time History Chart to display red on...
I am trying to alter the response Time History Chart to display a red bar when a failure occurs and not when a response time threshold is met. ![alt text][1] [1]: /storage/temp/291929-response-time.png...
View ArticleIndextime extracted field requires wild card to search
below is few sample of how my source filename look like- source="\\abc.com\storage\Queue\Name1\abcdLogs\sample0008095200531.txt" source="\\abc.com\storage\Queue\Name1\abcdLogs\sample0008096200531.txt"...
View ArticleIndexer Clustering - One Peer will be down for Server Battery Replacement
Hi Splunkers, One of our Splunk Clustered Indexer (Physical Server) will go thru to a battery replacement that might take around 1-2 hours. With this, we would like to seek your advice since this one...
View Articlehelp with alert throttling needed
Hello, I have the alert that produces the table as an output, let us say that it looks as follows: SYSSID, HOST, EMAIL BWP, h1, email_list_1 BWP, h1, email_list_2 Now, I would like that two separate...
View ArticlePalo Alto Add-on, does it make API calls usig plain text credentials ?
Hi, I need to deploy Palo alto Add-On but must ensure it doesnt connect using plain text credentials. Looking at the Add-On settings, there is no option to use SSL for API calls
View ArticleHow to search in an index conditioned from the summary index.
Hi. I have summary index_sum, which has 2 events, 2 attributes: A1_sum, A2_sum 1590482539, 7722527 1591080961, 7722525 I have also index2, where a lot of time events are stored. The index time _time is...
View ArticleSingle value Visualizaation
I want to show percentage of data of certain month, along with that i also want the data from last month in single value visualization. So that we can compare overall percent data of current month to...
View Article