Is it possible to configure HTTP Event Collector in a custom app?
Is it possible to configure HTTP Event Collector in a custom app, that is to say, not in the splunk_httpinput application? I think I won't be able to create new tokens with CLI, since it's using...
View ArticleWhen old indexer servers in an indexer cluster are moved to new servers, what...
Situation: Indexer cluster, dual site, replication factor=2 We have some old indexer servers to be moved to new servers. The disk is going to be the same and reused. 1. Can we just move the disk to new...
View ArticleHow do I build a search using Splunk DB connect with a valid connection to...
I have Splunk DB Connect installed on a search head. I have made the connection the the SQL server for Manage Engine Service Desk Pro, but I get to the Map Splunk fields section of the lookup and...
View ArticleWhy are my search results differing between two index-time fields?
I have two **index-time** fields in my app - `barcodeKey` and `trackId`. `trackId` is derived from `barcodeKey` as a suffix. The application can search by either one of them, and most searches for the...
View ArticleWhat is the replacement for the deprecated Python call entity.setEntity?
I see in the list of deprecated features that entity.setEntity has been deprecated (some time ago). What is the recommended alternative for storing the password securely when using a modular input and...
View ArticleHow can I speed up a dynamic dashboard input that is extremely slow to...
Hello, I'm attempting to create a form / dashboard which is designed to present the status of a client or list of clients based upon an input multi select for each client. I'm currently using a search...
View ArticleIs it possible to ingest logs written to NAS?
Saw some questions posted on this topic but not very many answers that were accepted. I was wondering if it was possible to ingest logs that sit on a NAS share. My assumption is that just like any...
View ArticleCan metadata command search sourcetypes and host at the same time?
Hi I am looking for a way to get the number of events from host=ALL with **sourcetype=tps**. However it looks like i can't. I am looking to display all the host that have a TPS sourcetypes. However the...
View ArticleHow to search for a sender who sent an email that triggered two DLP policies?
Hi everyone, I am looking for a search where a sender sent an email to a recipient **and for that email there are two DLP policies get triggered.** Splunk is showing two events with same time stamp....
View ArticleHow to edit my search in order to assign colors to single value text?
I have this search that I'm trying to use in a single value panel: index=network sourcetype=juniper host=RouterA AND ospf_interface="ge-0/0/0.0" | RPD_OSPF_NBR* "Full to Down" | dedup ospf_interface |...
View ArticleCan you customize syntax highlighting in 6.5.0?
6.5.0 offers highlighting out of the box. Is there a way to customize, e.g. Change colors or add new types of terms to be highlighted?
View ArticleIs there a checklist for upgrading Splunk?
Does anyone have a checklist (or know a link for one) for upgrading Splunk, more specifically post-validation checks?
View ArticleWhere are the Splunk 6.5.0 Keyboard Commands and Shortcuts located in...
Has anyone found where the Splunk 6.5.0 keyboard commands and shortcuts live within the documentation? This pertains to both search writing and formatting as well as editing simple xml...
View ArticleHow do you get the bucket info (name/path) to use with coldToFrozen script
The example coldToFrozen script that comes with splunk, requires the name and path of the bucket to be frozen. Once it gets that it deletes everything from the bucket except for the rawdata. This is...
View ArticleHow to search for a range of IP addresses (example: 10.10.10.32 through...
Does anyone know the criteria to search for a range of IP address under the following conditions. I want to narrow the results down to IP addresses that fall within 10.10.10.32 - 10.10.10.96 or say...
View ArticleHow to resolve when data getting duplicated twice in indexers?
Hi Splunkers, I have noticed an issue in my Splunk environment: Issue: Data is getting duplicated twice in indexers. If i do a search in search head, the same events are coming in twice. this issue...
View ArticleWhy does my search only give strptime output for one of three time values?
I have a field DATE_OF_BIRTH and the values are like 1962-09-30 00:00:00.0 1955-10-21 00:00:00.0 1988-10-31 00:00:00.0 I am firing the below query, index=aimsprod source=accident...
View ArticleWhat is the best way to filter events from a search without running the...
I’m looking for a way to run a search on the results of a previous search. Subsearch won't work because I don't know what the second search will be until I get the results of the first. The situation I...
View ArticleUnable to see "Create an App", "Browse for more Apps", or "Install app from...
Hi All, I am unable to see options "Browse for more Apps", "Install app from File", "Create an app" options under the Manage Apps page in the search head. In the morning, I was able to see these...
View Article