Upgrading to Palo Alto Networks App for Splunk version 5.0 from 4.x
We just recently followed the upgrade procedures as outlined in the documentation and are encountering for following errors when performing a search which looks to be happening for all of our indexers:...
View ArticleNeed help creating an complex (at least to me) alert.
I have about 6 month's worth of data in a summary index that is hourly filecounts and volume for ftp servers. I am trying to generate an alert when any server exceeds its average (for the day of the...
View ArticleMultiple Load Balanced Heavy Forwarders (Configuration with non-clustered...
**What we are trying to do?** Multiple Universal forwarders with different indexes forwarding data to a load balanced address. This load balanced address has two pool members (Heavy Forwarders). These...
View Articlewhy isn't generate pages saved to lookup file
latest version of webanalytics 1.6.1 run set up site and it generates a csv (WA_settings) run generate page but I get no csv same with generate sessions is there something I am missing?
View ArticleHow do I add a message of persistent (non-dismissable) text to every page in...
I need to add persistent (non-dismissable) text to every page of Splunk Web. How would I go about doing that? I've tried banners and bulletins, but they do not seem to do what I'm looking for - unless...
View ArticleAfter upgrading to Splunk 6.3, why do users have to constantly clear the...
Hi, So we have 2 instances of Splunk installed, both of which have been upgraded to 6.3 over the past month or so. Both of the setups are very different so the only similarity is the version upgrade....
View ArticleWhy does the Splunk App for AWS 4.0.0 Overview dashboard only show data for...
I have installed Splunk App for AWS version 4.0.0. If a user has Admin role, it shows data on the Overview page. If they do not have Admin role then no data displays.
View ArticleHow do I get my panels to reflect updated results after every auto refresh?
I've got a dashboard which runs a saved search called healthforms which has a cron schedule to run every 5 minutes:| savedsearch healthforms I then have several panels which perform some post...
View Articlehow Splunk can be utilized to provide monitoring for Cisco ASA
Please help us for how Splunk can be utilized to provide monitoring for Cisco ASA.
View ArticleHow to optimize processor usage on Mac OS by the splunkd process?
The splunkd process only uses the power of one logical core dispatch on all processors. Is there a way to use all the available processor power in a pattern search for example? thx for your help Pierre
View ArticleHow can I extract these 3 values from this string via regex?
Hi I need a regex match on the below pattern. I need to capture 3 values from "ms.db.tablespace_status_ind[DBID_FACT_D03,NORMAL]" name -> ms.db.tablespace_status_ind table-> DBID_FACT_D03...
View ArticleHow to correct timestamp recognition that is currently skewed due to result...
Hello Splunkers, We have an event coming in from our logs below with this stamp right at the beginning of our logs. That is good... Event TIme Stamp 11/30/15:11:16 AM Unfortunately Splunk gets confused...
View ArticleWhy am I getting "HTTP Request error: 400 Client Error: Bad Request" trying...
So, I go into the Box App for Splunk on my Heavy Forwarder to do initial configuration. I successfully configure the app and validate the oauth information with my Box admin account. However, I notice...
View ArticleHow to install and configure the Amazon Kinesis Modular Input in an indexer...
How do you go about installing/setting up the kinesis app on clustered indexers? I've tried pushing the app out via /masters-app but the new added input didn't show up. I've also tried install the...
View ArticleTimeWrap Source Code
It seems that the author who made TimeWrap is no longer updating or creating new add-ons. Is it possible to reach out to them and see if we can get the source code and continue to update this wonderful...
View ArticleHow to use a username field across two endpoints in setup.xml?
I have a setup screen to take credentials for exporting files to an ftp server. The fields are username, password, ipadress, port, path I am using storage/passwords endpoint for username password and a...
View ArticleWhy have licensing metrics stopped working and internal indexes are disabled?
Our licensing process seems to have stopped. We received an alert regarding the internal indexes were disabled due to licensing. Checking the licensing usage pages, the daily tab is accumulating each...
View ArticleHow do I join results of two searches and trigger an alert where 2 events...
How do i join these two events where both are true for a one minute time range? index=BOB "No response from remote server RegistryClient " Returns two events on host server A: 1 A - 14:59:55 2 A -...
View ArticleSplunk App for Unix and Linux: Why does adding hosts to a group in a category...
Does anyone know why while trying to add a host to a group causes the browser to hang and the CPU on the Splunk server, Search Head & Indexer, to spike? Running less than 400 servers and no one...
View ArticleHow to create an alert to trigger after multiple events with similar data are...
Hi, I'm trying to design real time alerts who trigger if "one" or more events with similar event properties are detected over a period of time. Imagine data like this: TIME Action IP 08-10-2015...
View Article