Windows Infrastructure: What would cause the Print Job Viewer to stop working?
I set up our print server to send print job info to Splunk recently and it worked for awhile. For some reason, it has stopped working and I have no idea why. Within Windows Infrastructure, I can see...
View ArticleCan we configure some Universal Forwarders to forward data to port 9998 with...
Can we configure some Universal Forwarders to forward data to port 9998 with SSL on indexers and the remaining Universal Forwarders to forward data to port 9997 without SSL on same indexers? If yes,...
View ArticleHow to edit my regular expression for a multivalue field extraction with new...
Hello, I need REGEX help. I've wasted almost all day trying to do this and only came up with this which is very sloppy. I feel like this could be more efficient and work. When i plug it into Splunk it...
View ArticleUnhandled Exception in Splunk App for Salesforce: "urllib2.URLError: urlopen...
We are attempting to bring the Splunk App for Salesforce into our on-premise Splunk enterprise. When we configured it, it throws the following error: 01-26-2017 18:05:15.808 -0500 ERROR ExecProcessor -...
View ArticleDashboard base search cannot use macros
I've come to find out that one cannot use macros within join statements in dashboards have base searches (driving multiple/all panels in the dashboard). For example, the following code doesn't work:...
View ArticleReceiving SSL data into a forwarder - ISAM9 request_syslogs to Splunk forwarder
IBM Security Access Manager v9 build 9.0.1.0 * There is a bug which doesn't allow syslog to be sent of UDP, but TLS-TCP works. The bug is fixed in 9.0.2.0 On the **ISAM9** side, within the proxy I have...
View ArticleHow to get all indexes and sourcetypes?
After browsing through Splunk Answers, the closest I could get is the following SPL to list all Indexes and Sourcetypes in a single table - | eventcount summarize=false index=* index!=_* | dedup index...
View ArticleHow to remove numbers from events at search time?
Hi, i have endpoints which are extracted from the log message and some end points are with numbers at the end. can we replace those last digits with * here is the extracted field and values uri =...
View ArticleCan you exclude specific files from the Splunk file validation?
After upgrading to Splunk 6.5.1 we began receiving an error message in the GUI stating "File Integrity checks found 1 files that did not match the system-provided manifest. See splunkd.log for...
View ArticleBest practices for writing log files that have variable number of fields
We are writing our own logs for disk usage and we are using key value pairs. The issue is that each host has a different number of disk partitions. So my logs look like the below. We are not sure what...
View ArticleHow to reset splunk enterprise license ??
I received reset license key, where i have to use it now??
View ArticleKV Store: Fatal Assertion - Write to OpLog failed
We are running Splunk 6.5.1, and on one of our standalone search heads, upon every restart of splunkd we get the following message: KV Store changed status to failed. KVStore process terminated. KV...
View Articlelist common uid on two hosts
I am trying to list out common uid on two different hosts. I am using this but this give a visual of all uids including the common ones. sourcetype=access $host1$ OR $host2$ error=2*| chart max(O) over...
View ArticleMissing Index Even Specifying Index in inputs.conf
Hi, The architect of the deployment is UF(Windows)->HF->Indexer->SH, only UF is installed in Windows platform and all other instances are Linux. The inputs.conf in UF is below: [default] host...
View ArticleSNMP MODULAR INPUTS
Hi Splunk Peeps! Im trying to set up the SNMP Modular input to get the snmp traps data but unfortunately Im receiving this error "Failed to register transport and run dispatcher: bind() for...
View ArticleChronogram Vizualisation into Splunk
Hello all, I need to merge multiple graphical view to display the evolution of binaries parameters along the time. All the graphs should be time synchronized. Ideally I would like a vizualisation like...
View ArticleHow to get to grips with SPL.
Hi guys, I'm new to splunk, and we have recently implemented splunk enterprise in our environment. We are primarily looking at using "splunk app for windows infrastructure" for DPA requirements. We...
View ArticleIngesting query logs from Oracle Database
Hello All I am looking for options/solutions that would allow me to ingest **queries** run on an Oracle Database using Splunk. Can anyone help me out with that ?
View ArticleIngesting Trace Logs into Splunk
I am looking to ingest **SQL Trace Logs** into Splunk. Can anyone direct me on how this could be achieved.
View ArticleHow to write regex to filter events in JSON format?
Hi, Kindly help me with this issue:...
View Article