Creating Windows Event Logs input via python SDK
Hello All! When I create Windows Event Logs Input manually (via the GUI), I specify a Server Class , Event Logs and the Index. How do I create it via the SDK? I guess I need to specify: "splunktcp" :...
View ArticleHow to specify field names while loading the data using splunk java api
I would like to index the data using java api. How could i specify the field names while indexing the data.?
View ArticleImpossible to merge events
Hello, I have a problem with merging event: I search in forum's post and documentation and try a lot of combinaison but never worked! - My config: Test envirronement = Splunk v5 on a single machine...
View ArticleBlue Coat proxy logs from a Reporter with .gz.done extensation
How to edit props.conf to start collecting gz.done files from Blue Coat's proxy FTP server. Reporter change .gz files to gz.done files. What should I do to start pushing these files via UF to the...
View ArticleWindows DNS Drop line via nullQueue not working
I'm trying to drop DNS requests for internal names from our windows DNS logs. For a guide I am using an answer from this question:...
View ArticleKV Store - Jquery Date Picker for HTML Dashboard
Hello! I want to add in 2 jquery datepickers to my html dashboard. I can see the jquery date picker calendar, but whenever I click a date the input field does not populate. I think I'm missing very...
View ArticleArchitecture Design Question for Small Enterprise Splunk Deployment
Hi, my company is deciding to use Splunk in a Small Enterprise Deployment. I already read a bit about scaling, the infrastructure design and the amount of components. I'm assigned the task to think...
View ArticleError : Can't preview source
Not able to search newly added file. ------------------------------------- I am adding new file from : setting ->Data Inputes -> New But After uploading any new file when i press next, In Set...
View ArticleAlert Trigger Actions
When to use "Once" and "Each result" in Alert Trigger actions? Trigger : Once / Each result Each result is something related to throttling? Could someone explain with any example in brief? Many thanks
View ArticleHow to redirect logs from Universal Forwarder to an specific created index...
Hi, Im trying to redirect all logs from a folder in a forwarder to "just" an specific index that we created on the indexer. This is our own create index and we want index the logs from that folder in...
View ArticleHow to route data from single input to multiple indexes
I am using a distributed Splunk Enterprise configuration with syslog data from multiple sources going to a central syslog server with a Universal Forwarder. The syslog sources are from separate...
View ArticleDocumentation for REST API Modular Input app?
Is there any documentation for this app (REST API Modular Input)? The "documentation" section on the main page is more of a feature outline. Many thanks!
View ArticleADFS Support for Splunk
Is there any way we can do SAML authentication in Splunk with ADFS as IDP? We don't need SSO using proxy authentication and using mod_auth_mellon.?
View ArticleHow to break events on Particular field using Regex or any other process?
Hi All, Below is my event data: Issue 1: 11/11/15 1:26:01.000 PM Job Id, Class Id,"Id","Success","Created","Error","Id","Service_Team_Members_Initials__c"...
View ArticleWhy am I getting "'savedsearch': Argument "action:email.command" is not...
Please advise what to do if I get the below error when scheduling a search.. Encountered the following error while trying to save: In handler 'savedsearch': Argument "action:email.command" is not...
View ArticleWhat happens to Splunk if annual term enterprise license expires?
Hi I am looking for the detailed information of Splunk behavior when Splunk annual term enterprise license expires. - Enter a new term license or forced to switch to Free license? - Does Indexing Stop?...
View ArticleHow to get result with multiple conditions
index=app sourcetype=epcpromotionsevent | stats count as num by eventName,hotelId above query will display count, eventName, hotelId three properties. I want to solve below issue: 1.when count is 1,and...
View ArticleUsing eval on a token from a time picker and adding it to a label
In my Splunk Dashboard I have a time picker and charts which shows a search for each subsequent day from the earliest time selected in the time picker. I want to display a formatted date in a label for...
View ArticleNot able to get the Fortinet FortiGate Add-On to recognise my data
Hi, I have installed the apps Fortinet Fortigate Add-On as well as Foritgate App for Splunk. I have a rsyslog configuration to dump the syslog from fortigate into a folder. I configured splunk data...
View ArticleApp-Development in Python: how to read and write configuration files
Hi! I am looking for a new and non-deprecated method for reading and especially writing and updating configuration files in Python. My current implementations use admin.readConf and admin.writeConf,...
View Article