How to convert my response time field into seconds?
i want to retrieve responsetime and convert it into seconds. please help me with Rex IP Responsetime(ms) 12.34.567.890 163000 23.45.678.901 199000 34.56.789.012 162000
View ArticleAttivo ThreatMatrix App for Splunk: Is there any documentation?
Is there any documentation for the Attivo ThreatMatrix App for Splunk? I don't see any specific setup options after installing the app, nor do I see any .conf files that would allow me to specify...
View ArticleIs it safe to use a 6.5.2 universal forwarder with a 6.5.1 indexer?
I would like to deploy the latest 64-bit Windows forwarder (6.5.2) but we are still at 6.5.1 for our indexers.
View ArticleWhy am I receiving a Search Head Clustering ArtifactId error "The artifact...
We suddenly got a couple thousand SHCArtifactId errors. Essentially the messages say 'The artifact blah contains the GUID foo. This GUID does not match the member's current GUID.' What exactly is this...
View ArticleIndexer Clustering - assertion crash on downloading bundle?
While upgrading a cluster to a newer version, I upgraded the Cluster Master first. and then pushed out a bundle. Immediately after pushing a bundle, the indexers crashed with this : splunkd:...
View ArticleProblem with SSO SAML (Splunk 6.5)
Splunk issues the HTTP POST to our IdP with the auth request , on the browser we login to our IdP successfully , submit the form and then get HTTP POST back to Splunk with Auth Msg/Response The splunk...
View ArticleimportRoles doesn't inherit srchDiskQuota and srchJobsQuota.
I configured a new role to inherit new default settings but the srchDiskQuota and srchJobsQuota is not being honored by the new role. Anyone else seen this issue? Basically: [role_base] srchDiskQuota =...
View ArticleWhy did my indexers have a large spike in io?
Hi Folks; Wondering if someone could help me out here. I just had a big issue with Splunk. 3 of my Indexers just crashed for a bit (replication factor of 3). One of the services crashed with a bucket...
View ArticleWhy does using eventstats result in seemingly lost data at a certain number...
I'm trying to calculate the percentage of a specific account's usage. To do this, I'm calculating the usage across all events, then adding the usage on a per account basis and dividing that by the...
View ArticleHow to have a notable event search DHCP logs based on source in FW logs?
Hello i have been trying to figure this out for days now. i have logs coming in from multiple sources that only display IP address (src, dst, etc). what i would like to happen is that when a notable...
View ArticleHow to edit my search to get the status of a log script?
log file:testscripts.log Date = 02/10/17 14:15:00,script = testscript, id = 29251, log=Script started Date = 02/10/17 14:15:00,script = testscript, id = 29251, log=calling wget without post parameter...
View ArticleHow to monitor remote logs in a centerized heavy forwarder
New to splunk. We have a clustered environment with 100 of serveres involved. Without installing universal forwarder how to monitor the logs from those servers. We dont want to install plugin or...
View ArticleNeed help to create search for the same time over days
All, I am running this simple search from 12pm to 2pm: index=ssn sourcetype=app-gmr eventtype=start_job | stats count 30,634 events (2/8/17 12:00:00.000 PM to 2/8/17 2:00:00.000 PM) I need to generate...
View ArticleNeed help with a greater than in seconds
My search alert filter: host=web-* "\"response_code\": 5*," OR "\"message\": \"Application Error\"" OR "\"response_code\": 0"\"total_time\" userloans QUESTION. I need to modify my alert so it captures...
View ArticleHow to get system resource data (CPU,Memory,File system utilization) onto...
Hi - My Name is Basudeba Mandal, I have started using Splunk couple of months back. I have understood the basic concept of log indexing, Alert creation etc. In order to understand and implement how to...
View ArticleDGA Regex in Splunk
I am trying to search through logs for unusual domains generated by DGAs. I want to use regex to search for domain names with 7-12 characters ending with TLD. The characters are alphanumeric. For...
View ArticleHow do I obtain a Certificate of Course completion?
My company paid for us to take EDU-SRPT e-learning segment. I taken the segment and passed the final exam. How do I obtain a Certification of course completion? 3 of my co-workers have completed this...
View Articlechecking the duplicate sourcetypes for monitor stanzas in UF
what happens if 2 different monitoring stanzas have same source type name ? . Is there any query to verify whether different monitoring stanzas having same source types and all this monitoring stanzas...
View ArticleHow to forward _internal to defaultGroup
Hello, I have the following outputs defined on all my universal forwarders: [tcpout] defaultGroup = prod-group, valid-group [tcpout:prod-group] server = server1:9997 [tcpout:valid-group] server =...
View ArticleRegex help on multiline fields and mvexpand
My data sample is as below C12345 my1Surname, my1First Role Access (Group1) - I Role Access (Group2) - II HR Department1 Email Contractors P98765 Þórarinsson, Guðmundur Role Access (Group1) - I IT...
View Article