is it possible to use file monitoring on external server that doesnt have...
Hi All, Would like to ask if it is possible to monitor files outside the server without using a forwarder. Thank you in advance.
View ArticleTable drilldowns: Problem with forward slash
Hi community, I am trying to create a drilldown for a table using a cell value that contains a URL (or part of it). These are the problems I'm facing: 1) Splunk converts the '/' in the cell value to...
View Articlecount (all) / Count (unique) = result -> chart
Hey all, I have a logfile looking like this: **Host ----- Message** test ----- Error1 test ----- Error1 prod ----- Error2 prod ----- Error2 test ----- Error2 test ----- Error2 prod ----- Error3 prod...
View Articlequestion about labels
Hi. with the code below, I am able to pull out data from our company's network and categorize them by region, as well as drilling down up to specific host. My only problem is, when I select for example...
View ArticleAPP Splunk for Cisco Threat Grid
Hello, I wanted to know the exact name of the APP Splunk which allowed to connect it to the Cisco Threat Grid ? Thank you, Best regards, Lina HADDAD.
View ArticleBaselining in Splunk
Hello! I'm currently trying to create an altert that triggers, if the returned value of a search is three times higher than the average value over the past 3 weeks. Help would be appreciated, as this...
View ArticleSplunk app for VMware - What goes where?
I am trying to configure the Splunk app for VMware and its not populating any data. Can someone please help me with what goes where. I have 1 SH and 1 Indexer. I need to know where do I install Splunk...
View ArticleSplunk app dashboard list disappeared
Hi guys, I've created a custom Splunk Application. I've noticed that my dashboard list view desappeared. is there a way to restore it? Thanks
View ArticleHow can I troubleshoot the configuration?
Hi, I've configured the Splunk add-on for Bamboo as per [https://splunkbase.splunk.com/app/3440/#/details][1] and have correct server, username and password in...
View ArticleSplunk Enterprise and OSX Sierra
How much longer do we have to wait for this. It has now been 5 months! Come on guys need support for this premium product that we have been using for years and is updated on other platforms. Regards, Paul
View ArticleSplunk saving P98 into summary index as NOT a number
Hello gents and ladies, I am trying to write response time P98 to summary index. I do: *| stats p98(response_time)* and get a nice result of 0.040sec. But if I do this: *| sistats p98(response_time)*...
View ArticleLDAP Intergration With SPLUNK and SIDEWINDER
Hi Guys I wish to import Specific information from Micros ft AD into SPUNK. Information such as IP phone: , Department:, and Company: Your advice is appreciated Regards
View Articletstats issue following upgrade from 6.4.4 to 6.5.2
I’m having an issue with the tstats command not producing any results when calling a namespace post tscollect. For example, I have a search where I pipe the results to a namespace … | tscollect...
View Articleexecute a command script whenever an alert occurs
Hello, I need to execute a script in command prompt whenever an alert is raised. Can anyone please tell me how to do this? Thanks & Regards, Chinmay.
View ArticleHow to index a csv/lookup file from SH to the indexer in a SH cluster
hi We have SH clustered environment and we have a lookup which is collected daily and this comes to SH and is present in all the SH cluster members correctly. But we have a requirement to index this...
View Articletwo searches in pivot
I have index=webserver_logs and source=security_logs and can search both in a single query: index=webserver_logs | append [search source=security_logs] I get a table with all events and just select...
View ArticleHow to add multi-values lookups
My CSV is of the format : Key1 = Val11 Val12 Val13 Key2 = Val21 Val22 Val23 Is there any way I can use the lookup feature to gather this data in a query ? Thanks and Regards, Abhay Dandekar
View ArticleAverage between 2 fields D+HH:MM:SS
Hi, I try to realize an average enter 2 fields which appear in the form of D+HH:MM:SS so i converted with dur2sec. But the result is 0 i don't understand why. Can you help me to find why ? Thanks you....
View ArticleSpath parsing error, last event in JSON
I have the following JSON in each event payload={fields1=values1, field2=value2, etc} When running spath I encounter an error with an parameter called eventTime. my search | spath input=payload if the...
View ArticleMATCH_LIMIT in tranforms.conf
I have a fairly hefty chunk of JSON from RabbitMQ REST. In my props I have: [json_no_timestamp] TRUNCATE = 500000 In transforms, I have: [CFBPFCCmessages] REGEX = (?U)()"messages":(?P\d+) WRITE_META =...
View Article