How to use Inputlookup
Hi after importing a csv file i want to compare the hostnames/ipaddresses in the csv file not reporting iis using a specific index
View ArticleRegex to extract two strings from log and make as field
**Log - (given 2 lines for example)** 2017/02/21 03:46:12.119-0800 [http-bio-8480-exec-3] C3AF4B3F9C2E40D2006D1513C81191A6.pppxwbtect014 INFO c.e.c.w.b.r.ShirtsSaleResource - #xHoster#...
View Articlehow to schedule an alert to run for every 10 seconds using cron?
how to schedule an alert to run for every 10 seconds using cron?
View ArticleRex - Extract till first set of numbers
Hi, I have following values in field - DATA for which I want to extract text from start till the first set of number. **ABCD_EFG_HIJ_9998_LNM_HASJ_kasldj_a781-4413-7708 ABCD_EFG_4039_DATA_LOST_SAMPLE...
View ArticleSecuirty checks with help of splunk
Hi, I want to figure out, how long an employee inside office. Once employee enters into office he will do card swipe that we can call it as IN time, and after sometime he can go for tea or coffice out...
View ArticleHow to create a dashboard with button that works like a webhook
I want to create a dashboard with buttons that when you press behave like a webhook in a alarm, so they send a POST to an http url, is it possible? and if is it how can i create it? thanks in advance!
View ArticlePossible to define a sub-sourcetype?
We are ingesting IIS logs in json format as we are adding some additional fields to the log file that contain information we need to pull. However, IIS uses the W3C format in which the fields are...
View ArticleWhy does it take time to transfer a gz file?
In my system architecture, UF is transfering 1.8GB GZ format Compressed ifilter log(original size is 15GB) to two IDX. However, the transfer speed is very slow. In my calculation it will take around 24...
View Article多数のリアルタイムサーチを設定した場合のインデクサーの必要台数について
表題の件、ご質問させて頂きます。 現在、Splunkを活用してセキュリティイベントを検知させようとしています。 様々なインシデントの可能性を多角的に検知するために、 リアルタイムサーチを40程度行わせようと検討しています。 Splunkのキャパシティプランニングマニュアルを参照すると、 48のリアルタイムサーチを行う場合、インデクサーがおよそ6台程度必要とありますが、...
View ArticleApache Avg Response Time
Hi everyone, I have exhausted the guess and click on this. I'm learning Splunk by following the book Operational intelligence Cookbook Volume 2 and I have hit a wall. The Recipe I'm working on is...
View ArticleCreate Panels Dynamically based on search results
All, I am hoping someone to help me fine a solution for what I am trying to do. I have the following data from a search: hostname,deviceid host1,1 host2,2 What I am trying to do is to created panels...
View ArticleModify lookup cells by search command
I have a lookup called FailuresList It contains the following fields: **date**, site, text, excluded I would like to modify the "excluded" from "No" to "Yes" of keys that their **date** equals to...
View ArticleHide dashboard source code in a view
Hello All my dashboards show their raw xml source code in the footer. I do not remember how is enabled this, but I know Splunk does not do this out-of -the-box. Can you tell me how to disable this...
View ArticleHow to properly setup splunkforwarder in CentOS 6.8
Hi, I'm trying to setup splunkforwarder in a new Linux server (CentOS 6.8), but every time I try to run splunkd, I get the following error: # /opt/splunkforwarder/bin/splunkd Couldn't open log file...
View ArticleRunning a script from an Alert or EAS
I have a python script that will create an incident in our incident management application. Currently the script gets '$SPLUNK_ARG_8' and unzips the file, reads the file and extracts specific elements...
View ArticleTA and VM apps for SHcluster and Indexer Cluster
Hello, I have Search cluster (3 nodes) and Indexer Cluster(3 nodes) + UFs. I have Deployment Server on an search node and deployer for shcluster on an indexer node. Please explain me a deployment...
View ArticleHow do i create a regular expression to extract a particular field from comma...
Can u help we with below. I would like to create regular expression to extract a particular field from comma separated log entry regardless of its length. Log entry sample 2017-02-21...
View ArticleMoved indexed data to different mount - not seeing it
Hi, I was running out of space due to large volume of vmware data that we are indexing and I had to move the data to a different mount. I changed in index.conf where the data is being indexed and moved...
View ArticleExpanding nested JSON events into multiple events for search
I have nested json events indexed in Splunk. Here's an example of 2 (not confidence value differs): Event 1: { [-] email: hidden@hidden.com filter: confidence >= 60 id: 2087 integrations: [ [-] {...
View ArticleWe've been having issues with our DC's sending to much information across to...
We are currently pulling windows security events from multiple Windows domain controllers and received issues with the amount events indexed which constantly violates or license. We have windows logon...
View Article