parsing help
Control File: /dir/dir/dir/file_name Data File: /dir/dir/dir/file_name.dat Bad File: /dir/dir/dir/file_name.log Discard File: /dir/dir/dir/file_name.log (Allow all discards) Number to load: ALL Number...
View ArticleSingle single-value causes SplunkJS exception in Splunk 6.3.0
Hi everybody, while checking our dashboards for migration to Splunk 6.3.0, I faced an issue with the redesigned single-value elements which truely base on a "single" value. Setting the numberPrecision...
View ArticleCP OPSEC LEA "ERROR: unable to get splunk lea config...
Hi! This works: ./lea-loggrabber-debug.sh --configentity CP This does not: ./lea-loggrabber.sh --configentity CP Message: ERROR: unable to get splunk lea config arguments(get_fw1_logfiles) in Splunk...
View ArticleSplunk 6.2.4: scheduled report as base search not using scheduled run
With our splunk 6.2.4 enterprise install, a pre created scheduled report when used as base search in a dashboard, is not using scheduled run's result; instead the search is run on every dashboard...
View ArticleHi any help me to find splunk sourcetype for the symantec brightmail gateway...
Hi any help me to find splunk sourcetype for the symantec brightmail gateway 10.X , the syslog, sendmail_syslog not working..pls share the sourcetype.
View ArticleSplunk Alerting Issue
Hi All, Today my users claiming that they are not receiving email alerts from splunk: Below are the steps taken to verify the same: 1) Verified in triggered alerts -- i see a count in triggered alerts...
View ArticleHow to monitor switch, router... and other cisco devices use SNMP.
Hi. Using NET-SNMP on Windows to receive and log SNMP traps to file, then have splunk monitor that file. How to do this? I installed NET-SNMP on Windows what is next step?
View Article,Unable to auth the application.
The instructions stated that after running the configure_oauth command I should have been presented a URL which I needed to visit to complete the auth process. I ran the command and it just exited...
View ArticleHow can I compare 2 fields from database dumps and return lists from 1...
I have dbdump from my vulnerability software RetinaCS and dbdump from McAfee. I want to compare the assetNames field and return back to me the retina assetNames that are not found in McAfee. this would...
View ArticleGrouping using regex, then do stats
Assume each event includes 2 fields: `path` and `duration` among other fields. `Path` can have values: (i) type1 = `/x/y/`, (ii) type2 = `x/y/\d+` , eg. `/x/y/1234`, (iii) type3= `z/t/`, (iv) anything...
View ArticleHow to delete old lookup table (CSV) files in a search head clustering...
How can one delete stale lookup files? Sometimes users output their data to a lookup table file to reference in another search and fail to remove the old lookup table file. This in turn causes the...
View ArticleIs there a way to customize a triggered alerts dashboard that displays a list...
Is there any way to build or configure an alerting dashboard that displays a list of hosts (instead of a list of links to results, as in "triggered alerts") that we can click a checkbox on and say...
View Articlesplunk crash "Missing forwarder"
AlertName : Splunk DCM: Missing forwarders Severity Value : Critical Value : time was not reported Details : Missing...
View ArticleIs there a change log or something similar we should consult before...
Hello, We noticed a few days ago through our UI that Splunk needs to be restarted in order to apply some changes -- what those changes are, isn't really clear. We're just curious if there's some form...
View ArticlePost process Search
Hey all, I would like to automatically apply some logic to the end of any alert which will help guide users to snap to a particular timeframe around an event (without having to rely on SID lifespan or...
View ArticleWhy does data stop getting indexed for a monitored file when Splunk is...
I am attempting to monitor a file that is fairly large and on a UNC file share. It appears that the file only indexes up to the point at which I reboot the Splunk indexer that is monitoring the file. I...
View ArticleAdding a new search head to an existing Search Head Cluster, if I want to add...
I am adding a new search head to the existing search head cluster. I want to add the same users to the new search head, from my LDAP. If I copy the authorize.conf & authorization.conf, will it...
View ArticleHow to automatically update a CSV lookup based on a daily CSV file output...
Hello, I have a CURL script that generates a CSV file, and I would like to use that CSV file as a lookup for some searches that we run in Splunk. The CURL script runs once daily and generates the...
View ArticleIf I have an existing search head cluster with a replication factor of 3,...
I need to configure new search heads to an existing search head cluster, currently with a replication factor of 3. When I add the new search heads, should I increase the replication factor? Please...
View ArticleIs it possible to have eventtypes for user authentication with different events?
Is it possible to have eventtypes for user authentication with different events? I am working on a TA for Aruba user authentication logs. I have the action=success completed event **522008** but...
View Article