How to parse a JSON array into Splunk table?
I have been searching for how to do this and I haven't really come across anything that matches my use case. I have the following object in Splunk: ![NewRecordingEvent][1] [1]:...
View ArticleAre there plans to update the Splunk for FISMA app to Rev 4?
Are there plans to update the Splunk for FISMA app to Rev 4? I know this has been asked before, but there has been no answer. It has been quite a while since Rev 4 has been introduced.
View ArticleFinding Persistant Connections
I have squid proxy log that I want to mine for persistent connections from my client workstations to the internet (ie: teamviewer, gotomypc, spyware C&C, etc. Looking to do a search to determine if...
View ArticleUser has left the company, but audit shows failed logins every 15 minutes....
Hello everyone, I have inherited shared responsibility for a Splunk instance. We recently had a user departure, and one of the other Splunk admins changed that user's password so that they couldn't...
View ArticleIs "strftime() %X" defined by the Splunk server's operating system or the...
From Splunk docs for %X: The time in the format for the current locale. For US English the format for 9:30 AM is 9:30:00. From Splunk docs for %c: The date and time in the current locale's format **as...
View ArticleIndex.conf setup for 180 day retention policy
Hi, We are are setting up our indexes to all have a retention policy of 180 total days. 10 days in hot/warm and 170 in cold. Below is a sample stanza that we plan to setup for each index. Can we get...
View ArticleIs there an app which has examples of using HTML5 and CSS?
Hi, is there any app which has sample examples using HTML5 and CSS I checked Splunk 6.x Dashboard Examples app but do not find examples using HTML5
View ArticleHow to edit field-aliases defined under Splunk Add-on for Sophos to correctly...
Hi, We have Splunk add-on for Sophos installed. But it doesn't appear to be mapping two fields correctly as per CIM. Fields which we noticed so far are signature and category. Data is being sent by...
View ArticleHow to generate a search to find persistent connections between client...
I have squid proxy log that I want to mine for persistent connections from my client workstations to the internet (ie: teamviewer, gotomypc, spyware C&C, etc). Looking to do a search to determine...
View ArticleIs this 180 day retention policy configuration in indexes.conf appropriate?
Hi, We are are setting up our indexes to all have a retention policy of 180 total days. 10 days in hot/warm and 170 in cold. Below is a sample stanza that we plan to setup for each index. Can we get...
View ArticleSplunk DB Connect: Why am I getting...
I'm trying to run this query: *| dbxquery connection=MyConnection query="SELECT * from dataBase.schema.table"* But when I run it I get the next message: ![alt text][1] **External search command...
View ArticleHow do I compare count over two time periods?
All, Thought there was a one stop shop command for this, but I can't find it. Basically I just want an alert when I see a drop in count of events. Say I have 1stddev of change in 15 minutes? index=*...
View ArticleHosts that have sent events over the last eight weeks (by week) but taking...
I have a low volume index where hosts send one event every 24 hours. I need to determine if each host in today's search (last two weeks) has shown up in at least four times (once each week) for the...
View ArticleUsing inputlookup with external_cmd
Hi all, Is it possible to use _inputlookup_ to pull a list of information from a scripted lookup? [The documentation][1] for _inputlookup_ seems to suggest this is possible: > The lookup table can...
View ArticleUnable to get graph from csv data input.
I must have this data to be converted to graph. I have attached the csv. Is it possible? When I try this it gives be strange spots in graph and below error also. Steps I have followed: 1. Created a new...
View ArticleHow can I use transaction as a boolean to create a visualization in a timechart?
I'd like to create a visualization showing the connected state of a hand full of clients. We log connected state as "ClientID=nnnn - Connected" ... "ClientID=nnnn - Unreachable" My search is as follows...
View ArticleAlarm Severity in Webhook payload
We are sending alerts via webhook notifications to a 3rd party application but the alarm severity is not in the payload. Can this be added ? thanks.
View Articleerror posting to snow_proxy among other snow_... areas
Hi, I am trying to get the ServiceNow add-on to work on a distributed Splunk infrastructure namely a HF. I have tried configuring it from the GUI and conf files, though there are differences as to how...
View ArticleAre there any Splunkbase apps that have been localized to Japanese?
Have looked at many of the Splunk built apps on Splunkbase and so far none seem to be localized to any non-English language. Anyone know of a Splunkbased app that has been localized to Japanese or any...
View ArticleAuto refresh a dashboard
Is there any setting that I could enable for my entire dashboard to auto-refresh every couple of seconds or minutes ?
View Article