Can not write a POST request in django framework
I want to build up a POST api for my splunk app. But when sending POST request from browser, I receive GET request instead of POST in views.py. I know support for django is no longer be provided by...
View ArticleSplunk DB Connect 2: Why are my queries coming back with 0 bytes when there...
We are trying to attach our Oracle databases to Splunk we look to have everything configured correctly. Manual queries within the app seem to be pulling back data but the scheduled queries present the...
View ArticleTrouble Joining Firewall and DHCP logs by IP address
Hello All, been banging the head against the desk for awhile on this one; tried join, transaction, and a few other things. We have fw logs that record the ip address (dhcp) of the users, but no other...
View ArticleTons of errors from Twitter App after upgrading to 6.3
I've been using this App for Twitter Data and it has been good until I upgrade Splunk to 6.3 https://splunkbase.splunk.com/app/1162/ It seems to be an SSL related issue. Do I need to make any...
View ArticleQuery to capture distinct source IP who triggered multiple signatures
Dear Experts, I require help to create the query. I am creating the rule if single(unique) source triggered distinct signature(more than 2) . Than only we should get the result. Fields involved...
View ArticleIndex for good custom app stops indexing when another custom app is added to...
On my development splunk v6.2.6 I developed a new custom app called auditing with one index which is deployed successfully alongside an existing app called logging with one index. But when I deploy my...
View ArticleMultiple Firewall Denies followed by an allow from the same source IP
I'm looking for a way to create a splunk query (and then into a real time alert) when the below conditions are met. Excessive firewall denies (say anything more than 50) followed by a firewall accept...
View Articledata not found after upgrading to 6.3.2
hello all, recently i have migrated apps from PROD and DEV to splunk instance and upgraded it to the latest (6.3.2) version. when i open the applications to see the data and the following error can be...
View ArticleWhy isn't ancient entry ignored despite `ignoreOlderThan` config in...
Hello. We have a pesky entry from 80+ days ago that keeps appearing in our search results. We added the `ignoreOlderThan` setting to the `$SPLUNK_HOME\etc\system\local\inputs.conf` file, but the old...
View ArticleHow to make Index time field extraction work for key at end of large json events
We are trying to do index time field extraction on the 'job' field from our json log events. We notice that if the "job":"123" field appears early in the json this works fine and we can do searches...
View ArticleCurrent logged in user in 6.3
Hello, The current recommendations to use "| rest /services/authentication/current-context" to find the current logged in user do not work in 6.3.1. What is the alternative? Thanks, Brett
View ArticleChange color scheme for test environment
It doesn't look like there's an easy way to change the colors, etc. for splunk, but it would be very helpful to identify when I'm working in test vs. production. Am I missing something, or is it just...
View ArticleSplunk4JMX only works when I manually run poll_jmx.bat
Hello, I have a few servers with UniversalForwarder installed, and Splunk4JMX app on them. I have two servers that appear to have the forwarders setup the same, however; One server Splunk4JMX works...
View ArticleForwarding to indexer group default-autolb-group blocked for 100 seconds.
上記はメッセージが出て、インデックスが削除できません。 原因、対応方法をご教示ください。 宜しくお願いします。
View ArticleAre the Log channel (found in Server settings/Server logging) documented
I want to see what options I have to log user activity within Splunk. Are the Log Channels or the category found in log.cfg documented with respect to what their levels would generate?
View Articlewhat type of data and how to forward data in o Service-now
Hi there I am using linux installation of splunk enterprise, which is configured to work with service-now by adding "splunk add-on for service now" and "splunk app for service-now". Now i am able to...
View ArticleUsing head command
I have the query with stats, and I want to use head command to retrieve limited events for everyday. But head command is limiting the events for whole query. index=myindex "searchQuery" | rex...
View ArticleCan we implement Splunk enterprise in Datacenter where the systems/servers...
Can we implement Splunk enterprise in Datacenter where the systems/servers are in Workgroup
View ArticleNot able to parse string(Labels) from HTML & JS Files in Splunk Application...
Hello, We are using Poedit to extract labels from our Splunk application, but we are unable to fetch them from HTML & JS files. We are able to extract labels from .conf & .xml files. Please let...
View ArticleI just need of input for to allot the value to the particular string if the...
if ( AVSResponse = x ) then need to display "matched" in the dashboard report likewise i have more than 10 value to be matched. kindly help how i can setup the requirement. thanks
View Article