How to filter XmlWinEventLog in Heavy Forwarder with regex?
Hi, I have XML rendered log from sysmon and i need to extract from this log only interesting fields, for example:...
View ArticleNested JSON not formatting
Can Splunk be configured to allow for interpreting JSON objects with multiple-levels of depth? Here's an example: { level: warn message: {"invalidPublication":"Publication is valid for indexing at...
View ArticleWhy is my nested JSON event not formatted correctly?
Can Splunk be configured to allow for interpreting JSON objects with multiple-levels of depth? Here's an example: { level: warn message: {"invalidPublication":"Publication is valid for indexing at...
View ArticleIs there a search performance difference between using the Splunk Search and...
Hello, New to Splunk here, we are using Splunk Enterprise and have multiple apps and add-ons for Splunk. Is there a difference in search results/performance between using the "Search and Reporting" app...
View ArticleSplunking Trello Changes
Hey, has anyone ever investigating Splunking Trello data? I.e., card changes, # of cards archived, etc. etc.? It seems there is an API, but wondering if anyone has already done the hard work.
View ArticleFiguring out index disk space footprint on indexers
I was struggling to find short and long term estimations on how much space was taken by each index in each state, so if you are trying to make a plan or taking over an older deployment your 2 friends...
View ArticleError trying to add vertica to dbconnect
I'm unable to get Vertica jdbc driver to work correctly with DBConnect. I've verified that Splunk see's the driver and it's version. When I try to create a new connection I get a popup message that...
View ArticleHow to copy already indexed data to the new indexer in multisite indexer...
I have two sites in my multisite clustered environment. On site 1, I have 4 indexers, and on site -2 I have 1 indexer. On site 2, I am planning to decommission the current peer node (indexer) and add...
View ArticleWhy won't my regular expression extract fields when the _raw field is greater...
Hi, I'm trying to extract two fields with this regular expression: Transaction\sID=\"(?P\w*)\".*OperationCode=\"(?P\w*)\" and it works in almost all records but it seems that when the _raw field is...
View ArticleSplunk App for Unix and Linux: How to ignore the logs of my single instance?
I have a single instance in CentOS 7 and I am interested in receiving and analyzing logs of my Linux server. But when I installed the Splunk App for Unix and Linux in my single instance, I exceeded my...
View ArticleWhy does the Universal Forwarder index a CP1251 encoded file twice?
Hello! I'm trying to pre-filter and forward structured .csv file from Universal Forwarder (UF) to Splunk Enterprise server. This file is CP1251 encoded, not UTF-8. I've made a new sourcetype and copied...
View ArticleWhere can I find the Splunk SDK for .Net 4.0?
hi I have been trying to find Splunk SDK for .net 4.0 can someone please help? we can't upgrade our solution to .net 4.5 for various reasons. I did look up quite a while. please help
View ArticleHow to integrate CA APM data to Splunk?
Hi Team, We have a CA APM plaform where all the servers performance metrics are stored. So now I have to pull this performance metrics from CA APM plaform to Splunk and make it available for all the...
View ArticleSplunk App for Salesforce: Why has the LoginHistory input stopped pulling data?
Months after installing the Splunk App for Salesforce, the LoginHistory input stopped pulling data. I tried disabling the current input and recreating one from scratch, but nothing is being indexed....
View ArticleWhy is one app is not downloading into deployment server, whereas similar...
One app is not downloading into deployment server, whereas similar domain servers have downloaded successfully. I have 3 servers and one of the server's deployment apps is not downloaded into...
View ArticleHas anyone Splunked Trello data?
Hey, has anyone ever investigated Splunking Trello data (i.e., card changes, # of cards archived. etc.)? It seems there is an API, but wondering if anyone has already done the hard work.
View ArticleSplunk DB Connect: How to resolve error "Connection is invalid: There was an...
I'm unable to get Vertica jdbc driver to work correctly with Splunk DB Connect. I've verified that Splunk see's the driver and it's version. When I try to create a new connection I get a popup message...
View ArticleAfter upgrading from 6.3.7 to 6.5.2, why are we getting the error on search:...
After upgrading from 6.3.7 to 6.5.2, we are getting the error on search: "Cannot get username when all users are selected". Some people are getting this and some aren't. We are also seeing different...
View ArticleHow to resolve "Invalid username or password. Your license is Expired" error?
I've been contracted to install and setup Splunk Enterprise on Windows Server 2008R2 for a customer. I originally did an install back in December, had changed the admin's password, but then the...
View ArticleHow to edit my search to count the number of servers?
We have Multiple servers that all end with the same few letters like this. Office1Server Office2Server Remot1Server Remot2Server Remot3Server I want to return results that look like this OfficeServer...
View Article