Universal Field Extractor Not Displaying All Sources
When I select the "source" dropdown in the UFX app, it doesn't display all of the sources associated with the index I've restricted the extraction to. I tried to look at the code, but it's Python and...
View ArticleUsing email or UPN instead of SamAccountname for Active Directory logon?
We currently have our users log into Splunk using their AD credentials, and specifically the Samaccountname field. In the LDAP strategies pane, there is an option for changing this field. I would like...
View ArticleHow to edit my Palo Alto search that plots bytes sent and received over time,...
I have this search that is almost what I am looking for but not quite: | `pan_tstats` sum(log.bytes_out) AS sumSent sum(log.bytes_in) AS sumReceived FROM `node(log.traffic.end)` log.user="*" groupby...
View ArticleHow to edit my table to plot transactions?
I was trying to create a table like below. We have a log with below fields, [Date][PreciseTime][Pid][Tid][TransactionID][Function][SrcFile][Message]...
View ArticleHow to edit my search to find the last seen date of our computers?
What I am trying to do is currently search for Computers that were last seen 10 days or more ago. Currently right now I have the following search syntax: ComputerName=* AgentVersion=* | dedup...
View ArticleIs it safe to increase "batch_response_limit" on limits.conf?
Hello, We have very frequent data reports, so need to process more than 50M events at once. Since **batch_response_limit** is set to 50M as default I can not batch results more than 50M. I was...
View ArticleDell EMC VMAX Add-on for Splunk: How to duplicate the add-on to monitor an...
In this case I'm using the Dell EMC VMAX Add-on for Splunk (TA_Dell_VMAX) to monitor an array. It only allows for one IP to be specified, and we have an additional VMAX array that needs to be...
View ArticleHow to configure Splunk DB Connect to extract Unisys DMS II records?
Hello community, I wanted to ask if someone configured Splunk DB Connect to extract Unisys DMS II records? This system allows connection via JDBC, I already have the drives and I defined it in the...
View ArticleHow to edit my AMI of Splunk's inputs.conf to allow TLS connections?
I am inexperienced with both Splunk and AWS, so keep that in mind. ;) I wish to edit my AMI of Splunk Enterprise's inputs.conf file to allow TLS connections. I successfully accessed the AMI using SSH,...
View ArticleWhy is the latest Maxmind download no longer working with iplocation on 6.3.8?
Downloading the latest Maxmind GeoLite2-City.mmdb database seems to break iplocation 6.3.8. Anyone having a problem with this? Did a new format on Maxmind side break iplocation?
View ArticleSplunk App and Add-on for VMWare: Why have Data Collection Nodes (DCN)...
My Splunk DCN for VMware suddenly stopped sending data. ![alt text][1] The apps *are* there ![alt text][2] [1]: /storage/temp/189179-screen-shot-2017-03-16-at-25412-pm.png [2]:...
View ArticleLDAP issue: Why does search request time limit not agree with Splunk Web...
Attempting to configure LDAP auth for access to our Splunk search head, but attempts to save the configuration always results in "Time limit exceeded" error in splunkd.log. 03-16-2017 16:01:01.412...
View ArticleWhat does the error "Cannot parse into key-value pair" mean?
Hi, I am getting below errors in splunkd log on one of the indexers. Can anyone please help me to understand that? WARN IniFile -...
View ArticleHow to configure Trend Micro Deep Security Anti Virus so that it does not...
We enabled Trend Micro Deep Security for Splunk on one of our search heads and saw an immediate and drastic impact on performance. Is there a set of recommendations on how I should configure Deep...
View ArticleWhy is Splunk 6.5.1 not able to search when event has data with delimiter ~...
Why is Splunk 6.5.1 not able to search when event has data with delimiter `~`, while field extraction is working as expected. Issue with search with extracted field=value another question while...
View ArticleWhy does my regular expression provide inconsistent results for my field...
I'm attempting to set up a Field Extraction for a log files we're forwarding from an LDAP server. For the most part it works, but for some reason it seems to be extracting data on subsequent lines even...
View ArticleWhy has the search function stopped working in Splunk trial version?
Is it really a good idea to have the violation limit in a trial version and cripple your own software? A few days ago my boss was trying to show Splunk Enterprise to *his* boss, but surprise, the...
View ArticleWhy do saved searches take too much time in dashboards?
I have several dashboards with 8 to 15 graphs/saved searches each and when I try to display them I get **"The maximum number of historical concurrent system-wide searches has been reached. current=6...
View ArticleHow to configure the HTTP Event Collector to use 6 digits of precision in the...
We are trying to get input time with 6 digits of precision but Splunk seems to only accept 5. We are using the HTTP Event Collector to input data into Splunk. As described in the documentation, we...
View ArticleHow to generate a search to find increment user ID attempts?
I have a set of Apache access_logs where a URL is something similar to: http://mydomain.com/user.php?userid=123 I'm trying to find any attempts where consecutive URL requests for the same URL are...
View Article