How to show the Minimum and Maximum duration for last 90 days in a timechart?
Hello guys I am displaying a TimeChart of average of Duration and a Baseline for last 30 days..It is working properly. Problem :- But now I need to show Min and Max of Duration for Last 90 days in the...
View ArticleHow to resolve error "External command based lookup is not available because...
Hello, After installing an app from one environment Search Head (SH) into another environment SH and restarting it, I am getting: External command based lookup is not available because KV Store...
View ArticleHow to override an index on per event basis?
So basically, I have a ton of events coming in on UDP 514. Based on the document linked below, I was able to configure my Sourcetype Overrides so not everything comes in as "Palo Alto". However, now my...
View ArticleSplunk App for AWS: How to resolve error "Unexpected error "" from python...
Hi all, Our Splunk App for AWS stopped working, the error message i receiving in splunkd log: 05-22-2017 11:15:10.128 +0000 ERROR ExecProcessor - message from "python...
View ArticleSplunk Add-on for Tenable: Why has Splunk stopped ingesting an API modular...
Hi All: I am getting the following error, in which Splunk is unable to pull data (scans) from a security center. Splunk Add-on for Tenable is being utilized to pull the management scans. We have 8...
View Articlehow does time synchronization work between forwarder and indexer?
Hi we have hosts sending logs to indexer using universal forwarders. The hosts are spread across different time zones. i want to know how the indexer Synchronize different time zones into one. Can you...
View ArticleWhen I use eval command to assign search to variable, why does it return...
I have a simple search of a CSV file pulling back the latest timestamp: source=/opt/apps/splunk/var/run/splunk/csv/CSVFileInvalidLogins.csv host=servername sourcetype=csv | stats latest(TIMESTAMP) as...
View ArticleSplunk Add-on for Amazon Web Services: How to setup a cloudtrail/s3 input?
I'm unable to setup an install of Splunk Enterprise (6.6.0) to read cloudtrail logs from a s3 bucket using the Splunk Add-on for Amazon Web Services. The cloudtrail logs are encrypted with kms. The...
View ArticleHow to use my eval search within a form input in my dashboard?
Hi, thanks upfront for your time, I have a dashboard with a form input "compare this week vs last week and "compare month with last month"Comparison:""This Week vs Last WeekThis Month vs Last Month I...
View ArticleMultiple single values colored by a different value
I've got a search that ends with something like this: | table category,available,total,percent I've currently got the table color coded by percent, which is nice, but what I really want is to have a...
View ArticleUpload failed with ERROR : Read Timeout for the log file for the generated...
Hi, I tried to upload the generated alert to Splunk with the function "Upload File" After few mins, it shows "Upload failed with ERROR : Read Timeout for the log file" . It could related with the...
View ArticleHow to generate a search that counts specific strings that occur in _raw data?
I have raw data events that contain the words "Request" or "Response" or "Offer". Each event will contain only one of these strings, but it will maybe have the string several times in the event. I want...
View ArticleHow to create a base search that retains multiple regex fields?
I have a dashboard that is built from 3 different searches. They all come from the same data so I would like to turn them into a base search for the page. However, each one of them has a different...
View ArticleIs it possible to have a dashboard with multiple single values colored by a...
I've got a search that ends with something like this: | table category,available,total,percent I've currently got the table color coded by percent, which is nice, but what I really want is to have a...
View ArticleHow to resolve error "Upload failed with ERROR : Read Timeout for the log...
Hi, I tried to upload the generated alert to Splunk with the function "Upload File" After few mins, it shows "Upload failed with ERROR : Read Timeout for the log file". It could related with the format...
View ArticleTrying to use subsearch to filter records
Looking at event data to run some eval commands... specifically on records with any "Status" value. Then once I get those events eval's done and narrowed down, I want to only see the events with...
View ArticleThreat list download failed - palevo_ip_blocklist download failed after...
Hi My ES threat list download is thru proxy server. Other threat list are being download normally. Only the palevo_ip_blocklist failed a while ago. Error message: INFO msg="A threat intelligence...
View Articlecan a HF be a deployment server & client ?
In a scenario where we have 2 x HF's that send data to a cloud instance. One of the HF's is a deployment server - can this also be a client ? so we can push out apps to both the remote HF and the local...
View Articleapp specific distsearch.conf replicationBlacklist is ignored but...
I'm using Splunk Enterprise **6.5.3.1** and I'm trying to exclude the lookups from the Splunk Security Essentials app using the following settings in distsearch.conf. If I add it to...
View ArticleCreate a evaluation in each end of month based in one field that is not _time...
Hi. I am indexing data from a ticketing tool. I need to see what tickets were opened at end of each month. I've done a initial charge of the database, because of this, I can't use the _time indexed,...
View Article