Receiving error credentials updating failed on host 127.0.0.1:8089
Hi All, I am facing an error while updating the credentials in Credentials Management store of ES. While adding the Username and Password an error pops up with the below statement "credentials updating...
View ArticleGetting syslogs from Avamar
Hi at all, I'm trying to get Avamar logs by syslog (UDP). The problem is that every time Avamar sends an event log, I don't receive in Splunk the last event, but the previous; to have the last event...
View ArticleSplunk Add-on for Microsoft Cloud Services: How do I get data from "hidden"...
I am trying to use the Add-on for Microsoft Cloud Services to retrieve metrics for storage accounts....
View ArticleWhat about same Bucket ID into storage volume shared by two indexer?
Hi All, I have a question. Imagine an architecture of two indexer and a universal forwarder that send data in load balancing mode toward them. The indexers are configured to store data into a volume...
View ArticleHow to index data from a Form?
I have a requirement to collect data from user and insert into Splunk index for further use. This is like the web page where many questions are asked with answer in the dropdown list. User have to...
View ArticleThe 'role' field is missing in SAML response
While accessing splunk through Onelogin, i am getting a error message on the splunk login page as "The 'role' field is missing in the saml response from the IdP. Fix the configuration in the IdP to...
View ArticleHow expand two related mutli value fields ?
Hi, I'm trying to analyze some data that contains two related multi value fields that i want to expand. What i have looks like this: field #1 field#2 field #3 green 1,2,4 one,two,four blue 7,6...
View ArticleChanging an app's name on Search Head Cluster
When changing an app's name via the Splunk web interface ('Manage Apps' > 'Edit Properties'), the app's name is only changed on the search head cluster node on which I'm working. When running...
View ArticleSplunk_TA_nix vmstat stopped working as expected on RHEL 7.2 - how to fix?
Hello, we had the Splunk_TA_nix running for some weeks now. We are using the vmstat input and it worked as expected. But it stopped working. Now only the header line is indexed. There is no data after...
View ArticleDeveloper License
Hi , The below line is pasted from developer license page. "You want to build applications that work on top of Splunk platform, then you need a license to Splunk Enterprise software, which is our...
View ArticleHow to modify default fields in Trend Micro Deep Security for Splunk?
Hi, I'm receiving syslog flow from Trend Micro Deep Security. After installing the app for Splunk, I would like to check how the fields are populate by it. I've got an issue with the field...
View ArticleIs it possible to mount /opt/splunk/var/run to RAM storage?
Hi, Some time ago we mounted /opt/splunk/var/run/splunk/dispatch on our search heads to RAM storage to increase performance. This seemed to have worked just fine, and performance was indeed increased....
View ArticleHow does Splunk Universal Forwarder behave for load balanced deployment...
one of the customers have a situation whereby there are 1000's of clients with Universal Forwarders in multiple network zones , trying to reach Splunk Heavy Forwarders which are also in multiple...
View ArticleFor all occurences, get the duration of a value dropping below a threshhold
I have events that show signal strength. What I want to do is determine the start_time, end_time and duration of any period where the signal strength drops below what is considered 'normal'. My events...
View ArticleBirthday attacks against TLS ciphers (Sweet32)
Was Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32) fixed in Splunk Forwarder version 6.6.0?
View ArticleIs there any limit for adding no of users for a single personalized splunk...
can anyone please clarify whether we can deploy splunk enterprise instance on AWS.
View ArticleTrouble ingesting multi line VB script output
Currently we are using VB scripts to query the WMI namespace within windows for data collection I have written a simple script to pull filesystem information in csv format. The issue is that Splunk...
View ArticleCustom Splunk search command only returns 100 results
Hello, I'm writing a custom Splunk search command that runs a query on another Splunk host, then returns those results. Unfortunately, no matter what inputs I use in the search or arguments I change...
View ArticleInject data into existing log stream?
I have several universal forwarders (UF) monitoring files on both Windows and Linux endpoints. I would like to "inject data" into the stream of forwarded events that would be made available either by a...
View ArticleCan I add events to a transaction?
I have a transaction based on a bunch of events from a common source with a common transaction ID, something like |"search" | transaction by tid This will get me results like 2017-04-11 04:20:32,502...
View Article