I have a field that stores a dynamic URL. It is always unique. I am clicking...
Example: "Report Link" instead of https://etc... I don't think I can use eval because the field is dynamic.
View ArticleCollect FTP and SFTP activity on servers via splunk
We would like to gather information on inbound and outbound ftp and secure ftp connections made to our servers from within our intranet. The message should be logged on the server logs. I need to know...
View ArticleGenerate Page Lookup fails. http_request field does not appear to exist.
I have green checks on everything except page lookups. I have tried dissecting the WA_pages lookup generation and found that http_request does not exist. Strangely, I get non-pageviews but no...
View Articleneed help in writing time prefix and time format
Hello All i have events like hn:keng01-dev01-ins01-rpt31.int.dev.mykronos.com|pid:3161|prod:iHub|****4145194752*licensekey.cpp*01640*07000**2017MAY22*09:40:13* Is PMD Using All CPU cores: Yes...
View ArticleHow to make a field extraction for my sample data?
I want to make a field extraction by the name of Action to show this whole text ,'update ggsourceadmin.monitor set ORACLE_TIME = CURRENT_TIMESTAMP WHERE TABLE_PK = 1',; how should I extract?
View ArticleHas anyone seen search returning different numbers of events after upgrading...
I upgraded our DMC (Distributed Management Console) to 6.6.0 last week, but everything else in our environment is still 6.5.3. This search returns different results on the 6.6 DMC than on the 6.5.3 SHC...
View ArticleIs it possible to count the number of times a field occurs within a transaction?
Is it possible to get the number of times a Field occurs within an event? I've read posts on how to arrive at unique values of a Field using mvcount. In my case however I have custom logging that...
View ArticleIs it possible for a universal forwarder to inject additional data into...
I have several universal forwarders (UF) monitoring files on both Windows and Linux endpoints. I would like to "inject data" into the stream of forwarded events that would be made available either by a...
View ArticleHow can I show customized hyperlink text on a dashboard instead of showing...
I have a field that stores a dynamic URL. It is always unique. I am clicking that link and it takes me to a report in a different platform. How can I show customized hyperlink text on the dashboard...
View ArticleHow to collect FTP and SFTP activity on servers via Splunk?
We would like to gather information on inbound and outbound ftp and secure ftp connections made to our servers from within our intranet. The message should be logged on the server logs. I need to know...
View ArticleSplunk App for Web Analytics: Why does the Generate Page Lookup fail and...
I have green checks on everything except page lookups. I have tried dissecting the WA_pages lookup generation and found that http_request does not exist. Strangely, I get non-pageviews but no...
View ArticleWhat is the ideal Splunk setup for log monitoring of different inputs?
How to determine if Splunk needs to be scaled horizontally or vertically? For logs up to 5GB from different inputs, what should be the ideal setup?
View ArticleWhy has using the rest command to search REST API stopped working after...
Hi, I used to periodically query the REST API using the search app in Splunk Web, something like so: | rest /services/deployment/server/clients/ | rename hostname as host utsname as os | table host os...
View ArticleListen in on search manager called two times
Hi, I want to delete an entry from KV-Store, and for that I have defined a search manager and on the dashboard I have a button called "delete". By clicking on the button I call the startSearch function...
View ArticleI cannot get splunk to ingest my csv files!
I have some csv files that have 30+ columns and I cannot get splunk to ingest them. I keep getting crc errors. I've tried to use crcSalt and initCrcLength but I keep getting the same error message...
View ArticleSplunk Add-on for Salesforce: Why am I not able to add Salesforce Event Log?
**I am attempting to configure the Salesforce splunk add-on per the instructions**: ![I am attempting to configure the Salesforce splunk add-on per the instructions][1]...
View ArticleMonitoring of Java Virtual Machines with JMX: How to resolve error "ERROR -...
I am getting below error trace in $SPLUNK_HOME/var/log/splunk/jmx.log when Monitoring of Java Virtual Machines with JMX (Splunk for JMX) is deployed on a Linux server where JAVA_HOME is pointing to...
View ArticleSet-up Page in Carbon Black Defense App just spins - what is wrong?
Hi. We just installed the Carbon Black Defense Add-on and are trying to configure it. The instructions say to go to Configuration->Set-up to enter some parameters. When I go to this page I just see...
View ArticleSplunk WMI Pull of Event Logs after Machine Wakes Up
I have noticed that Splunk Enterprise (6.5.3) will no longer pull events from a target machine via WMI if the machine (Win10 1607) has been asleep and subsequently awakes. In order to get events I have...
View ArticleMalware Operations datamodel population
Hi all, Does anyone know how to get any Malware Operations data from symantec into the data model? I'm surprised to see there is no "operations" tag at all in the addon. Does Symantec really provide no...
View Article