Splunk DB Connect 2: Why am I getting error "[name of my indexer] Script for...
Hey I am receiving the following error when attempting to run my database lookup using DB Connect 2: [name of my indexer] Script for lookup table 'mylookup' returned error code 1. Results may be...
View ArticleFalkonry Monitors and Predicts the Operating Conditions of Things: Is this...
I see how Falkonry is used to monitor the condition of physical things, like pumps, motors, etc. But can it also be used to monitor the condition of digital computing resources like disk drives,...
View ArticleHow to parse a time duration of the format "4s", "9.1ms", etc.
The default duration output from go (golang) is to use a single float with one or two characters identifying the unit, ex: 56.920404ms 4.61µs 45.1s etc. I can't seem to find a built-in way to convert...
View ArticleHow to calculate the daily change of a field value
Hi Splunkers, I need to calculate the daily value change of a field, and report on the daily difference. The field is just an event counter, that gets increased every time the event is triggered....
View ArticleFile Integrity Monitoring: How to search Read records where an individual...
I am trying to report on a File Monitoring report that picks up all operations such as Read, Created, Wrote etc. However, I only want to see Read records where the individual accessed a document. I do...
View ArticleREST API: Create Search, Dispatch, Get Status, and Results. How can I run...
Hi All, I am using the Splunk REST API (mainly search, savedsearch endpoints) to get data out of Splunk. Currently I am trying to do the following: 1. Create a saved search 2. Dispatch said search to...
View ArticleHow to find the IP address of the AWS(f5) data coming through port 9997 to a...
The port 9997 is enabled, data hitting the Heavy Forwarder. How to validate specific data and IP address?
View ArticleCan someone clarify how the map command is supposed to work or if I have made...
Hello, I am currently trying to do a search across two different sourcetypes using the map command: sourcetype=source1 "alert" | rename blahblahblah AS Machine | WHERE isnotnull(Machine) | eval...
View ArticleHow can I geo map out email activity from index=msexchange?
Newbie here with Splunk searching and regex... I've been tasked to geo map out email activity across the company based on user locations along with the top communicators. They already have data in...
View ArticleWhat is F5 data and how do we identify this on a heavy forwarder?
My head is going to blow up. What is f5 data, how to identify this on a Splunk heavy forwarder and make sure the heavy forwarder is configured?
View ArticlePosting to a receiver using REST API giving "insufficient permission to...
We are investigating how to create a Splunk log entry over the REST API via JavaScript. I'm posting the following event via the REST API: curl -k -u user:password...
View ArticleCan an element of a role in authorize.conf scoped to an app?
Can an element of a role in authorize.conf be scoped for a particular app? I have a local app where I would like to give "admin_all_objects" to all power users, but restrict that capability to only the...
View ArticleHow to search how much bandwidth a forwarder is using?
I'm trying to find how much bandwidth a forwarder is using and how many hosts are sending over the forwarder. I want to show it in a timechart that has the hosts' total bandwidth and then another line...
View ArticleUnable to login through Java SDK (400 BAD REQUEST)
Hi there, I am working on a java application for my company that is going to use the splunk java sdk to run some scheduled searched and then perform some other operations with the data that it receives...
View ArticleHow is the Distributed Management Console Physical Memory Usage(%) value...
We are currently running a distributed Splunk 6.2.3 infrastructure with multiple indexers. According to the Distributed Management Console Resource Usage, each indexer shows "Physical Memory Usage(%)"...
View ArticleHow do I select different sourcetypes for multiple logs coming from multiple...
How do I select different sourcetypes for multiple logs coming from multiple servers (no universal forwarders, using rsyslog.conf)? When I set up the input port, it only offers one type of sourcetype...
View ArticleI set my receiver to also forward data to itself by mistake. How do I remove...
I'm running 6.3.2 and when I did the initial setup for my receiver, I misunderstood the directions I was getting and mistakenly set the Receiver to also be a forwarder and a Receiver of itself. So I...
View ArticleWebsite Input: How far off is support for forms based authentication?
Hi, I'm sure I remember reading that form based authentication is in the pipeline? Am I correct and if so, when should it be ready? Thanks, Richard.
View ArticleHow to write a search to track the time when service assignment changes...
We have a system where, when a service name (a unique service name referenced by service=service_N where N=1 to 20) dies, it gets assigned to another host. To explain further... We have...
View ArticleHow to schedule a search to run every morning at 6:00AM?
Hi, We have a search that retrieves data for the last 24 hours and will send a CSV to an email distribution list. I am wondering if we can set up a schedule to have this search run everything at 6am. I...
View Article