Clustered Single Value Map Not Rendering
I'm not sure what I'm doing wrong here. When I run my search, it shows up with results, I have checked the documentation for the visualization add-on, and I made sure that all of my values in my .csv...
View ArticleSplunk Supporting Add-on for Active Directory: inconsistent...
I currently have SA-ldapsearch v1.1.13 running on a search head with Splunk v6.5.2 I have a saved ldapsearch using `search="(&(objectclass=user)(!(objectClass=computer)))"` with a list of around 50...
View ArticleSavedSearchManager not finding cached saved search results
I have an HTML dashboard which was successfully working yesterday. It included the following SavedSearchManager... var search_example= new SavedSearchManager({ "id": "search_example", "cancelOnUnload":...
View ArticleStructured data (TSV) configured on UNiversal Forwarder with Transform...
I have some TSV files that I am forwarding with a Universal Forwarder. I have props.conf configured on the UF with the following for the sourcetype: FIELD_DELIMITER = \t HEADER_FIELD_LINE_NUMBER = 1...
View Articleabout internal log's date after server reboot
I recently updated the SH and indexer to 6.6.2. My server is in Japan time and the time zone of the splunk administrator user is also Japan time. And last week I had the opportunity to restart the...
View ArticleHow to append a total column for a column chart?
Hi, so I currently have a column chart that has two bars for each day of the week, one bar is reanalysis and one is resubmission. I want to add a third column for each day that does an average across...
View ArticleAfter a server reboot, why does the date of the internal log display as one...
I recently updated the Search Head and indexer to 6.6.2. My server is in Japan time and the time zone of the splunk administrator user is also Japan time. And last week I had the opportunity to restart...
View ArticleHow to set up a search head and indexer clustering from a standalone setup?
Hi, My current Splunk setup is 1- stand alone search 1 - master node 3 - indexer(clustering) Future Splunk setup 3- search head (clustering) 1- master node 3 - indexer (clustering) I would like to...
View ArticleRemove common words from two fields and keep unique values
Here is an interesting problem, I tried different approaches using regex, mvdbedup, coalesce etc.. it did not work. need guidance from experts. I have two fields field1 and field2 from a same event,...
View ArticleUncaught Error: Already have instance with id: in splunk
Hello Splunkers, I am showing some Splunk search data into table by 'TableElement' by splunk search id bind with 'TableElement' table manager id. search_query = new SearchManager({ "id": search_id,...
View ArticleAdd port 1521 to Splunk to connect to Oracle DB
Hi. Is it possible to add port 1521 so that Splunk can connect to database? Thank you.
View ArticleSplunk Monitor Stazas
Hi Team, We have a distributed environment with several forwarders managed by Deployment Server. Recently, I have configured few logs paths as below [monitor:///appl_*/logs/wserv/] whitelist =...
View ArticleSplunk indexing same data multiple times
Hi, We are getting same event getting indexed multiple times in Splunk. We tried using followTail = 1 for an application where files are not getting rotate. But it seems adding followTail is not...
View Articlesplunk db connect index1 out of range error
Hi, we useing db connect to read data from a MS SQL CMDB. We where able to create a valid connction and Identity. If we create a Batch Input they will be no errors but if we change to rising then the...
View ArticleUnable to follow Step 10 of Security Investigation Online Experience Endpoint...
Hi, I'm doing the exercise at https://www.splunk.com/blog/2017/05/13/steering-clear-of-the-wannacry-or-wanna-decryptor-ransomware-attack.html. Step 10 was to search for the following syntax:...
View ArticleAND STATMENTS - HOW DOES LIMIT THE DATA
Hi , I have just performed a search Using Database and file path as the items (DATABASE) (I:\\LOCATION\\AREA\\UK). This returns 1000000 Results I tried to QC my method by looking for the following...
View Articletwo action against source IP
I have top 5 source IP dashboard, I want to perform two action 1- when i select source IP it shoud go to external link 2- other two pannels(dest IP and dest_port) should be updated based on source IP...
View Articleexternal ULR link
I want to forward source IP to mstoolbox URL link : when it goes to URL windows the URL looks like below: https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a?q=$click_value$
View ArticleNot all Splunk cookies have the HttpOnly tag set
In the web.conf file we have following positioned: tools.sessions.httponly = True tools.sessions.secure = True In the server.conf we have: allowCookieAuth = true cookieAuthHttpOnly = true...
View Articlesendalert stopped working with error code 2
Hi guys, I've got a problem with my Splunk installation and I hope someone of you can help me to sort it out. I have a very simple installation (it's just one host) that collects some log-files and...
View Article