How to forward logs with Splunk Forwarder for the files with no header and...
I have a splunk forwarder setup already on my host. I have certain files on folder (/tom/mike/). File names are starting with Back*. The content of file may in one or multiple line. There are multiple...
View ArticleForward all the data to another Splunk Instance
Hello Guys, i need help to solve an issue. I have 1 Splunk Enteprise installation in one place, and another Splunk enterprise in another place but in the same network segment. Would be possible to...
View ArticleClear input token prefix and suffix for Drilldown use
Dear support I have a simple XML form in which a Dropdown input controls the content of a dashboard table. This dashboard table drills down to another form. The search on the table is done by matching...
View ArticleExecution of search strings stored in an external DB.
Hi, I have stored a few search strings in an external DB. I want to automatically fetch and execute those search strings on Splunk. The fetching part is done, but executing those strings automatically...
View ArticleFailed to start indexer service due to "Cannot disable indexes on a...
Here are the error logs. 08-07-2017 05:44:10.836 +0000 INFO DatabaseDirectoryManager - idx=wineventlog Writing a bucket manifest in hotWarmPath=‘/usr/local/splunk/var/lib/splunk/wineventlog/db’,...
View ArticleSaving alert artifacts for the defined time periods.
Hello splunkers, I have some scheduled alerts with a notification via email if one of the alert triggers. I'm tying to set the different scheduled job ttl period by each one. I'm confused the...
View Articlediag を生成しても、デフォルトで lookup ファイルが含まれない
Splunk ver. 6.5.0 以降の Splunk サーバーで diagを生成したところ、lookup ファイルがデフォルトで diag内に見つかりません。 これは製品の不具合でしょうか。
View ArticleExpected result not found
Hi, I tried to retrieve data from Splunk through Splunk ODBC driver. Hence I have executed the below query. But I got empty result (i.e., Empty DataTable has been return). string query = " select...
View ArticleFind values that only match a specific list of values and nothing else
I am working with an event log from an email system where all the different recipients of an email are being listed and I have taken that field from a single value field to a multivalue field. What I...
View ArticleCan I check that a transaction does not contain more than 1 arbitrary field?
I have a log that tracks fruit names (Ok, not really, but let's go with that) over the course many log entries comprising a session. All valid session contain exactly 1 banana and 1 orange, and may...
View ArticleHow to see also events with no findings based on lookup
Hello, as a Lookup I definded a List of locations and servers location, servername Paris, Server1 Paris, Server2 Madrid, Server3 Madrid, Server4 Milano, Server 5 in my sourcetype=serverevents I do have...
View ArticleSnort Field extraction from Syslog messages
I am looking to parse Snort fields from syslog. The host is currently parsed as SNORT which is correct but the sourcetype is syslog which needs to be changed. Any thoughts on how I can change the...
View ArticlePort redirection in heavy forwarder
Hi Is there any way to do port redirection from Search Head GUI using the app's inputs.conf file. My data source is sending udp logs on port 514 and it is already assigned to a different source type. I...
View ArticleSplunk Admin Role- unable to change app visibility.
Hello community, I have splunk admin role on splunk GUI, I access Splunk from web which is hosted on remote machine. However, I don't have access to remote machine to manually change any configuration...
View ArticleBucket number exceeds maxHotBuckets value
Hi, In my splunk configurtation I have defined the maxHotBuckets to default value, so 3. When I monitor my indexers I see that the number of Hot buckets exceeds the value 3. Can anyone explain me why...
View ArticleHoneyD integration with Splunk
HoneyD is a honeynet that allow you to simulate thousands of virtual machines from one machine. These machines can be configured in certain ways to look vulnerable and when scanned etc. they send...
View ArticleHow to drilldown in pie chart based on the selection made
Hi , I have a pie chart with different dataservices and its size percentage. I am trying setup drilldown for each of these dataservices. Like if DB2 clicked, it should take me to DB2 database size...
View ArticleHow to clear a threat download warning?
A few days earlier a couple threat intelligence downloads have failed, back since then they are OK. However, I'm getting a warning message continuously on the web gui in the "Messages" anytime I log...
View ArticleSmart search by default
Hello, is it possible to set 'smart mode' search for all users in a search head cluster, if yes, how? Thanks.
View ArticleCreate template with custom Icon
Hello, I am trying to create an app template with an already set app icon. For this I've created the template directory in *$splunk_home$/share/splunk/app_templates* and put all four necessary appIcon...
View Article