If I put in an iframe or embed a Tableu workbook in Splunk 6.3, will the...
If I put in an iframe or embed a Tableau workbook into Splunk 6.3, will the incident management tool take point data from tableau as well?
View ArticleHow to migrate to a new deployment server?
I created an "app" on my old deployment server in `etc/deployment-apps/` called deployserver, and in it, created the local directory, and in that created deploymentclient.conf. Deploymentclient.conf...
View ArticleIs there a way to hardcode a dashboard drilldown link in Javascript?
Hola! I ran in to a minor "drilldown" problem with one of my dashboards once we upgraded from 6.0.x to 6.2.5, and am looking for some insight on possible fixes. **High Level:** We use a custom Splunk...
View ArticleSplunk Add-on for Cisco UCS: How to use Domain account to log in?
Hi, I am trying to configure Manage for Cisco UCS in Splunk Add-on for Cisco UCS, but my UCS account is domain user. I tried to use `DOMAIN/user` or `user@DOMAIN`, but the authentication is failing...
View ArticleHow to separate fields into events based on value
Hi all I've been trying to separate the values of a stats table that looks similar to what i have below. I've used different variations of the mvexpand command, however, the problem I face when I try...
View ArticleWhy am I getting error "Unable to initialize workflow information: Ignoring...
HI All, We can't use "Field Extractor" with only one index: We always receive the same error: "Unable to initialize workflow information: Ignoring unknown index 'iop')" Stacktrace: Traceback (most...
View ArticleWhen concatenating a field across rows into a single string, the...
This is an add-on to a previous question which was answered correctly: https://answers.splunk.com/answers/318322/how-can-i-concatenate-a-single-fields-value-across.html The above answer works...
View ArticleHow to edit my search to show percentage instead of count on chart count?
Looking to switch the output from count to percentages on the search below. For example, they a looking to chart what percent of "cart API calls" are timeouts. Anyone have any suggestions on how to...
View ArticleWhy do my indexers in my indexer clustering environment have a different...
I just deployed Splunk in an indexer cluster deployment, and I've noticed that my indexers have a different number of buckets. Shouldn't they have the same number of buckets since the data is...
View ArticleWhy did searches stop returning results after enabling the Distributed...
After enabling the Distributed Management Console on an Enterprise Security (ES) search head, searches stop returning results. The following additional behaviors were also experienced. 1. Navigation to...
View ArticleSourcefire estreamer max version
I don't see any mention in the TA-sourcefire documentation that estreamer 5.4.0 is supported. Has anyone tested this? If so, can anyone confirm whether this does/doesn't work? Many thanks!
View ArticleDeployment server not updating apps
I just setup my first Splunk Deployment server. I'm trying to get used to how it works, and how to manage it. In an attempt to K.I.S.S. I decided that my first app that I would deploy and manage would...
View ArticleQualys App for Splunk Enterprise error
Has anyone run into this error with the Qualys App for Splunk Enterprise. QualysSplunkPopulator: 2015-10-21T22:27:46Z PID=13273 [MainThread] INFO: QualysSplunkPopulator - Parsing knowledgebase XML...
View ArticleWhy am I unable to set up logging to debug my python script?
Hello, I am trying to activate the logging in order to debug my python script. I have followed the documentation located at: http://docs.splunk.com/Documentation/Splunk/6.3.0/AdvancedDev/ModInputsLog...
View ArticleHow to automatically upload CSV files to Splunk monthly?
Hello, I would like to upload automatically CSV files in monthly manner. Data should be normally indexed and go to specific sourcetypes (not talking here about lookup tables) What would be the best way...
View ArticleHow to convert several custom time formats to a single format?
I have log lines stating service up/downtime in several slightly differing human readable formats where the hour and min suffixes can be either hr|hrs and min|mins. For example: 28hrs:22mins:21sec...
View ArticleUsing Splunk DB Connect 1, how can I enrich my search results by inserting...
I want to be able to enrich my Splunk search results using data in a MySQL database. Where the 'hostname' field in my Splunk search results matches the hostname field in my database, I want to insert...
View ArticleHow do I move a dashboard I created in the Cisco Security Suite App to appear...
I have created a dashboard in Cisco Security Suite App. It was saved under Splunk for Cisco Security > Dashboards. How can I move it so it appears under Network Security menu?
View ArticleAttempting to use rex to extract a session id, how to deal with special...
I need to extract a session ID out of events, but the special character is causing me problems. Example: Oct 22 08:33:30 192.168.7.251 postfix/smtp[76654]: 67BE5D1332D0A82F: System: MTA, Source...
View ArticleHow to debug why we are missing scheduled alerts for a certain period of time?
Hi all, Last night I noticed that none of our scheduled searches ran between 2-6:30am. Looking in the scheduler.log file, I just see a gap between that time with no entries. The scheduler appears to be...
View Article