It is ok to connect splunk to a MS SQL server running on dynamic port?
I tried to connect Microsoft SQL to Splunk by DB connect app. However, the TCPIP port 1433 refused the connection. The MS SQL server is running on dynamic port. there is no firewall to stop the...
View ArticleSplunk add-on for service now
Do you know by default which date time data will be used as event time data? For example, service now incident could have many date time data, like created time, resolved time, closed time, updated...
View ArticleTopology Visualization
I want to visualize network between each servers. But I could not find a visualization app like I'm looking for. The visualization of the topology of aws' app is fairly ideal, Is there no app that can...
View ArticleDo we have duplication of data problem for Cisco firepower/IPS?
This is our environment 6 Splunk servers 1) splunk01 – Ad HOC Search head used for standalone searches 47.14 GB Physical Memory, 10 CPU Cores 2) splunk02 – Enterprise Security Search Head has...
View ArticleCannot View data in Splunk Console
Hi I am new to Splunk and we have to complete POC . We have two server : Server A ( Index Server where Splunk Enterprise is installed ) and Server B where we have installed Forwarder and configure it...
View ArticleI require rex which stops serach on first match of word in string.
I have below raw text. \"LDCAccountNumber\":\"4346780895\",\"BudgetBilling\":\"N\",\"TaxExempt\":\"N\",{\"field\":\"BudgetBilling\", I have created rex **( rex...
View Articlehow to display the date,day and count for the result but those data for the...
**My Query:** | tstats count where index=p___ AND error* by sourcetype,_time span=1d | eval count=tostring(count,"commas") |eval Day=strftime(_time,"%A") | eval Date=strftime(_time,"%m-%d-%Y") | stats...
View ArticleNavigation menu item disappears for custom app
Hello All, We have created a customized app in splunk 6.4.2, menu items are PDashboards & PReports. There are many dashboards under PDashboards as a drop down menu and same with PReports. When we...
View ArticleC# SDK Saved_Search
I am making a call to SavedSearches.GetAllSync to retrieve all my searches, I throw an exception but the exception is action.customsearchbuilder.enabled.
View ArticleStats cannot generate alerts?
I am trying to generate alerts. I have a search query as index=abc-index host="XYZ123*" collection="AppServer:OrderTracking" counter="Avg. Order Save Time" earliest=-1h | stats avg(Value) as avgs by...
View ArticleMonitored file indexed twice, How do I get it to only index once?
I have multiple monitored csv files that are created every day at different times on a single server with a Universal Forwarder. Old files are deleted and completely new files are created. Each file is...
View ArticleWhat should be the best practice sourcetype for estreamer events?
What should be the best practice sourcetype for estreamer events? We have our cisco firepower manager forwarding logs to splunk enterprise search head and the current events show their index as...
View ArticleIs it possible to create a multivalue field out of fieldnames with a specific...
Hi, is it possible to create a multivalue field out of fieldnames with a specific pattern? Let's say we have several *product* fields in an event: productA=20 productB=50 productC=100 ... Can we create...
View ArticleResponse Time capture and count
I have a below SPLUNK event: ns=app1 Service='trigger1' id=100 ActNo='101' ServiceType='REST',ResponseCode='200',ResponseTime='322ms' I want to extract all the events where ResponseTime>1000ms....
View ArticleHow to send same data source to two or multiple indexes .
Consider I have to monitor below log file and send to two or multiple indexes at the same time. ( NOTE: Not indexers groups) [monitor://D:\test\test1.log] sourcetype = test index = online and offline...
View ArticleHow to expand columns with mvfields if count of values are different for each...
I ll show example it's much easier than explain: index=* |eval Flight=mvzip(date,route,"/") |eval Passenger=mvzip(Last,Name,Seat," / ") |table _time,Field1,Field2 In one event we can find one or two...
View ArticleSearching Accelerated data models
I'm trying to search my accelerated data model for process performance (standard CPU / MEM / IO). The data is standard linux / windows process data, but when I add the `summariesonly=true` there are no...
View ArticleHow to extract the host name and database name
Hi, I would like to extract the Host Name and Database Name from the below string. URL : jdbc:sqlserver://WBMSSQLOPSD1:5800_databaseName=OPSActivities_dev search | rex field=Host...
View ArticleWhat does each "AdmonEventType=Update" actually do?
Hello everyone. I'm using the Splunk app to monitor active directory, and trying to understand what each "AdmonEventType=Update" actually does. Is there a way to know with these events what was changed...
View ArticleIs there a way in Splunk universal forwarder to set CPU and Memory...
We have more than 3000+ forwarders in our environment. Few weeks back unix team has published a report showing all the top process that consume more cpu and memory usage. Splunkd was among the top 3....
View Article