how can I find out if splunk is ingesting the already indexed data from...
Our environment 2 Indexers which are also our syslog servers, 1 License Server, 1 Search head, 1 Enterprise security app installed server, 1 Deployment server We have the syslog folder under...
View ArticleIncident priority is always Informational
All of my incidents post with a priority of **informational** regardless of how the alert is defined. Just defined a Test alert with Impact **High** and Urgency **High**. Using the default alert...
View ArticleHide and Show Input Dropdown Based Upon Another Input Drop Down
I have two different dropdowns and i want to hide and show second dropdown(category) based upon of first selectoin. Tried below way, but not working. If choice site is selected second dropdown...
View ArticleSplunk add on for New Relic is not able to connect to Splunk server, getting...
HI, I have done proxy configuration on Splunk add on for New Relic where my proxy setting and Account ID , API key all are corrected, log shows unable to connect to proxy as below - 2017-09-12...
View ArticleHow to query a lookup table using the REST API
Hi guys, I have a Splunk scheduled search which is producing a list of URLs that need to be used by another system. The other system has to access the list using http/https protocol. Now, what i'm...
View ArticleSplunk UniversalForwarder Restart
I will have a dashboard which will show the list of servers which is not sending the logs and i will have "Button" against to that servers and when the user clicks the button the respective universal...
View ArticleDMC and dual purpose Splunk server
I have an indexer and universal forwarder on the same server. The reason for this is that the connection from the indexer to an upstream indexer loses connectivity due to the type of connection and,...
View ArticleHost Regex Help
Hello All, I really need to get good at regex and learn to do this myself but alas there are so many other things that seem to be a priority right now. I have the following log file names....
View ArticleSplunk Db connect Time stamp issue?Also we are receiving duplicate logs ?
09-12-2017 11:07:02 event_time="2017-09-12 14:59:41.8203496", Here we are seeing data we have two time stamps.event_time as Epoch format .Please help ??
View ArticleCan you get metadata from an alert or report in search?
I'd like to run a search that would give me the metadata for all reports\alerts (creator, app, schedule, etc.) so that I can view all of this information on a single page. Is this possible? The main...
View ArticleSuccessful and Fail Tableau Extracts
We have integrated Tableau with Splunk, I am setting up a Splunk dashboard which will give any user information on the dashboard of which extract ran successfully/Failed during the pass 24 hours. I...
View ArticleHow to Trim string at @ - need help creating rex search
Hello, I cannot figure out the syntax of the rex function. I have a field called email with multiple domains: katz.r@blah.com example@blahblah.com. I need to create a new field where just katz.r and...
View ArticleSophos Central app for Splunk: which Splunk logs should I check to find errors?
Hello, I've installed, configured, and fixed the typo in sophos_events.py, but the app is not pulling data from Sophos Central/Cloud. Are there any debug settings that can be set, or which Splunk logs...
View ArticleDrilldown on a timechart dashboard
Hi, I have a problem to execute a drilldown on a timechart dashboard. My source dashboard is generate in the below way: source="SDC_GUI_DEN_ER_V" | timechart span=1d count I have to click on the date...
View ArticleWhy is the "Splunk Add-on for CyberArk" not supported in version 6.6?
Per the release notes the "Splunk Add-on for CyberArk" is not listed as compatible with Splunk Enterprise Ver 6.6. Why is it no longer compatible?
View ArticleSplunk DB Connect: Time stamp issue and duplicate logs
09-12-2017 11:07:02 event_time="2017-09-12 14:59:41.8203496", Here we are seeing data we have two time stamps.event_time as Epoch format .Please help ??
View ArticleRegex to extract from start until a specific character
I have a test field in a CSV called description: Completed changes are not shown as complete in channels for a while Actualstart: 2017-05-15 06:40:34 I want to extract everything from the start of the...
View ArticleSearch that shows which extract ran successfully or failed
We have integrated Tableau with Splunk, I am setting up a Splunk dashboard which will give any user information on the dashboard of which extract ran successfully/Failed during the pass 24 hours. I...
View ArticleLookup File Editor in Search Head Cluster - "The requested lookup file does...
Hello Splunkers, I Tried installing the latest version of the lookup_Editor app on our Search Head Cluster. Accessing the lookup files in the editor gives me the following message "The requested lookup...
View ArticleITSI: data ingestion/indexing rate - do I need to limit this if KPI is in...
With ITSI, in view of KPI search is in minutes time scale, do I need to limit the data ingestion/indexing rate? Since ITSI KPIs are normally scheduled to search in 1, 5, 15 minutes interval. When...
View Article