How to trouble event forwarding from forwarder to indexer
I somehow lost my custom stanza's on my forwarder for sending syslog data to my indexer. I noticed that my forwarder was missing those from the forwarder on the deployment server, so I added that back...
View ArticleWhere does Props.conf need to exist in a distrubted deployment
I think I need to push this from the deployment to each device or at least the forwarder and search head. I have 5 servers making up my SPLUNK Enterprise deployment, 1 SH, 1 FW, 1 DS, 2 Indexers. My...
View ArticleIssue with date parsing
I have an event like: {"app":"EventHub Service","caller":"kafka.go:110","fn":"gi.build.com/predix-data-services/event-hub-service/brokers.(*SaramaLogger).Println","lvl":"eror","msg":"Error closing...
View ArticleMetadata results may be incomplete: 100000 entries have been received from...
I have a query as follows **PART:-1** | inputlookup ABCD | search Forward="Yes" | table Region,IPHost, ip_address | rename Region AS my_region, IPHost AS my_hostname, ip_address AS my_ip **PART:-2** |...
View ArticleConfiguring Forwarders with Deployment server
All, I have a successfully deployed app based on the Splunk documentation on how to create "send_to_indexer" app. The client is checking in, but I'm unable to figure out how I can modify the client....
View ArticleUnable to load Custom Algorithm in Splunk ML Toolkit
I followed the link (http://docs.splunk.com/Documentation/MLApp/2.4.0/API/Registeranalgorithm) to load an algorithm MLPRegressor from scikit into Splunk. I did the entry in algos.conf as...
View ArticleDetails of Splunk 6.X Fundamentals Part 1?
1. How many attempts are there for the above course? 2. what is the duration of the certification course? 3. How many questions will be there?
View ArticleGetting F5 data into the data model of enterprise security
The F5 logs are sent through the syslog to Splunk. However, the messages are not likely correctly cut out because many fields are populated with the "unknown" value. How can we deal with this? What...
View Articlesyslog for splunk
Ive install syslog-ng on a standalone splunk instance but cannot get it running - ive looked at the following guide : https://www.splunk.com/blog/2016/03/11/using-syslog-ng-with-splunk.html using a...
View ArticleHow to Compare 2 fields from 2 sourcetypes and remove events that are the...
I have 2 Sourcetypes A and B with 2 important Fields SSN and Number. I want to compare all of the SSN and number's from Sourcetype A to Sourcetype B I then return Results that only show up in...
View ArticleHow do I tell if we are using Splunk Web?
I am using Splunk Enterprise 6.6.1 and there is a security vulnerability that exploits Splunk Web that is resolved in 6.6.3. I go to my services running and there is a "splunkweb (for legacy purposes...
View ArticleKinesis Flowlogs - Data not displaying in dashboards
We have a large number of separate AWS accounts that we are collecting VPC flowlog data from. Each of these accounts will push to a centralized account that has Kinesis streams deployed in all of our...
View ArticleKey-value pair extraction regex
We have some snmp data and want to extract the data as a key-value pair Sample var.12345.5.5 = INTEGER: 10 myTag::var.12345.5.9 = STRING: "abc" myTag::var.12345.5.3 = STRING: "admin"...
View Articledynamically set earliest from subsearch
Hi folks, been all over this site and google, not finding a working solution. I'm trying to perform a search using a subsearch to populate earliest= | tstats min(_indextime) as firstTime,...
View Articlehow to resolve the warning "Metadata results may be incomplete: 100000...
I have a query as follows **PART:-1** | inputlookup ABCD | search Forward="Yes" | table Region,IPHost, ip_address | rename Region AS my_region, IPHost AS my_hostname, ip_address AS my_ip **PART:-2** |...
View ArticleConnecting Splunk to Tableau Issue
I'm trying to connect Splunk to Tableau, so I can create Tableau visualization using all my Splunk reports. I am using Tableau Version: 10.3, and I installed Splunk ODBC: 2.1.1. I'm sure that I already...
View ArticleHow to combine multiple separate fields into one for graphing purposes
2017-09-12 12:31:11.817 INFO [RunMaster] stats: jif: 1, fif: 9, fim: 192, f2c: 183 paper: pc: 9129, uwr: n/a, rwr: n/a side-a: fa: 0, fmq: 0, fq: 0, fp: 96, #r: 49, frs: 0, f2f ms: 101, fb100 0.00...
View ArticleWhere can I find the complete documentation of configuration options for...
In the Forwarder manual (http://docs.splunk.com/Documentation/Forwarder/6.6.3/Forwarder/Abouttheuniversalforwarder), we have a section on "Configure the universal forwarder". It listed some example...
View ArticleDashboard to view a list of users belonging to a user AD group in LDAP?
I am trying to build a dashboard where I can have a drop down for the list of users and use them to view their AD group, roles and permissions. Tried rest query : /rest/services/authentication/users...
View ArticleHow many times can I take the final exam for the Splunk Fundamentals 1 course?
1. How many attempts are there for the above course? 2. what is the duration of the certification course? 3. How many questions will be there?
View Article