Splunk Add-on for Tenable: issues with inputs (error message in Splunk )
Hi guys, Have some question: I have this errors for my inputs - "msg="A script exited abnormally input=/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py stanza=nessus://nessus_plugin status="exited...
View ArticleEval and multiple logic operators
Hi, Can anyone explain why the following dosent work? .... | eval suppress=if((hour >=10 AND hour <=12, "yes","no") AND (dest="x.x.x.x")) | where suppress="no" ... the idea being not to produce...
View Articleupdate lookup table column
I have a lookup table that has several columns as follows, with no data in the "Manager" column: ![alt text][1] I have an index that has two fields of interest: IP, Manager. The field IP in the index...
View ArticleOne master/searchead and one indexer
Hello So I'm trying to produce following topology. Where I have one master/searchead and one seperate indexer. I've set up the master and indexer. Data is being forwarded to the indexer and the indexer...
View ArticlePalo Alto App - Traffic Dashboard - Real-time problem
Just installed Splunk 6.6.3 and the Palo Alto App 5.4.2 on Windows server 2016. I'm facing an issue with real-time searches in the traffic-dashboard of the Palo Alto app. All relative searches like...
View ArticleFail connecting with ODBC to Power BI
Hi Splunkers, we get error while connecting to Power BI using 64 bit ODBC driver on Windows 2008 R2 like this: *The setup routines for the Splunk ODBC Driver. ODBC Driver could not be loaded due to...
View ArticleUnable to make several independent tab areas in a dashboard
We've created a dashboard with tabs using steps from this post https://www.splunk.com/blog/2015/03/30/making-a-dashboard-with-tabs-and-searches-that-run-when-clicked.html Now we need several areas with...
View ArticleWhy splunk taking apiStartTime='Thu Jan 1 00:00:00 1970' in spite of...
I have simple query which query the index to get the data in last 2 mints but i am seeing this query is failing because it took apiStartTime='Thu Jan 1 00:00:00 1970' Here is full detail from audit...
View ArticleCan I detect a deleted bucket when I enable data integrity on the indexes
If I configure a index with **enableDataIntegrityControl=true**, will I be able to recognize recognize a bucket which has been deleted with bad intensions to cover up something?
View ArticleNDV json freed parsin on splunk
I am trying to import JSON file on splunk enterprise, my sourcetype is below: CHARSET=UTF-8 INDEXED_EXTRACTIONS=json KV_MODE=none NO_BINARY_CHECK=true SHOULD_LINEMERGE=true TIMESTAMP_FIELDS=timestamp...
View ArticleImperva field not generating after installing add-on
After installing the add on, the imperva field is not generating the only thing that was added is the tag. How do I get it to generating extra fields?
View ArticleHow to display count of distinct values of one field by another field
Have this: search... | stats values(interfaces) AS Interfaces by circuit ![alt text][1] Thank you in advance! [1]: /storage/temp/215586-cusersv907863documents3.jpg
View ArticleHow to extract nested key value pairs from a specific JSON string field using...
I have JSON that looks like this. With the "message" field, there can be one or more key value pairs. How can I extract the key value pairs that are within the "message" field? { "severity":"INFO",...
View ArticleHaving troubles extracting a time stamp.
Hello all, I'm having an issue with my environment while trying to index a set of logs i get from a file nightly and attempt to process them. what is happening is splunk is not finding the timestamp...
View ArticleHow to Combine more than one macros in to a single macro
Hi All, i have 10 to 15 macros in my splunk. i want to use all of the 15 macros in to a single macro .. is there any possibilities or this use case FYI - All of the macro's are independent to each...
View ArticleSet multiple tokens using "condition match"
To set tokens, I have several "condition match" in a search but, if more than one condition is matched, only the first one seems to work. To simplify my use case:index=_internal | stats count by host |...
View Articlerest api option for compress file?
I want to set up a rest api call to https get request but this site will return a zip file instead of xml, jason , or text. Is there a way I could set it to index the zip file?If not, is there any...
View ArticleWhat are the capabilities of the "force_local_processing"
Does anyone know the full effects of the new option "force_local_processing "? How does it change the following information: https://wiki.splunk.com/Where_do_I_configure_my_Splunk_settings%3F What are...
View ArticleHow to combine 10-15 macros into a single macro
Hi All, i have 10 to 15 macros in my splunk. i want to use all of the 15 macros in to a single macro .. is there any possibilities or this use case FYI - All of the macro's are independent to each...
View ArticleXML help - collection isn't showing up in this navigation
We have the following code - For some reason the following doesn't show up - What can it be?
View Article