REST API option for compressed file? Can I index a zip file?
I want to set up a REST API call to https get request but this site will return a zip file instead of xml, jason , or text. Is there a way I could set it to index the zip file? If not, is there any...
View ArticleWhat is the manifest file and is there an issue if it is missing?
Sounds like I have a manifest file/hashing issue that appears whenever I restart splunkd on an endpoint, like the following: # ./splunk stop Stopping splunkd... Shutting down. Please wait, as this may...
View ArticleSplunk Add-on for Imperva SecureSphere WAF -- Help with generating fields
After installing the add on, the imperva field is not generating. The only thing that was added is the tag. How do I get it to generate extra fields?
View ArticleHow can I create a column that counts how many Field Bs there are per Field A?
Have this: search... | stats values(interfaces) AS Interfaces by circuit ![alt text][1] Thank you in advance! [1]: /storage/temp/215586-cusersv907863documents3.jpg
View ArticleWhen I sent JSON data from kafka to Splunk over TCP it shows up as...
I am trying to send json format data from consuming from kafka to Splunk forwarders over TCP.. - If I send json data from kafka {"a": "b"} over tcp (I have a module that sends json to tcp on port 9999)...
View Articlesplit event into multiple events using SPL
Hello, a beginner question. I've a search query that produces a single JSON even such as this: { Error/type/0 : type_value0 Error/type/1 : type_value1 Error/type/2 : type_value2 Error/desc/0 :...
View ArticleHow do I send Cisco Meraki FW logs?
I am trying to send logs from Cisco Meraki FW to our Splunk instance. No universal forwarder is on the FW. Can I still have the logs sent to Splunk?...would it be on port 514 or 9997? Thank you
View ArticleWhy is my sourcetype on the indexer when I import a JSON file?
I am trying to import JSON file on Splunk Enterprise, my sourcetype is below: CHARSET=UTF-8 INDEXED_EXTRACTIONS=json KV_MODE=none NO_BINARY_CHECK=true SHOULD_LINEMERGE=true TIMESTAMP_FIELDS=timestamp...
View ArticleHow can I turn this JSON event into a table with various fields?
Hello, a beginner question. I've a search query that produces a single JSON event such as this: { Error/type/0 : type_value0 Error/type/1 : type_value1 Error/type/2 : type_value2 Error/desc/0 :...
View ArticleHow to display calculated fields as part of same graph
Hello, I'm attempting to display three calculated fields (total_meeting_hours, total_use_no_meeting_hours, and hours_not_in_use) as a part of a pie chart. Each of these fields should represent a...
View Articleis it possible to set a timestamp to year value only?
Hey everyone, i know Splunk is only for machine data, but I was trying to use it for some other non-machine data that only provides the year as the time-stamp. Is there any way to configure the...
View ArticleAccidentally Removed the admin role, now my admin account won't work.
While trying to create another admin role, somehow I removed all the capabilities from the original admin role. Now I cannot do anything as admin. Is there anything I can do as root on the splunk server?
View ArticleSplunk Deployment Migration
We are migrating datacenters and the current virtual deployment server has been replicated to the new facility. I can bring it up, change the IP and hostname but is there a central way to redirect...
View ArticleWhere can I find the internal logs of the service which is having the version...
Hi, I'm trying to find the var/log/splunk/ folder logs to check the errors and warning but in the older versions splunk 5.0.1 I'm not able to find any of the logs can anyone please address me at this...
View ArticleEliminating rows from stats output
I created the following search to audit the changes made to our network infrastructure: `(index=ise Protocol=Tacacs MESSAGE_CODE=5202) OR (index=acs process="Tacacs-Accounting" MESSAGE_CODE=3300)` `|...
View ArticleIs it possible to set a timestamp to year value only?
Hey everyone, i know Splunk is only for machine data, but I was trying to use it for some other non-machine data that only provides the year as the time-stamp. Is there any way to configure the...
View ArticleIs there an easy way to redirect existing universal forwarders to a new...
We are migrating datacenters and the current virtual deployment server has been replicated to the new facility. I can bring it up, change the IP and hostname but is there a central way to redirect...
View ArticleWhere can I find the internal logs in the Splunk 5.0.1 file directory?
Hi, I'm trying to find the var/log/splunk/ folder logs to check the errors and warning but in the older versions splunk 5.0.1 I'm not able to find any of the logs can anyone please address me at this...
View ArticleStats table manipulation
I created the following search to audit the changes made to our network infrastructure: `(index=ise Protocol=Tacacs MESSAGE_CODE=5202) OR (index=acs process="Tacacs-Accounting" MESSAGE_CODE=3300)` `|...
View ArticleField showing an additional and not visible value --"none"-- under timestamp...
Hi all, I have a problem with a field call "timestamp". I have created a custom python script and added as "Data input". The script is executed every 5 minutes and makes an API call, parse the json...
View Article