Removed users from LDAP authentication but didn't remove them from Splunk users
Hello, I see that there is documentation on this topic, but it is very unclear how it should be operating. So I am using LDAP authentication for Splunk and I removed a large group of users from my LDAP...
View ArticleHow to find difference in field total over time?
I have event data in below format: Sep 15 2017 07:06:07 app=yahoo dataconsumed=50 Sep 15 2017 08:16:07 app=skype dataconsumed=150 Sep 14 2017 10:26:07 app=facebook dataconsumed=10 Sep 14 2017 12:26:07...
View ArticleIndex configuration sanity check
I am setting up a multisite cluster, and this is the first time I have messed with indexes away from defaults. My goals: All data must be kept for 5 years. When a certain amount of data is in warm,...
View ArticleHow do I install the Splunk Security Essentials app?
Hello. Is there any documentation on how to properly install and configure the Security Essentials app? My setup is on CentOS and consists of a HF, IDX, SH, DS, and some universal forwarders. No...
View ArticleNot using chartTime or bucket -- i want to this query and it should display...
Mongo Collection Data : - Id : 1 StartDate : some date EndDate : Some Date X : Foo : “foo1’ Count : 10 Id : 2 StartDate : some date EndDate : Some Date X : Foo : “foo2’ Count : 5 Id : 3 StartDate :...
View Articleget percentage of eval case fields
I'm looking at a specific email recipient. I want to see the percentage of emails they receive from specific senders. I think my current query gets all the fields I need but I'm having trouble breaking...
View Articleare search terms are case sensitive?
search terms referred to as what exactly?? is that case sensitive/insensitive? can any one help on this?
View Articlepivot can work without search processing language?
pivot can work without search processing languages? it will work only with the data models/data sets like that.any one clarify this please..
View Articlehow do i find biggest losers and gainer in last 24 hours compared to 24 hours...
I have event data in below format: Sep 15 2017 07:06:07 app=yahoo dataconsumed=50 Sep 15 2017 08:16:07 app=skype dataconsumed=150 Sep 14 2017 10:26:07 app=facebook dataconsumed=10 Sep 14 2017 12:26:07...
View ArticleSlack Webhook Alert - Token for Inline (table)
Hi, In my email alerts, the option Inline (Table) is checked. What is corresponding Splunk token i need to use to display this in the Slack Message.
View ArticleAfter installation of splunk enterprise got localhost error and not able to...
After error deleted the splunk folder and trying to install again but now not able to install
View ArticleHow do I use the username in events returned in a search of Index "A" to look...
#####This part of my query gets me on the street I want to be on for this report###### index="A" | rex mode=sed field=User_Full_Name "s/ //g" | eval User_Full_Name = LOWER(User_Full_Name) | rex...
View ArticleSplunk Stream split separate events for persistent tcp stream or Disable...
Hi Everyone, I am using splunk stream. Packet stream to capture data from source and destination content fields. For a persistent TCP connection i just cannot seem to break/split in separate events or...
View Articlehow find difference between table rows
I have results in following table format: half app_name dataconsumed ----------------------------------- first_half skype 50 first_half facebook 90 first_half yahoo 10 first_half bing 30 second_half...
View Articlechain 2 search queries and get the earliest and latest of different fields
search string1 - [ field1 ] search string2 [ field1 field2] search string3 [ field1 field2] I want the results of search string 1 to be matched with search string 2 by the common field (which is field...
View ArticleHow to install R Analytics on Windows?
Kind of answer to my question: On Windows the App also runs (partially?) as follows: Install latest R-Studio, there Tools > Install Packages: OpenCPU, then run the R command:...
View ArticlePredictive analysis using linear regression and kalman filter
Hi All, I am trying to predict cpu utilization of servers using Machine learning toolkit app of splunk, during the use of this app i found "predict numeric field" showcase using Linear regression...
View Articleterminate called after throwing an instance of 'FileAccessException'
One of our forwarder hosts oftenly encounters error below based from the crash log/splunkd_stderr.log terminate called after throwing an instance of 'FileAccessException' what(): Failed to get file...
View ArticleSplunk Independent Stream forwarder - Can we control the balance of data...
So I have recently installed Splunk independent stream forwarder as per the current [documentation][1] This works great and I can use it to collect netflow data, however the default setup stream HEC...
View ArticleAdd capacity to indexer cluster
Hello guys, we have 3 'hardware' indexers in a clustered environment (RAID), all physical disk slots are full , replication factor 3 and may be running out of space in a near future. So is it possible...
View Article