Compatibility between Splunk Enterprise and Cisco Security Suite?
I have splunk enterprise v6.5.0 and as i am planning to upgrade to 6.5.6 or 6.6.3 due to some issues, so just wanted to know that Splunk App for Cisco Security Suite v3.1.2 will be compatible with...
View ArticleIs it possible to anonymze/mask the data being sent from AIX servers to the...
We have installed and configured Splunk Universal forwarder 6.6.1 on AIX server. It is working fine and I am able to see the logs in Splunk Enterprise 6.6.1. However the splunk universal forwarder is...
View ArticleDBX query is running in real time while calling in side saved search.
I am using DB queries inside our saved search and when we are calling it in Dashboards, every time saved search is running DB query.Ideally it should run query in schedule time and give us data, which...
View ArticleRouting to index based on Regex extraction
Hi all, I want to know if it is possible to route data to different indexes based on the value of a regex dynamically. Example data: Department:Sec Team, Value=3, Date=12/12/2009 Department:Sales,...
View ArticleChart yes, timechart no? confused
Hello, I am using the following search: index="ips_snaplogic""postsales" lvl="ERROR"| spath| rex mode=sed "s/.*{/{/" | spath output=msg path=Detail.error.message.message | timechart count BY msg When I...
View ArticleHow to search unstructured log for all values in your lookup file?
Hi, I'd like to search our log for multiple possible errors from our lookup file: ![alt text][1] to return only the records containing in any field one of the strings in the Error column and show the...
View ArticleSplunk + Netflow (Riverbed)
Hi, Can someone direct me on what app I need to install to get data coming from my Netflow (Flow Export) appliance into Splunk Enterprise? I have installed a forwarder and set the deployment/receiver...
View ArticleBest way to index MYSQL entry in Splunk as soon as it appears in MYSQL
Hi Splunk community I have a MYSQL table where program A writes entries to it. Then program B deletes them after processing them. I want to index MYSQL entries in Splunk as soon as it appears in MYSQL....
View ArticleSPLUNK Dashboard refresh every 24 hours required (00:00 to 24:00 MST Hours)
Hi All, I have a SPLUNK search query which I run on a daily basis for the past day by selecting Date Range Between 09/18/2017 00:00:00 and 09/18/2017 24:00:00 i.e. for one complete day. I get some...
View ArticleNeed to eval date range instead of relative time from custom time field.
I am currently using this method to use date from custom field for relative time frames which only gives me 3 months. | eval NewTime=strptime(ProjCreatedDate,"%Y-%m-%d %H:%M:%S") | eval _time=NewTime |...
View ArticleCan we run multiple queries sequentially using single query
I have a scenario, where I need to 1) append results to .csv file. 2) Once I get csv file updated, I need to eliminate duplicate results from csv file and 3) performing lookup with the csv file I am...
View ArticleDBX Query Drill down form Events
I am looking for a way to create a custom drill down menu option from the Event tab on a specific field value. The example is shown below. When the user clicks on the Execution_ID field value I would...
View ArticleCan I make a search time field extraction from a piece of the file/source?
I need to create a field in splunk that is a portion of the file path, do I need to do that @ index time or can I do it at search time? I know the regex just dont know how to make a portion of source...
View ArticleExport of results from search screen results in "414 Request URI too long"
When attempting to export results from search the .csv that is created has no data and this html error in it:414 Request-URI Too LongRequest-URI Too LongThe URL your client requested was too long.
View ArticleDisable PAN App Wildfire Reports
Hello, The PAN App is running jobs every couple seconds reaching out for a Wildfire report but we don't have a Wildfire subscription. How can I disable these reports? Thanks,
View ArticleHow to replicate buckets into 2 indexes?
Hi all, I'd like to achieve this situation: - I've data ingested in one index and I want to replicate them on another index. Since manually moving bucket it's a safe operation, I tried to copy 1 bucket...
View ArticleDiag File failure
Hello All, I'm receiving the following error when I try to create a diag file; ./splunk diag Collecting components: app:splunk_app_db_connect, conf_replication_summary, consensus, dispatch, etc,...
View ArticleDownloading CSV files from external server for every hour.
**Here is my use-case**: For every hour, I need to download a .csv file from my server using REST API. Using Splunk, I need to index these .csv files **My Approach:** Wrote a Splunk modular input app...
View ArticleAverage time between two jobs.
Hi, Here is my search query; index=* sourcetype="WMI:WinEventLog:Application" SourceName="Investran RS Word Processing Service" Message=* | table Message , SourceName _time |dedup _time |sort -_time...
View ArticleNeed help with regex in props.conf
Hi all, Here is how my raw logs look. I need help with props.conf so that I can index by the second time field instead of the first one. Sep 19 12:45:19 129.106.x.x fdbsyslog: **timestamp=2017.09.19 -...
View Article