How to edit props.conf to cope with two different time values in log file
Hi All, I have created an index and sourcetype for two logs files. I have set up my props.conf to extract the date/time and separate onto one line, however one of my logs has a colon after the time and...
View ArticleDBX query is running in real-time while calling inside saved search.
I am using database queries inside our saved search and when we are calling it in dashboards, every time saved search is running DB query. Ideally, it should run query during scheduled time and give us...
View ArticleLenel OnGuard Add-on for Splunk: Failed to initialize pool: Login failed for...
Any Guidance on connecting the add-on? Have a local SQL account credentials on the server. Initiating the app shows Unix related server metrics?
View ArticleWhen I use timechart, I get a visual. When I use chart, no results. Any idea...
Hello, I am using the following search: index="ips_snaplogic""postsales" lvl="ERROR"| spath| rex mode=sed "s/.*{/{/" | spath output=msg path=Detail.error.message.message | timechart count BY msg THis...
View ArticleWhy doesn't the Splunk Add-on for Symantec DLP use the Data Loss Prevention...
The app seems to only use the tag "alert" whereas the model uses "dip" and "incident" (http://docs.splunk.com/Documentation/CIM/latest/User/DataLossPrevention). Obviously I can add the tag, but it...
View ArticlePalo Alto Networks App for Splunk: How do you disable Wildfire reports?
Hello, The PAN App is running jobs every couple seconds reaching out for a Wildfire report but we don't have a Wildfire subscription. How can I disable these reports? Thanks,
View ArticleError message when creating a diag file
Hello All, I'm receiving the following error when I try to create a diag file; ./splunk diag Collecting components: app:splunk_app_db_connect, conf_replication_summary, consensus, dispatch, etc,...
View ArticleIndexing a CSV file from a server using REST API and Splunk SDK
**Here is my use-case**: For every hour, I need to download a .csv file from my server using REST API. Using Splunk, I need to index these .csv files **My Approach:** Wrote a Splunk modular input app...
View Articlerex field extraction does not work once moved to field extraction
I am parsing data from a trap def as follows: ======================== Trap attributes ========================= Timestamp: 'September 19, 2017 6:56:50 AM CDT' Agent: '10.10.54.xxx' Enterprise OID:...
View ArticleRenaming table column names
Hello, When creating tables, i have noticed that if i start renaming fields - for display clarity purpose - like for example "src_ip" to "Source IP", i can't drill down to the original log (search runs...
View ArticleHow can I get data coming from my Netflow (Flow Export) appliance into Splunk...
Hi, Can someone direct me on what app I need to install to get data coming from my Netflow (Flow Export) appliance into Splunk Enterprise? I have installed a forwarder and set the deployment/receiver...
View ArticleSplunk dashboard refresh every 24 hours required (00:00 to 24:00 MST Hours)
Hi All, I have a SPLUNK search query which I run on a daily basis for the past day by selecting Date Range Between 09/18/2017 00:00:00 and 09/18/2017 24:00:00 i.e. for one complete day. I get some...
View ArticleCan these three searches be combined and ran sequentially?
I have a scenario, where I need to 1) append results to .csv file. 2) Once I get csv file updated, I need to eliminate duplicate results from csv file and 3) performing lookup with the csv file I am...
View ArticleHow to modify the network devices which are pointing from one sourcetype to...
Hi All, Currently I have request from the network team that they wanted to point the site 03r & 04r from index=net sourcetype=cisco:network:router to index=net sourcetype=cisco:network:switch . I...
View ArticleHow do I create a custom drill down menu option from the event tab on a...
I am looking for a way to create a custom drill down menu option from the Event tab on a specific field value. The example is shown below. When the user clicks on the Execution_ID field value I would...
View ArticleHelp with rex on raw data
Hi, I have data like this I want to display middlename and lastname from the below info. please help me out in writing rex for below raw data \"middleName\":\"L\",\"lastName\":\"CRIB\"
View ArticleDetermine missing sources via a search?
All, I have a list of PCI hosts. Now what I want to do is take that list of hosts and create a report/alert to display hosts which are not reporting /var/log/secure. Any idea how I might do this from a...
View ArticleDynamic Table Issue
HI All. I have a simple dashboard where the data in the statistic table changes everytime you change the dropdown input. The problem is it only works the first time its loaded, for example, on what is...
View ArticleHow to check if load is equally distributed on the host and create an alert?
Hi, We generally raise tickets in Prod through Splunk by putting search query as Report/Alert and now we have a requirement to alert if the load is not equally distributed b/w the hosts. With the top...
View ArticleHow can I merge two "inbound" values appearing under the same field?
Hello I have pre-parsed information coming into my Splunk instance for CISCO:ASA. I'm wondering why the field "direction" has a value of "inbound" showing up as "inbound" and "Inbound". How can I...
View Article