Need steps to migrate from old deployment server to new deployment server
Dear Experts, we have around 40 UF installed and pointing to old deployment server, Help is required we want UF point to new heavy forwarder. On which files we need to make changes via old deployment...
View ArticleDesign dashboard
I have prepared dashboard and set range on count. But my concern is I have to different range on count for CUSTOMEREVENTS(field from mbExecutingGroupName). PFB Current view of dashboard,...
View ArticleWhat mean is "ApplicationLicense - app license disabled by conf setting."?
I found this message in splunkd.log of Forwarder. "INFO ApplicationLicense - app license disabled by conf setting." What is this message mean? I didn't install any app or add-on in forwarder.
View ArticleFiles not indexing due to fast rotation
Hi All, Hope you are doing good. I have come across a difficult situation in indexing a file. We have few Universal Forwarders, on which files will be rotated very fast (within seconds) during mid...
View ArticleQualys TA in distributed deployment questions
Hi Guys, I've got a few questions regarding issues I'm having with this TA. 1) I've set this TA up in my clustered environment and have host_detection working fine on our heavy forwarder, however,...
View ArticleJIRA jql query is not working from Splunk
I am very new to Add-on for JIRA. I have referred the website "https://splunkbase.splunk.com/app/1438/" and installed the Add-on for JIRA with the current version 2.2.1 locally. I have also installed...
View ArticleIs there a Splunk TA that can collect all system related logs?
Hi, We are actually trying to collect the following data from a universal forwarder and index it in Splunk. Following are the various types of data we are looking for. a. Ping response b. CPU pct used...
View ArticleI am running splunk query which is scheduled to run in every minute to pull...
I am running splunk query which is scheduled to run in every minute to pull the events of last minute. Randomly i getting this xml parse error. **Splunk query :-** search index=os sourcetype=cpu all...
View ArticleConfusing search results
Hi! I have two identical searches running on the same search head but with different time frames. What confuses me is that where the searches overlap in time, the results are different from one to the...
View ArticlePCI compliance and Splunk
Hi folks, My company got Enterprise Splunk and we want to integrate Splunk and PCI compliance. I am New to it so can you please recommend which course i should take to get more familiar. Also we will...
View ArticleDefault.meta application context datamodel version number purpose
For a statistical solution with Splunk we make use of multiple datamodels which have different Splunk version numbers connected though the *.meta files. Documentation is not clear on what the exact...
View ArticleNeed a new Splunk Enterprise trial license for fundamentals training
I have installed Splunk Enterprise trial version in the past to learn how to use Splunk. Now, I have been invited for Splunk trainings, but before you can enter paid trainings you need to accomplish...
View ArticleHow to replace every backslash in an input form token with a double backslash
Hello, please I would like to know how I can replace a single "\" backslash with a double "\\" backslash in a form input (simple xml) before submitting it. I have tried with this code, but it does not...
View ArticleRetain common fields in main and subsearch after join?
Hi all, I'd like to join 2 Windows events using instance_ID as following: `sourcetype="WinEventLog:security" EventCode=299 | join instance_ID [search sourcetype="WinEventLog:security" EventCode=500] `...
View ArticleNeed help to implement Tracker in my Splunk.
Hi ,For my current project i need to implement a Tracker functionality which basically shows various phases of Onboarding.Example (Documents Collected-->Processed-->Approval...
View ArticleAdvanced Dashboard using external picture
Hi folks, I need show the status of some places that have some servers and IT objects in one picture attached. I have ideia that how I need do the querys but how I put the results in each piece of...
View ArticleHow to display the results without any other field names appended
I am trying to execute the below query in Splunk Enterprise. index=x sourcetype=y|join TABLE_NAME [|inputlookup Domain_Module_List.csv |search (Domain ="Inventory")] |eval DATA_MB...
View ArticleWant to display stack trace message along with other feilds.
Hello, I have many stacktraces including keywords like "stackoverflow", "deadlock","Database connection closed". I want to search these errors and display time, host, sourcetype, source, the error...
View Articlewinfra-admin role creation
Another admin recently removed the winfra-admin role in attempts to "clean up" the splunk deployment, and I have attempted to recreate it via re-installation of the addon for windows / infrastructure /...
View ArticleDashboard time picker truncated, and other atrocities
We have a heavily used metrics dashboard that is showing a lot of data to execs. The data is filtered by a (mostly) universal time picker at the top of the dash. The time picker is showing a truncated...
View Article