Reset local auth splunk password with python sdk
I need to figure out how to reset a user password with the Python SDK. I see in the documentation where I can change the attributes of a user but not he password. Any help is much apprecaited!
View ArticleSplunk taking wrong time from logs
Splunk adds one hour to timestamp, when indexing logs. Logs: 9/18/17 3:46:01.000 PM --> time splunk shows [][hello][please][help][18/Sep/2017:14:46:01 -0500] --> actual log I have added the below...
View ArticleSetting field based on eventtype
I do use **eventtypes.conf** to extract fields. Then in **tags.conf** I do set **warning=enable** for some of the fields. Some is **error** and other is **information**. In my search, this then shows...
View ArticleI am trying to write a microservices for my company for splunk search through...
I am trying to write a microservices for my company for splunk search through rest api..but i am not able to get the session key for /services/auth/login rest api.. which returns 302 Found... if...
View ArticleKind of inner join
Hello, Hopefully, you will understand what I mean...It was not clear how I could formulate a search to find some documentation. I got an index, with a lot of fields [ f1, f2, f3, ... ]. Let's say that...
View ArticleChange Colors of Bar based on legend
It's a simple query. I am just trying to give different color to different legends in my bar graph. below is the XMLIncident Review Dashboard_new| datamodel Incident_Management Notable_Events search |...
View ArticleSplunk SH bundle push is very slow
Hey Splunkers, I am running into issues with applying a search head cluster bundle. This bundle has around 200 MB including Splunk Enterprise Security and they run in AWS. When I apply the usual apply...
View ArticleIIS Log Files parsing and Removing Load Balance Health Check
I,m using the new 7.0.0 version of Splunk at my distributed installation (Indexer,Search Head) and i´m trying to parse iis logs from a Windows Server 2016. The parsing is working but i´ve tried to...
View ArticleREST API Modular Input - 401 Client Unauthorized
I'm trying to get the REST Input to work with Google Nest API which has a space in one of the headers which I think is causing an issue. I can get other REST APIs to work on the same server. The header...
View ArticleMissingSectionHeaderError when calling a command
I am trying to use the Splunk app MongoDB Commands to gather data from a MongoDB instance. I want to be able to query the data and display it in Splunk. When I call the command "|mongoshowdb" I get...
View Articletimepicker not working for base search in dashboard
Hi, we added timepicker to a simple dashboard consists of base search as following, but it's not working. Using full search in panels the timepicker works properly. Would anyone please help? We're...
View Articleevents not reflected in jmx add on
i have added jmx add-on to splunk and connected to the tomcat server via process id, however when i search for "sourcetype=jmx" it says 0 events returned. Also, i cannot see "jmx" as a datasource in...
View ArticleFailed to create a bundles setup with server name
Hi , Im trying to connect the sh cluster to indexer cluster,Im using Splunk Version 7. All the status are ok. But everytime i will query a search this error shows up ***[idx1] [idx2] [idx3] Failed to...
View ArticleFailed to create a bundles setup with server name 'GUID'.
Hi , Im trying to connect the sh cluster to indexer cluster,Im using Splunk Version 7. All the status are ok. But everytime i will query a search this error shows up [***idx1] [idx2] [idx3] Failed to...
View ArticleOn which user my Splunk is running?
Not that familiar with *NIX hence the question. I created the user and group called splunk and then ran Splunk for the first time with splunk user. Now I want to ensure my Splunk is running as splunk...
View ArticleWrapper script to call two different scripts on a alert run a script action
I want to call two different scripts under /bin/scripts folder when alert job is triggered action item "run a script" ..tips to change it as a custom alert actions are also welcome as run a script is...
View ArticleHow to get a calculated column in a table
Hi Splunk Experts, I need to create a report to display the table record count difference between two databases during a period of time. Events (list) are captured as follow: db_name table_name...
View ArticleHow to extract fields at index time?
We have .net logs from SeriLog and we would like to break it down into key value pairs at index time and extract some fields. I have tried to follow the splunk guides and blog posts, but my indexed...
View ArticleSudden excessive WinEventLog:Security events involving splunkd.exe
Splunk Universal Forwarder is v6.4.x Splunk Server is v6.5.x In C:\\Program Files\\SplunkUniversalForwarder\\etc\\apps\\Splunk_TA_windows\\local\\inputs.conf , I have: [WinEventLog://Security] disabled...
View Article