acceleration with tscollect in indexer cluster
Hi at all, I have an Indexer Cluster where each Indexer is accessed by users as a stand alone server, in other words there aren't Search Heads. Now I accelerated some data using txidx file (tscollect...
View ArticleHow to monitor servers using splunk
I have been tasked with figuring out how to monitor server activity using splunk and create alerts
View ArticleProblem to index the entire csv file
we use csv to track app's performance. I added the csv to forwarder and keep monitoring it. The problem is that while app is running and keeping writing to the csv, however, only the few minutes at the...
View ArticleIs there a page that clearly identifies APPs that are Deployment Server...
I ask this because I just spent a while trying to debug why installing the "Microsoft Supporting Add-on for Active Directory" would not work when I deployed it using the deployment server. I determined...
View ArticleProblem with SAML authentication after updating to Splunk 7
I have upgraded to Splunk 7, and I am encountering with "Verification of SAML assertion using the IDP's certificate provided failed. Error: Failed to verify signature with cert...
View ArticleCan I filter a table based on cluster number or subsearch dynamically?
I have a table of data that is clustered via KMeans, I am trying to filter down to only display the other items in a particular cluster, but since the cluster number is done on the fly, this is proving...
View ArticleSyslog events not matching IOS XR regex to transform
Here is the format of our data coming from Cisco IOS XR NCS 4K platform. I don't think the regex is able to match our data. Running Enterprise 7.0 and Cisco Networks Add-on 2.3.4. Thank you. Cisco IOS...
View ArticleReturn information when there are no expected results.
This search checks to make sure a certain process ended on time. I expect to have results for the 6 cases in the where clause below. In the case that a Client's process did not end on time, it would...
View ArticleHow to create a table of eval fields along with stats
I have a query where I eval 3 fields by substracting different timestamps eval Field1 = TS1-TS2 eval Field2 = TS3-TS4 eval Field3 = TS5- TS6 eval Date = strftime(_time, "%m-%d-%Y") Next I use the stats...
View ArticleAdding xauthuser to datamodel
I tried to add the xauthuser field to the data model ftnt_fos and after that I get no results any more. Did I break it? The xauthuser field carries the username that connected to the firewall using an...
View ArticleDBConnect 3.x not working with rising columns the way 2.x did...
I have the following sql statement that is working with other database inputs that were created with dbconnect v2.x. But 3.x fails with an error. This is the first input I've tried to create using the...
View ArticleSplunk 7 and DBConnect 3.1.1 not working new install
Brand new CentOS 7 system with Splunk 7, DBConnect 3.1.1 and Java JDK 1.8.0_144. Splunk starts fine, DBconnect installs fine, but when I go to access the app, I just get the message Unable to...
View Article"File Integrity checks found 1 files that did not match the system-provided...
I have no idea where this message is coming from. I see the subject message in the WebUI but when I restart splunk it tells me all is OK. Here is the output from a restart:...
View ArticleHow do you use a custom field as a token for a drilldown?
I have a dashboard that contains a line chart. The query for this is something like: search ....... | rex field=_raw " (ERROR|E|SEVERE) (?[a-zA-Z0-9\. \-]*)[:\. ]" | timechart count by method limit=10...
View ArticleHow to move a diag to the desktop folder?
I ssh into our server and created a diag, but how can I move it to my desktop so I can email it to someone else? What are the necessary steps I need to take it from the CLI? When I do this, it has to...
View ArticleComparing results from three separate events
Forgive my ignorance if this has been answered elsewhere, I did my best to search for an answer but have not found it. I am trying to compare three different search results for three separate events...
View ArticleSplunk DB Connect Inputs not working. What do I specify for source and...
I connected a database through configuration. When I try to add input source and sourcetype, I do not get any results. I even tried creating my own sourcetype. Here is what the documentation specified:...
View ArticleHow to turn of splunkd during certain hours
I have a customer who wants to have the splunk forwarder turned off during certain critical processing time.
View Articleregular excpresssions
This is the event : 02OCT2017_16:46:47.212 130880:140149567481600 INFO event.py:177 root event = {"hopTrace": {"hops": [{"machine": {"nodeId": 569}, "application": {"processId": 19295, "processName":...
View ArticleCylance Protect data integration with Enterprise Security ES
Hi, I need to use the Cylance Protect syslog data in Enterprise Security. Has anyone used this data in ES context ? What data models does the data to map to and whether any additional field extractions...
View Article