Splunk Python SDK - Causing HTTP 503 (HTTP Too Many Threads) and Socket...
Suggestions for improvement to the Python SDK script implementation are being requested. Would modifying the EXEC_MODE or OUTPUT_MODE to another value help? I'm am using a Python SDK...
View ArticleHow to search for number of license violations over time
I'm looking to display my license violations (over my capacity) as a dashboard panel that I can show over time.
View ArticleSplunk CLI search parse _raw into fields
I am using a locally installed Splunk instance to perform a remote search using the CLI. splunk search "index=sandbox sourcetype=access http_status_code<400 earliest="10/01/2017:00:00:00"...
View ArticleSplunk CLI remote search parse _raw into fields
I am using a locally installed Splunk instance to perform a remote search using the CLI. splunk search "index=sandbox sourcetype=access http_status_code<400 earliest="10/01/2017:00:00:00"...
View ArticleIndex retains old warm buckets
One of my indexes has a couple of old buckets in Warm which are closed for writing in 2014, then the next oldest one is from 2017. When trying to use dbinspect to determine data age per index they are...
View ArticleChart Display value
Hi All, I found out when the dashboard have too many col in the chart, cannot display the x value, Can we make the chart larger to display?
View ArticleVM templating of Splunk instances
We plan to create Splunk pre-installed virtual machine (VM) templates for internal use. We have assumed the following points should be taken steps with Splunk VM templates. - Use hostname or FQDN in...
View ArticleRunning one of two searches based on time picker selection
I am trying to create a dashboard panel which will run one of the following email searches. There are a number of inputs which allow a user to filter exactly what he/she wants to search for. - One...
View ArticleCan we use same property names (say "[setnull]","[setparsing]") defining the...
I have two clustered environments consisting of 3 SH,3 Indexers and 1 HWF each running on Splunk 6.4.1.I need to filter out certain unwanted events coming from jms queues and send them to the...
View Articlehow to get data to splunk indexer without a forwarder for continous monitering?
basically need to monitor dell Idrac and CMC logs
View ArticleSplunk add-on for Servicenow
Hi All I want to download Splunk add-on for servicenow Event management integration . As per the documents (...
View ArticleNessus scan vulnerability duration
Am trying to find all vulnerabilities present in nessus scans that have been reported more than 15 days ago and are still present. My current search query works but I can't help feeling that it is...
View ArticleNessus exploitable vulnerabilities
Here, am trying to find all vulnerabilities found during a nessus scan that are exploitable. The exploit_available field is shown only in nessus plugin. I would like to corelate the exploitable...
View ArticleHow to configure Splunk to extract key value pairs with JSON log data from...
We have started using the Http Event Collector (HEC) for logging directly from our Java apps. HEC takes data in JSON format but we have a lot of legacy code that logs key/value pairs and some...
View Articleunable to run query sendemail
sendemail command is not working in scheduled searches. Query used. | inputlookup testing.csv | map search=" | sendemail to=$email$ message=\" Hi $realname$, This is a test message Many Thanks,...
View ArticleI am indexing reports as an excel file but after indexing I am getting field...
I am indexing reports as an excel file but after indexing I am getting field value for tag as error also event type as error. Can somebody please help me as the TA is not working and we are manually...
View ArticleSplunk showing gateway timeout
We're running Splunk in our environment. We can only access the Splunk instance via the IP address, but not the DNS address we have mapped to it. For instance, we can go to this URL using the IP:...
View ArticleChange Notifications from AWS Config Service
Hi, After a great .conf 2017, I decided to install the Splunk App for AWS and the associated AWS TA and I am having issues with getting Change Notifications into Splunk. I think they are supported, at...
View ArticleDoing stats on multivalued json fields
Hi Ninjas Im dealing with some deeply nested json events like:...
View ArticleIncomplete JSON ingested.
Hi, I am using the REST API modular input addon to monitor an elasticsearch instance on the stats api endpoint. The output is in JSON format and has an average of 1200 lines. I am using Heavy...
View Article