Access JSON data
This is in follow-up to https://answers.splunk.com/answers/578105/help-with-search-to-access-json-data.html#comment-577285 Please find the attached image for sample event. The query provided by is...
View ArticleFile not being read by Splunk in a directory while others are
Hi, I have a directory which is defined in inputs.conf on a host (which has UF running), directory is: /var/middleware/inventory/var As per the logs (splunkd.log), the directory is now monitored:...
View ArticleIn a Index, one month data has been uploaded two times.
Hi Experts, I am now in a strange situation, we have a index in which we uploaded .csv files for every month and for previous month data has been uploaded two times. now splunk is showing duplicate...
View ArticleWhat is the difference between 'Splunk Insights for AWS Cloud Monitoring' and...
So i'm currently working with the Splunk App for AWS and come across this article by Splunk. https://www.splunk.com/en_us/products/splunk-insights/aws-cloud-monitoring.html It offers AWS cloud...
View ArticleHow can I customize my dashboard using CSS?
How to hide the time option in the dashboard without using the css but should function in the background ?
View ArticleHow does Splunk parse german Umlauts?
Hi everyone, I've been confronted with the problem, that the case insensitive search command ```search```, differentiates between ö / Ö, ä / Ä and ü / Ü. My question now is, how does splunk parse the...
View ArticleWhat is the correct method to consume symlinks?
Hi, I'm attempting to consume MSSQL ERROR logs from 800+ systems with different log locations. The current approach is to configure a common directory on the C drive c:\mssql logs\ with up to 10...
View ArticleIssue with an ELB dashboard -- added via Cloudwatch and ELB access logs
Hi We have configured Splunk Enterprise on a single server with inputs for ELB. We use a classic ELB and have inputs for ELB via Cloudwatch and via ELB access logs (SQS based S3). The ELB dashboard...
View ArticlePath Support for AWS IAM Role for Splunk Add-On
Hello, I am attempting to add and IAM role to the Splunk Add-on for AWS with a path. However, the regex used to validate does not allow paths. Regex: Characters of Name should match regex...
View ArticleInfoblox Event Collection
I need to bring in Infoblox into my SPLUNK. Is this by infoblox sysloggin to my forwarder or does the splunk add-on for infoblox allow for me to configure? Thanks!
View ArticleSplunk Universal Forwarder 6.5.2 -- 100% CPU Solaris
Can someone help me in resolving the issue? Splunkd Universal Forwarder is taking 100% process. I am monitoring around 50 logs files and the data is not more than 30GB daily. For monitoring i am not...
View ArticleHow can I add an IAM to the Splunk Add-on for AWS?
Hello, I am attempting to add an IAM role to the Splunk Add-on for AWS with a path. However, the regex used to validate does not allow paths. Regex: Characters of Name should match regex...
View ArticleSplunk Add-on for Infoblox -- Can I configure this to bring in my Infoblox...
I need to bring in Infoblox into my Splunk. Is this by Infoblox syslogging to my forwarder or does the Splunk add-on for infoblox allow for me to configure? Thanks!
View Articlesumming two event counts by source
so, I am trying to parse out syslog stats data, trying to get a velocity of the events to figure out which log source is spiking when backlogs occur. events: the count of events for a particular source...
View ArticleHow to extract Windows fields at search time using regex?
How to extract the Account Name and other fields in the description field from the below windows event from azure? It has both JOSN and XMl data in JSON event. At![alt text][1]tahced are RAw event and...
View ArticleAfter we deleted a job it popped back up -- How can we delete it for good?
For some reason, we are not able to delete expired jobs as admin and as a power user who owns the jobs. We choose, Job and then Delete Job. A pop message appears and disappears for a brief moment and...
View ArticleHas anyone used MineMeld to send logs to Splunk?
Has anyone ever sent logs to Splunk using MineMeld? If so how? I currently have access to MineMeld but I was looking for away to set up the config to send the logs to Splunk
View ArticleExporting reports to a different search head... how do I cleanup the move and...
So I successfully created an app called search_migration on SH1 to move reports to SH2. 1) I set all reports on SH1 (in search app) that I wanted to move as shared globally 2) I created an app called...
View ArticleHello , is it possible to include sequence sunburst chart in visualization...
Hello , I am trying to add sequence sunburst chart in visualization picker of search app . Could anybody please help me with that .
View ArticleHow can I correlate results from two separate searches?
I have syslog formatted events that correlate together based on one value, and a search that will pull a single line of those events: s=1js832fc event=A somedata=9sdsh s=1js832fc event=B...
View Article