How to pull a report on Splunk alerts?
I'm application analyst that monitors splunk alerts. We monitor OOM, CPU usage and other data. We receive alerts via MS outlook. Is there a way to pull reports on the splunk alerts for the last 6...
View ArticleDoes the Forefront Threat Management Gateway TA work with the SQL Express...
The TMG instance we work with is configured to log to the SQL Express DB and pushes out DB logs every day. Does the existing TA parse these files, or only the log files generated if we (re)configure it...
View ArticleHow to send ESX logs via Splunk heavy forwarder in a Windows environment?
We have Splunk components (1 S.H + 1 IND + 2 H.F) installed in windows environment. I would like to configure ESX host to send logs to Splunk Heavy Forwarder and be able to Search data through S.H....
View ArticleIs there any way I can use a custom AMI for Splunk in AWS?
Can I use a custom AMI which is hardened by a script for Splunk deployment in AWS? If there is a possibility, how can I do it? please suggest me. I know just changing the AMI in the cloudformation does...
View ArticleDynamic Search based on previous search output and if condition
Hello Splunk Community, Business requirements pushing my knowledge on Splunk so far... just wondering if Splunk query can be subdivided into methods/functions? The current scenario I'm trying to figure...
View Article*metrics.log
In standalone environment why my splunk enterprise don't have "source=*metrics.logs " at certain hours.
View ArticleSplunk crashes when trying to install an app from "Browse more apps" section
Our splunk is running on RHEL 7 as a non-root user. Splunk is behind firewall and i configured proxy settings. As soon as i enter my splunk credentials for installing any app in "Browse more apps"...
View ArticleVNX App - No data in the lun performance section
We have VNX App version 1.2 deployed with our Splunk Enterprise installation (ver. 6.5.1) If we try to generate "Heat Map - LUN Throughput (IOPs)" it shows no data in column "LUN Throughput (IOPs)↧" ....
View ArticleJoining/Appending queries
Hi guys, quick question here: I have the following queries: Q1: Sub-Search for userID Q2: Main search, which provides username and department Currently I can get a table with userID, Username &...
View ArticleHow to make the div that can be fold/unfold on dashboard
I'd like to make the div that can be fold/unfold on dashboard. So I tried to implement an easy thing using html, but it does not work. How can I make this possible on Splunk's dashboard? Please tell me...
View ArticleDashbaord creation for logs validation in each environment from different Index.
create dashboard where it can show the per day logs ingestion corresponding to it's relevant environment which shows the count of logs per day into it's related environment but i am facing issues while...
View ArticleCan We Monitor /push logs for CA Certificates Expiry of different Servers...
Hello All , we have requirement to monitor Certificates expiry logs and data through splunk , SCOM manages the monitoring part of these , i was curious if these logs for expiry can be fetched from...
View ArticleUnable to get output through Windows-add on
Hi, I want some hardware informations remotely on the list of Windows servers. I have downloaded the Windows Add-on, created the inputs.conf in Splunk_TA_Windows, still unable to get the output,...
View ArticleMerge similar field values
Running the following query gives me a result with different field values. index="XXXX" host="POLO*" | stats count by URL | sort-count URI | count /pup/folks/xy/hollow/yellow/red | 7...
View ArticleDuplicate keys in event conflicting the splunk result
Unfortunately, I have been indexing the events which have a key named "source" and splunk by default treat the key "source" as the source of the events. Now, when I am trying to retrieve the values...
View ArticleHello, Can someone please guide me how to setup Splunk to trigger alerts...
I need to setup an alert whenever i get a mail in my Outlook mailbox. Please help me with the detailed steps because I'm new to Splunk. Helps appreciated :) Need a detailed "How to" type answer. Thanks...
View ArticleCan i use table command instead of Stats and if there is any better why to...
My Query is as follows index=x source=y COMPLETED | stats values(process_key) as "Process Key", values(process_start_time) as "Process Start Time", values(job_key) as "Job Key", latest(job_status) as...
View ArticleAdding hosts to splunk
I have installed universal forwarders on all of the servers I want to monitor with Splunk. If I go on the Splunk Server to "Settings" -> "Add Data" -> "Forward" I find all but one of the servers...
View ArticleNotable Review time
Hi all, I need to create a dashboard which can provide me the total review time taken by the analyst. I have created the following query: | datamodel Incident_Management Notable_Events search | stats...
View ArticleDetect/handle parsing error and log format change
Hi, I have been asked about log parsing and parser error detection in Splunk. The questions are: In general - how can and should I detect parsing errors in Splunk? (New version of log source, etc...
View Article