Can Splunk do this?
Hello, I have a report that shows me network events - most of the events will have "source ip" coming from a proxy and destination being some url. Is there a way to formulate report query so that it...
View ArticleAPI call to Palo Alto for User to IP mapping lookup
I would like to add a dynamic lookup on my splunk dashboard so that when an IP is entered it displays not only the traffic logs for the user but also the ip user mapping and any groups the user belongs...
View Articlehow is installing HF different from UF
hi, we are currently monitoring windows security event logs across 3000 machines in our organization using UF's, these UF's forward data to a HF and the HF routes data to a Syslog server (for backup)...
View ArticleSPLUNK Binaries
I need to install my deployment server \License server that will part of our SPLUNK Enterprise deployment. I didn't install our POC environment, so I am not sure what download I need for this. I think...
View ArticleTimechart - map data over same interval everyday
Hi, I have a requirement to timechart data over the same time everyday for the past one month. E.g.: Maximum responseTime between 9 and 10 everyday for the past month. Query to construct timechart is:...
View ArticleWhere can I regenerate Client Name info for a Universal Forwarder?
I am seeing multiple Host Names with duplicate Client Names in Forwarder Management. Why is this happening and how do I prevent it from happening?
View ArticleHow to grep number from text
hello, My log contains below entries. 2017-10-06T04:19:25.658+0000 I NETWORK [initandlisten] connection accepted from 68.87.53.199:49991 #192 **(10 connections now open)** I am looking for 2 things. 1....
View ArticleWhere to create an inputs.conf to capture /var/log and send to an index. SHC...
My SHC of 3 members is Linux. I need to create an inputs.conf to ingest /var/log/* and send them to my indexer-cluster. _internal data from all of my servers is being indexed properly so I believe that...
View Articlehow to build a cron expression in a Splunk alert to run in CST time?
hi there What would be the cron expression to run an alert every day at 11:00am CST (Central time)? or Splunk is already taking the time zone from the operating system? thanks
View ArticleWhere do you recommend installing the Cisco eStreamer eNcore Add-on for...
I have 1 search head, 2 Linux heavy forwarders, 1 indexer, 1 Deployment server, and 3 Windows heavy forwarders.
View ArticleHow to Use an InputLookup File to provide authorized user list and Report...
I have an input lookup file. Say 'ApprovedUsers.csv'. This contains a single field SamAccountName. I want to compare this agains the Account_Name field returned in a Windows Security Eventlog search. I...
View ArticleTransaction based Alert Trigger with multiple conditions
I like to create a trigger which fires based multiple conditions Example Scenario: A per person is entering a room and the door sensor sends an open event to splunk. Next the person switch on the...
View ArticleIs it possible to display the results of a search in a table visualization...
Is it possible to display the results of a search in a table with a scroll bar instead of pages of data? I want to display 10 rows at a time, but I don't want to have to move from page to page. I just...
View ArticlePalo Alto Networks App for Splunk: When creating a new index under the app...
When creating the new index under the app drop-down, do you choose the Pan app or something else? ACTION REQUIRED: Create a new index called pan_logs using the Splunk GUI or on the command line. Also,...
View ArticleWill configuring a Universal forwarder to send the same logs to two different...
Hi All, We are planning to configure a universal forwarder to send logs to two different Splunk instances i.e.to clone data. Configuration we are going to use is, In outputs.conf [tcpout] defaultGroup...
View Articlehow to compare values from two different searches and return the results if...
I have 2 searches Search1: index=i_temp source=*source1* Results: xCoord=1155276.2781774567 yCoord=1885220.7999824171 xCoord=1144751.2989115883 yCoord=1919044.2279770568 Search2: index=i_production...
View ArticleIs there way to generate list of date for given month in Splunk
Is there way to generate list of date for given month in Splunk
View ArticleHow to compare the same month from multiple years?
I am doing a very basic search that just shows the top URIs during a specific month each year. I would like to be able to put multiple years within the same graph to do a quick visual comparison. My...
View ArticleHow to extract the numeric value and IP address from a string in my sample data?
hello, My log contains below entries. 2017-10-06T04:19:25.658+0000 I NETWORK [initandlisten] connection accepted from 12.34.56.789:12345 #192 **(10 connections now open)** I am looking for 2 things. 1....
View ArticleHow to compare data from the same month for multiple years?
I am doing a very basic search that just shows the top URIs during a specific month each year. I would like to be able to put multiple years within the same graph to do a quick visual comparison. My...
View Article