Where do I put props.conf and transforms.conf stanzas to parse custom IIS and...
I am trying to parse custom IIS and Windows Firewall fields using props and transforms. Our Universal Forwarders first send logs to Heavy Forwarders, then to the Indexers. Where is the proper place to...
View ArticleHow to configure the Website Monitoring app version 2.6 if all the fields are...
Only discovered Website Monitoring version 2.6 yesterday. I have installed it using the Splunk Web interface. The next step is to set it up, but only the Save Configuration button is active. All of the...
View Articleplanning an upgrade from 6.3.2 to V7.0
We have 6 splunk servers 1 SH 1 enterprise security 1 license + cluster master 2 Indexers 1 deployment server I will be stopping Splunk services and take a snapshot of all VMs and then perform the...
View ArticleCan I create indexes.conf and inputs.conf files on my search heads to send...
My SHC of 3 members is Linux. I need to create an inputs.conf to ingest /var/log/* and send them to my indexer-cluster. _internal data from all of my servers is being indexed properly so I believe that...
View ArticleHow to build a cron expression in a Splunk alert to run in CST time?
hi there What would be the cron expression to run an alert every day at 11:00am CST (Central time)? or Splunk is already taking the time zone from the operating system? thanks
View Articleschedule search to get past hour and run for last 7 days for only that hour
Need help.. Hi, I can run a search for 7 days and do eval to get data for particular hour but that seems a costly operation. I am thinking to get past hour value to some variable like abc=...
View ArticleIs it safe to revert to a snapshot?
We have 6 splunk servers 1 SH 1 enterprise security 1 license + cluster master 2 Indexers 1 deployment server I will be stopping Splunk services and take a snapshot of all VMs and then perform the...
View ArticleWhy am I seeing multiple host names with duplicate client names in forwarder...
I am seeing multiple Host Names with duplicate Client Names in Forwarder Management. Why is this happening and how do I prevent it from happening?
View ArticleHow can I perform a scheduled search that searches for one specific hour of...
Need help.. Hi, I can run a search for 7 days and do eval to get data for particular hour but that seems a costly operation. I am thinking to get past hour value to some variable like abc=...
View ArticleCan we install a universal forwarder on a 2016 Windows server with SCCM?
Is it possible to get a UF installed on a 2016 Windows server with sccm or do we have to use a chef recipe?
View ArticleCan I stop Splunk, take a VM snapshot, upgrade Splunk, then revert to the...
We have 6 splunk servers 1 SH 1 enterprise security 1 license + cluster master 2 Indexers 1 deployment server I will be stopping Splunk services and take a snapshot of all VMs and then perform the...
View ArticleMonitoring of Java Virtual Machines with JMX - - Issue getting this to work...
I have followed the steps defined in this Splunk answers but have been unable to get JMX data working for the majority of our servers. I say majority because 2 out of 20 servers are working. They are...
View ArticleCan I use relative time for bin span?
I want to run a query with rolling time span (rolling every minute) and want to count events in last 1 hour relative to current minute. I am trying to run this query: Search query | bin _time...
View ArticleUniversal forwarder -- error message with pass4SymmKey
I am trying to add an app to forward some information to another set of indexers to a universal forwarder configuration managed by a deployment server and already talking to another set of indexers....
View ArticleExtract JSON fields in mixed data structure with props
I have an event with a mix of JSON and non-JSON data. I have successfully extracted a Payload field with props whose value is a JSON data structure. Then using the search `| spath input=Payload`, the...
View Articlecan you directly publish data from your java application to splunk web?
hello there, I want to try and catch the spl query submitted on the web interface in my java application, process this query and get the data it wants, and them publish this data from my java...
View ArticleButton switcher
hi i want to create a button switcher here is my code in xml format: ![alt text][1] but it dosent work, can you help me to know what is my problem tanck you [1]: /storage/temp/216733-button.png
View ArticleThe EventCode lookups in the Splunk App for Windows Infrastructure return...
The Splunk App for Windows Infrastructure has the windows_signatures.csv lookup file: *signature_id,signature,CategoryString,action,result 512,"Windows NT is starting up",,, ...* *1104,"The security...
View ArticleHow do i create a bar graph showing the different types of windows event log...
Hi, I am just trying to create a simple bar graph to show the count of the different type of windows log sourcetype, however it does not seems to work. field: sourcetype values:...
View ArticleCisco IPFix v10 to Stream App Proper setup - documentation help - streamfwd
Im trying to find some documentation to help aid in ingesting Custom IPfix outside 1-400 IDs. but i read that theres not much documentation in this arena hehe .. heres what i have tried . Main goal is...
View Article