Query Help??
When I search for this query it shows wrong results ? |metadata type=hosts index=* |lookup domain.csv host output domain datacenter host IP |search domain=Y|eval age=(now()-recentTime)|convert...
View Articleperformance impact of Using ignoreOlderThan on forwarder
Hi So we have a server which writes out thousands of files a day. Over course of two months we can have 70K+ files. We cant enforce a aggressive archival policy for the project team due to some other...
View ArticleAfter upgrade from 6.6.1 to 7.7.0, indexer stop taking data and throwing ssl...
Hi, I have upgraded my SPLUNK from version 6.6.1 to 7.0.0. After upgrade I am seeing some ssl exceptions and indexer is not taking data. I am using 6.3.3 version for Splunk forwarder. **Errors in...
View ArticleAfter upgrade from 6.6.1 to 7.0.0, indexer stop taking data and throwing ssl...
Hi, I have upgraded my SPLUNK from version 6.6.1 to 7.0.0. After upgrade I am seeing some ssl exceptions and indexer is not taking data. I am using 6.3.3 version for Splunk forwarder. **Errors in...
View ArticleBootstrap Enterprise
regards, I need to create a responsive control panel and realized that in Splunk there is a modified version of the bootstrap classes for this functionality. Is there a manual describing these classes?
View ArticleIf then statement where the output will exclude a value from search.
I want a statement that will evaluate field A, and if the value of field A equals 1, then I want to exclude any value of field B from the search.
View ArticleSplunk uninstallation / kill command failed -- Connection Refused error on...
Hi, I was trying to uninstall Splunk due to some issues in existing installation. I followed the steps for "Uninstall Splunk Enterprise manually" as mentioned on below link:...
View ArticleProblem: contract emplyees can't use our domain where Splunk is. Proposed...
We are only allowed to use AD accounts when accessing Splunk, but in our PCI DSS environment some users are not allowed to have accounts by policy due to either being contractors or due to age...
View ArticleOverride host field with event data
Hello, I am indexing some data from a file monitor and i want to override the host field with data that lays inside the events. Below is a sample of the data and the values i want for the host field...
View ArticleHelp optimized an advanced DBConnect Query
The query below takes approximately 20 minutes to run and I need help optimizing it. The point of the query is to gather the number of problematic data conditions from each client. The conditions are:...
View ArticleWhat other additional software gets automatically shipped with SPLUNK
I had heard that SPLUNK comes with some additional software, can someone tell me what that is?
View ArticleDashboard help -- Can I use Bootstrap Enterprise so my dashboard has...
![alt text][1]Regards, I'm developing a home panel using the HTML components inside a panel in simple XML format. Ex: ... my code here What I need to do is make this control panel sensitive to other...
View ArticleIs it possible to find values that are wrapped by quotation marks in a lookup...
I have a lookup table that has values that are wrapped by quotations. For example: "fw: Help". If I try to search for this by this search: |inputlookup zyx.csv | search column="fw: Help" nothing comes...
View ArticleSplunk appender not logging long HTTP headers
The basic issue is that for longer requests, the Splunk logger is not logging the HTTP headers. We are using the splunk-1.5.0.0.jar and splunk-library-javalogging-1.5.2.jar --...
View ArticleScheduled report error -- Search process did not exit cleanly, exit_code=-1,...
When running the following manually there are no issues. But when this is scheduled the following error is noted and half the information is not present. [subsearch]: [1spl-ind04-dc1] Search process...
View ArticleHow to get a universal forwarder GUID from deployment server via API?
I'm trying to create a script to delete computers from deployment servers (ds) that were decommissioned. I think I can use the below curl command to delete form the deployment server, but how can I get...
View ArticleSingle host is showing up as multiple sources (i.e. server1 and ip-server1)....
Greetings, In splunk search, some of the hosts are showing under multiple host names. I would like to combine the hostnames into one hostname for cleanup purposes. I fixed the initial reporting issue,...
View ArticleChange row color when the field "time value" increases
Hi , In my dashboard I am watching the ticketing system , am calculating the time frame , if the ticket age was grater 02:00 hours then the row would be turn to red , if it less than 02:00 then it...
View ArticleHelp optimizing an advanced Splunk DB Connect search
The query below takes approximately 20 minutes to run and I need help optimizing it. The point of the query is to gather the number of problematic data conditions from each client. The conditions are:...
View ArticleThrottle unless count increases
In an Enterprise Security Correlation Search I have a report that emails out when an email address is seen across multiple unique accounts. Each unique account has its own row and I have a field called...
View Article