What additional software gets automatically shipped with Splunk?
I had heard that SPLUNK comes with some additional software, can someone tell me what that is?
View ArticleHow to use token substitution in the payload with the POST method in the REST...
Hey all, I use the REST Modular Input to fetch some Data from a Backup System. Everything works fine, even Token substitution ($ids$) with the GET method. Now I need to fetch data with the POST method...
View ArticleSplunk - Log Reduce solutions?
What is Splunk using for their Log Reduce solution? Is it similar to what Sumo logic can do?
View ArticleHow to specifiy two different dates in a single search?
I have to fetch results for an event happened on Sep. 1 and Sep. 6. How do I specify two dates in single query?
View Articleis the saved search called by the map function allowed to send emails/run...
hi, I want to send an email / run a script one time each for a bunch of ip's in a list, so I was going to iterate over them with the map function with a saved search, instead of setting up a separate...
View ArticleNeed a little help converting seconds to days, hours, minutes
Hi all, Windows reports everything in really long seconds uptime fields. I want to convert that to days, hours, minutes. Trying to get syntax provided in another post to work (and think I'm close) but...
View ArticleHow can I identify hosts that don't have any events over a 4-hour period and...
I want to identify any host that doesn't have any events over a four hour period and create an alert. Having trouble extracting the individual host. index=ind1 | timechart span=4h count by host | where...
View ArticleHow can I run stats sum as command on same search for two different values?
I have the following search: index="data_integration" host="sampledata" sourcetype="csv" Object_Account="4*" OR Object_Account="5*"|stats sum("Domestic _Amount") AS CM and the following second search:...
View ArticleSearch returns "No results found", when it should be returning 1.
The search below looks for an event for a specific client during a specific time. If the event is not there, I would want to be notified, thus a "1" should be returned. There is no event, so noNull is...
View ArticleIs the saved search called by the map command allowed to send emails/run...
hi, I want to send an email / run a script one time each for a bunch of ip's in a list, so I was going to iterate over them with the map function with a saved search, instead of setting up a separate...
View ArticleHelp understanding standard deviation alert for entries that have a count of 0?
I have seen several similar questions asked, but they are often answered in different ways so I'm hoping whoever answers this can explain why they created the search string the way they did. I have...
View ArticleHow to achieve pagination in Splunk?
My Splunk command is : 1) index=myIndex search base earliest=-1h latest= now 2) index=myIndex search base earliest=-30m latest= -1h 3) index=myIndex search base earliest=-30 latest= 30m
View ArticleSplunk timezone change for a specific sourcetye
Hi, I am using the timezone converting attribute " _tzhint" to convert EDT to UTC . This attribute was able to convert events timestamp to UTC but it is only converting only very few events, but not...
View ArticleHow to handle LINE_BREAKER regex for multiple capture groups? Specifically...
In the past we had an easy LINE_BREAKER regex that broke on newlines where an ip4 was present ([\r\n]+)\d+\.\d+\.\d+\.\d+ Now we have some logs with ip6 in addition to ip4 being logged, so I was hoping...
View ArticleWill the Splunk Add-on for Microsoft SQL Server suffice to access logs from...
I wish to get only user access logs from SQL Server. Basically, who accesses what database at what time. For this purpose, is the Splunk add on for microsoft sql server enough or DB Connect is also...
View ArticleHow can I use the results of a search in a second search?
I'm running a query which returns destination ip address of external traffic of a user in one column something like that: ----dest----- 1.2.3.4 23.23.23.23 45.45.45.45 67.67.67.67 4.3.2.1 Which means...
View Article"What to Search" dont work.
"What to Search" on the right side of "Splunk Search" does not work. ⇒ Waiting for data… As for the Data summary as well... Is it bug? Splunk Ver 6.6.2 Please give me some hints!
View ArticleMSP and Enterprise License (To define pools from which license file)
I have 2 licenses,one of which is using for 1 customer and other license is shared among n number of customers (MSP - Multitenant).Say for an example 1.License for Customer A (200GB) expiry date : 2018...
View ArticleBox Plot Viz
HI, I tried to install the Box Plot Viz downloaded from here --> https://splunkbase.splunk.com/app/3157/#/details However, the installation failed with error message: "There was an error processing...
View ArticleHow to change the default local for the web UI
From the little documentation I can find, it seems that Splunk Search head Web UI will attempt to use the locale configure in your browser. I am in an european country which language is not supported...
View Article