deployment from SH
Hi All, Is there a way to make deployments from SH without going through CM? and how we can do it? What settings do we have to change or to configure for deploying? Thanks M&A
View Articleresizing index instance volumes
Hi , Recently we added new volumes and new indexes for index instances. Now I need to increase the size of new volume and reduce the size of main index which is on old volume. I just started working...
View ArticleWrong time stamp for splunk search events
Please see the below events timestamp with _raw time stamp it seems like _raw time stamp assigning minutes as HRS and seconds as minutes to _time event time stamp. _time _raw...
View Articletransit times ?
I am trying in splunk to monitor the progress of certain id’s which come from two different sources but in the same index. From source one there is a DB-query which is executed once a day. This...
View ArticleSplunk Enterprise not recognizing Cisco ESA add-on App
Hi All, I'm trying to install the Cisco ESA Add-on App https://splunkbase.splunk.com/app/1761/ However when setting this up in Cisco Security Suite, it doesn't recognize the app after I've uploaded it...
View Articlei want to show two decimals after integer without changing values and if we...
HI, a=0.54689556898 b=1.25698 c=0.5 d=51 I want output like a=0.54 b=1.25 c=0.50 d=51.00 Please do needful, how to write query i tried with this query but i am not getting | makeresults |eval Total=0.8...
View ArticleAnnoymising IP but have a unique value for each IP
Hi We want to annoymise IPs, so far we can get it to replace all IP with x.x.x.x BUT we want to replace the IP with a unique value for each IP, so that we can see how many unique visitors and look up...
View Articlesearch running low on memory
My operations fold contacted me with a memory alert on my search head. Do I need to get more memory added? this is a Linux VM. $ free -m total used free shared buffers cached Mem: 11908 10992 915 1 109...
View ArticleWhat is the best way to determine if a UFW is running without CLI access?
Hi, I'm looking for options to validate that a UFW is running on servers, without actually logging into the server (we are losing ssh access to all servers). Any recommendations?
View ArticleHas anyone integrated Splunk Enterprise with TEMIP (Telecommunications...
Hi all, I am trying to integrate Splunk with TEMIP (Telecommunications Management Information Platform). TEMIP is a ticketing tool which is used for ticketing purpose in Network Operation Centre (NOC)....
View ArticleWhat's the best way of getting data from our Splunk servers?
Hi guys, Just a few quick questions about getting Splunk server data into splunk! Our splunk environment collects a large amount of security data from thousands of sources, yet, we don't collect any...
View ArticleHow to not evaluate something during a certain time period?
So, I have a search query that calculates a field but I wanted to know if there is a way to check if it is a certain time period and then to not calculate that field. I have a start time and end time:...
View ArticleIs it possible to use a single rex command to deal with multiple scenarios?
Hello All, I am trying to write a single rex command that will handle a number of different field entires. Basically I have an effort being stored (painfully) in hours and minutes, but the values for...
View ArticleSearch payload sent with POST requests to a particular endpoint in the past
I have the following query, but I am not sure how to get the payload that was sent to the request_url. index=fastly sourcetype=fastly_syslog_json fastly_service_name=www.mysite.com request_type=POST...
View ArticleNo Dome input options after installing dome9
I installed the Splunk AWS app, add on and Dome9 app Going through the configuration I am unable to select a dome type under data inputs.
View ArticleIs it possible to alias a command to another one?
All, So we're slowly moving off of index=java to index=applicationlogs for a few reasons. Is there a way to alias index=java to index=applicationlogs for users?
View ArticleHow to calculate calculate appropriate levels for maxThreads and maxSockets,...
Is there a formula to make a stab at appropriate levels for maxThreads and maxSockets, in the httpServer stanza of ~/etc/system/default/server.conf, for a HEC collector instance? Our current setting is...
View Articlecompare response time from yesterday to today
Trying to compare response time from yesterday to today. This search seems to be working, but very, very slow. Any suggestions on how to improve it? sourcetype=prd_banking_server Bank_Code = 108...
View Articleeventtype based panel
eventtype=* |stats count by eventtype which works. However, in a dashboard below querry doesn't work. Any suggestions please? index=$111111$ $22222$ eventtype=* |stats count by eventtype
View ArticleSplunk and AIDE -- How do I ignore the first line of an AIDE log file?
Right now AIDE runs a check every 5 minutes and comes back with the same results each time of files Added, Removed, or Changed. The issue is the timestamp changes and the same results are being indexed...
View Article