Why am I getting messages to review roles for unnecessary read or write...
Hi, Everyday i am getting message like "Review roles for unnecessary read or write access to authorize.conf and remove access if possible". What could be the possible reason for this?
View ArticleAre there related fields between sudo log and LDAP log? I want to monitor...
I have a requirement for daily report of Linux sudo activity. I came to know that the LDAP log will tell me if the user successfully has access, and sudo log will tell me what the execute request is...
View ArticleWhy is my eval if() not working consistantly
I'm having a difficult time getting what I believe is a simple eval command to work as I would expect. What I'm trying to accomplish is to convert a 1 or 0 into Yes or No respectively. I'm able to do...
View ArticleStreamstats Question
Using this query below could you help me identify servers that were added on a daily basis? example today is friday 13th i would like to see new servers that were not on the report on the Thursday the...
View ArticleHow can I fix my double timechart graphs?
I want to see 2 timecharts that each 1 contains different counter my search is: source="perfmon:test" counter="Private Bytes" NOT _total instance=chrome | eval MB_Used=Value/1024/1024 | timechart...
View ArticleHow do you clear the token values in HTML dashboards?
I've got a dashboard that is POSTing stuff to a kv store. It currently clears the input forms once I hit submit, but the actual values seem to still be held in the tokens. For instance, I can hit...
View ArticleHow can we adjust our firewall's timezone?
Hi All, Currently we are facing an issue with time stamp for an firewall logs. We could see the logs are coming into splunk with a time difference of 3 hours. We have 5 heavy forwarder instance as...
View ArticleHow do I prevent empty values from being submitted to my KV store on my...
I have an HTML dashboard that lets me submit values to my kv store. How do I check the values for emptiness and then inform the user that the values are empty?
View ArticleWhy is an empty value from a MultiSelectInput deleting ALL the items in my KV...
Not sure if this is a bug or what, but if I push the delete button on my dashboard and there are no values selected in the MultSelectInput, all of my kv store values are wiped out. One caveat is that...
View ArticleHow do you use custom XML in reports (from dashboard formatting)?
Hi everyone, I have made a bar graph that uses XML to make custom colors for two different series. I seem to lose the colors I set the series at whenever I convert to a report from my dashboard that...
View ArticleCannot re-add UDP data input after deleting it. Parameter name: UDP port 514...
First I wanted to create an alternate data input using 514/udp, so I disabled the existing one and tried to clone another one, and change the port number. Got rejected with the full text message:...
View ArticleHelp with indexing .XET files or SQL database in Splunk? What should the...
How do you index .xet files or trace file of SQL database in Splunk and what should be the charset for that if i use NO_BINARY_CHECK = true NO_BINARY_CHECK = true what should be charset for that?
View ArticleSplunk Add-on for Tenable: Security Center Logs Failed to Index
On Splunk 6.6, most up-to-date Splunk Add-On for Tenable. Been using it successfully from around February 2017 til middle of May 2017 with no issues, but after a Splunk update or two, have noticed the...
View ArticleWhich command or stanza can be used to decide which fields are extracted at...
As far as I know, fields- does not improve performance, and I'm looking for a better option.
View ArticleHow to specify an index name in the docker instance of Splunk universal...
I am trying to find a way to specify the index name to use when collecting data from a CSV file using the Splunk universal forwarder docker container. I have tried using SPLUNK_CMD environment variable...
View ArticleCSV input. Need output based on 3 different fields. 1 search
Hello, We have been importing a particular csv daily into a single index, so the data is nice and clean. We want to perform 1 search and chart out results . Field are: Volume, Change, & Price....
View ArticleNeed values to stick within a range for chart
Hello, We have the following search: index="blah" | stats values(Change), values(Volume), values(Price) by Symbol Some results are too large or too small of a number range, so I want to fine tune the...
View ArticleDB Connect Time-Based lookup
Is there any way to create a time-based database lookup with DBConnect 3.11? I don't see the option within the GUI and can't find a way to customize the lookup SQL query since ```WHERE field=value```...
View ArticleCan anyone explain me how to on board data.
I was hired in an organization as a Splunk onboard specialist, I don't know much about onboarding data. I had gone through getting data in docs but that is not helpful to deal in real time. Our...
View ArticleSG500 Logging
I have two Cisco SG500 switches and I'd like to get them logging to splunk. What is the best method? I can't find a premade dashboard, nor source connector when adding a port.
View Article