Are there any Azure alert webhooks into Splunk HTTP event collector?
Looking for an example Azure webhook alert from Application Insights into a Splunk HTTP Event Collector.
View ArticleHow to extract a field using regex at indexing time?
Hi, I'm ingesting the data in JSON format. we have a field event.user, which is auto extracted. is there a way to extract the new field user from event.user filed at indexing time? for example:...
View ArticleInstalling Splunk App for Microsoft Exchange on standalone installation
Hi, I was wondering is it possible to install Splunk App for Microsoft Exchange on standalone Splunk instance. I have followed the guide. After creating the "sent to indexer" app instance started not...
View ArticleHow to schedule delivery for some app that have the option grayed out ?
I have some Splunk apps like Cisco, Exchange, A.D, Clearpass that have the "Schedule delivery" option grayed out but the Export PDF option available. I have a requirement from client to schedule...
View ArticleHow do you schedule delivery for app that has the option grayed out?
I have some Splunk apps like Cisco, Exchange, A.D, Clearpass that have the "Schedule delivery" option grayed out but the Export PDF option available. I have a requirement from client to schedule...
View ArticleJMX monitoring stopped working on a few machines(VMs) from the past few days
JMX monitoring stopped working on 4 of our VMs, where as the other servers (around 100) are still working. There was an upgrade of OS on all of these machines along with Java upgrade. Nothing seem...
View Articlequestion on sourcetype override differentiating based on hosts
I have WLC and Equallogic sending logs on port udp 514. Currently, only cisco sourcetype is configured and hence all data is getting parsed as cisco:ios sourcetype. I want to parse data sent by 6...
View ArticleShowing current logged in VPN users
Hi, I wanted to display in a form of a table the current logged in VPN users. my search command is this host="" user=* | stats count by user ![alt text][1] However, i do not want it to show the count...
View ArticleSending conditional alerts based on previous search result
Following is the json log format being stored in Splunk. { data:[ { "endpoint":"ep_1", "service":"service_1", "http_status_code":"500" }, { "endpoint":"ep_2", "service":"service_1",...
View ArticleSort the number of hits according to the number of hits.
For the query : host=aeperf01api02 Level="INFO" | stats count by AppDomain I have following output Web 4504 WebApi 180240 ComplianceWeb 9384 ReportingWeb 34152 ReferenceDataWeb 161710 SecurityMasterWeb...
View ArticleImport CSV and column as "%" percent symbol in it
Hello, I have been importing a csv that has a column that has a percent symbol in it. How do I search on this particular field? The name of the column in the csv is: "Change %". Thanks!
View ArticleChange / Delete Tags via Search
Hi, anyone can tell me if it is possible to change and delete tags by splunk search. Let me tell you why. I import data from a database. Each time a record is updated, I receive a new event in my index...
View ArticleWhy are my logs being pulled periodically?
My access_logs files are not being pulled constantly. There are large gaps between the pulling of logs. The logs are being updated within the server path (timestamp shows this), but they are not all...
View Articlehow to make visio icons appear correctly in Visio ?
When I drag an Indexer or Heavy Forwarder icon in Visio from Splunk stencil, it is not displayed properly. Image attached. ![alt text][1] [1]: /storage/temp/217862-c.png How to make this image display...
View ArticleSplunk Systemd Service
Hello, has anyone a working systemd script for Redhat/SUSE? If I using the script from https://answers.splunk.com/answers/59662/is-there-a-systemd-unit-file-for-splunk.html I get some error at the...
View ArticleHow to index the log data only from a single server when the log path is in...
Hi All, I am facing the below issue: I am reading few log sources (monitor) from the 3 servers, Server1, Server2 and Server3. Along with that, I am also reading a log source (test1.txt) from a shared...
View ArticleSort Source based on its earliest event indexing
I am in the log sources provisioning phase. I examine the "data summary" frequently to see the change in number of hosts/sources/sourcetypes to determine from which log sources, Splunk has started...
View Articleuse eval in xml
Hi, I have a dashboard with a timechart, and I have created a drilldown for the timechart. the click uses the time clicked on, and passes it to another dashboard as a token. how do I change the click...
View ArticleSingle Value individual color for trend and value
A single value in Splunk has the following simple xml code:trendnonenone1500["0x65a637","0x6db7c6","0xf7bc38","0xf58f39","0xd93f3c"][0,30,70,100]11inverseabsolute-1monafter11 The option "colorBy"...
View Articleprops.conf how to break event after every new line?
As stated in the question, my props.conf has the following settings: [daemonforCent] LINE_BREAKER = ([\r\n]+) SHOULD_LINEMERGE=false And as you can see, the result is still the same, not breaking...
View Article