Running "Splunk package app" in powershell hanging until killed
Hi, I'm trying to automate the packaging of a custom Splunk app (v6.5) so that I can deploy it to another environment. However, i'm having issues packaging the app from my powershell script. When I run...
View ArticleMicrosoft Azure Active Directory reporting Add-on for Splunk: How is the data...
If we elect to install this add-on to only a search head, how is the data collected? We have everything configured per the Details tab but no luck in displaying any results in Search.
View ArticleTrying to create a saved searched via the CLI: "Argument 'actions' is not...
Hi, I'm trying to create a saved search in Splunk enterprise 6.5 via the CLI. The exact command I'm running is: **splunk add saved-search -name "X"** However, I'm getting the error "Argument "actions"...
View ArticleUpgrade of a Search Head Cluster (v6.4.2 > 7.0.0) - Can I do a rolling upgrade?
Hi at all, I have to upgrade a Search Head Cluster from version 6.4.2 to 7.0.0 and I have a doubt: in https://docs.splunk.com/Documentation/Splunk/7.0.0/DistSearch/UpgradeaSHC there's written:>...
View ArticleSplunk Mobile: PDFs downloading with search rather than values
Hi all, when am downloading pdf it is downloaded with queries instead of values . please anyone help to this issue. thanks![alt text][1] [1]: /storage/temp/217867-asa.jpg
View ArticleHow do you pass saved search parameters to a Python script?
Hi, I am trying to pass arguments from a savedsearch result to a python script, and it does not work. Code below. savedsearches.conf [test_search] action.log_message = 1 action.log_message.param.name =...
View ArticleNewsletter app: Will this be updated to be compatible with Splunk 7.0?
I put this on my Splunk 7.0 dev install and the Newsletter tab is essentially unreadable. I assume that's because it is only released for 6.3 as it says on Splunkbase.
View ArticleIndexes are not available to select from "Available search indexes" during...
Since upgrading to splunk 7.0.0 I am not able to select our indexes from our indexcluster from "Available search indexes" during user role creation in the Splunk web gui. The indexes do exist and the...
View ArticleOnly show logs where field value has a decimal place
Hi all, I'm trying to run a search that only finds specific events in a log which have field X equal to a number with a decimal place. Creating the search of simply X>0 returns all log events with...
View ArticleShorten a URL to it's Primary Domain Name from Bluecoat Logs
I'd like to shorten a URL collected from bluecoat logs so that it only lists the primary domain name. For example: abcvod.abcnews.com to just abcnews.com or **anything.**google.com to just google.com...
View ArticleWhy my rest query to /services/authentication/users suddenly don't work...
Hi, I use this query almost every day : | rest /services/authentication/users But today it doesn't work, I get this error message : Failed to parse XML Body:
View ArticleDocker Config option for Splunk web.conf error
I am using Splunk/splunk:latest version(7.0.0) and docker compose version (3.4) . Also deploying an nginx proxy with context root as /splunk to forward to splunk web at 8000. The web.conf is added to...
View ArticleCisco eStreamer eNcore is grouping events
Cisco eStreamer eNcore is grouping events as seen in the indexer when searched. The old eStreamer client did not do this. It this normal behavior for certain events grouped together. Any help would be...
View ArticleHeavy forwarder not sending new data
Installed a heavy forwarder on an instance to ingest exported data from our old SIEM, and needed props set on the data so I don't have to bounce my indexers. I got 2 of my 14 gb files w/out issue, and...
View ArticleVarying behavior when assigning same value to different tokens
Hi, I am updating two different token with same value but I am seeing differernt behavior. (probably its taking as different datatype) $graph_time_earliest$ - 1500$selection.earliest_GC$ - 1500 Initial...
View ArticleHow do you write rex to extract unstructured field?
I have the below log. I want to extract the sixth column as a field, in that column I have different types values. Some of them are decimals some of the are single digit as you can see. I tried IFX...
View ArticleCreating dashboards based on field-names rather than field-values in nested-json
Hi Splunkers, I have events coming to Splunk Enterprise in the following JSON format: { ip : 1.1.1.1 mac : 010203040506 policies : { policy_name_1 : { rule_name_in_policy1 : { status : Unmatched...
View Article--- Article Removed ---
*** *** *** RSSing Note: Article removed by member request. *** ***
View ArticleITSI - Is there a setting to have the Service Analyzer Screen refresh
Hi, The Service Analyzer screen appears to be static and does not change after initial viewing of the Services and KPI's. I would like to see the screen refresh every 5 minutes, but I can't seem to...
View ArticleSearch data for All Time but only graph a specified time range
Hello, I am charting IT help desk tickets and I need to make a chart showing how many tickets are opened and closed every month. The timestamp for _time is the ticket failure_date. To accurately...
View Article