Splunk addon for AD doesn't keep ssl off on the configuration page (Splunk...
I am trying to set up the Splunk add on for windows ad. I can test this successfully with the ssl option unchecked. however if I save the settings and reload the configuration page, ssl is rechecked...
View ArticleSplunk DB connect 3.11. with rising columns
Splunk Db connect 3.1.1. having issues with rising columns. I get the query results when i execute the query. but when i choose the rising columns-it shows "no matches found" Im using Splunk 6.6.2...
View ArticleCombine of two CSV files into one
Hi Everyone, I want to combine data from two .csv files which are **"CBIG-SIN Updated" and "Hostnames Files"** files names and the output should be displayed in one file with relevant information of...
View Articlecsv data vs Key-value data. Which is faster for performance?
hi, We have an incoming custom dataset which consumes approx 700GB a day and is currently used for CIM. Currently it is in Key-value format. there is a proposal for changing it to csv, which reduces...
View ArticleCommunity value is not passing correct in Splunk SNMP Traps to the Netcool
Hello Everyone, Am sending SNMP Trap to Netcool tool using add-on [SNMP Splunk MA App for Netcool][1]. however the SNMP trap is successful sending to Netcool tool, but the community value is pass as...
View ArticleList just indexers that are offline
I am working on my AWS scaling scripts and wanted to know if anyone knows of a way I can just list cluster-peers that are offline? I would to be able to script the cluster removal of theis dead node if...
View Articledisplay dashboard panels (Split coloumn in two rows )
Hi, Is it possible to display dashboard panel in below fashion ? ![alt text][1] [1]: /storage/temp/217931-dashboard.jpg
View ArticleReplacing $var$ with var
The \`notable\` macro returns a field drilldown_search with the variables $user$ and $dest" embedded in it. I would like to make use of this elsewhere and replace $user$ and $dest$ will the values of...
View ArticleFeeds tor traffic
Hello all. I'm now working out how to detect tor traffic. How better me do this? Maybe some articles, guides, some tricks?
View ArticleHow can I rename fields based on source
I have data coming in from two different sources wich both contains the same fieldname. how can I tell them apart in a search. For example: source1 have a field named ID and so does source2. How can I...
View ArticleHow to have fieldsummary (I need max value of EACH ROW) and also the original...
Suppose I have 100 columns (actually 100+): Plans (it does not have to be on this order, but you'll get the idea): 1. I want to retrieve the maximum value of each ROW. Solution: "fieldsummary" 2....
View ArticleThreat Intelligence Add (Can't understand config)
We have this config: [threatlist://ransomware_ip_blocklist] delim_regex = : description = abuse.ch Ransomware Blocklist disabled = false **fields = ip:$1,description:Ransomware_ip_blocklist** type =...
View ArticleDelay in Splunk purging old events
My Splunk is a single Splunk 6.5.x instance, which needs to retain the last 30 days events, so I configured frozenTimePeriodInSecs = 2592000 in indexes.conf. But it does not work fine all the time....
View ArticleHow to create a bunch of tags in a search head cluster
I am admin in Splunk 6.6.2 clustered environment. I create 10 tags through the GUI. In my SHC, the 10 tags get distributed to the other search heads. Next, I want to edit tags.conf with my UNIX text...
View ArticleSplunk is ingesting archived data from our syslog servers
we have a syslog server with UF installed on it and my inputs.conf states /opt/splunk/syslogs/cisco/acs/*/* and my logrotate.d has syslog-ng that states /opt/splunk/syslogs/*/*/*/syslog. Due to the...
View ArticleTo Split the Lines in Logs as a Separate Event
Hi Team, Currently we have the logs getting indexed into Splunk in this format but we require that each line has to be indexed separately in Splunk. Current Logs getting indexed in Splunk as a single...
View ArticleApproaches to Identifying Patterns in Outliers
I would like to know what approaches to take for detecting patterns in outliers using Splunk. I'm familiar with approaches to detect outliers but would like Splunk to help identify what things are in...
View ArticleInputlookup subsearch to match on field A and output field B in csv
Im trying to correlate info based on a lookup file and no matter how I try, I cant make it work. I have a csv with values like: host,country host1*,country1 host2*,country1 host3*,country2 etc Im...
View Articlehow to modify my today's report to a 7 days report?
I have a query as follows | metadata type=hosts | search [| inputlookup dashboard_hosts_test.csv | rename my_hostname as host | eval host=lower(host) | table host] | eval lastTime=coalesce(lastTime,0)...
View ArticleAverage per day line chart dashboard
I'm looking to graph out the average of "Processor Queue Length" perfmon per day over the last couple of months. I can get the average for that 2 month period, but I want to graph to show the increase...
View Article