Splunk alerts integrating with OpsGenie
Hello all, I am creating some alerts and including as action the integration with OpsGenie interface. The alerts are being generated succesfully, however I would like to customize the SMS and email...
View ArticleWhat is the best way to stream data out of one SPlunk instance to another?
All, We have some highly unstructured data I'd like to export from one Splunk instance to another one for testing reasons. Basically a few gigs of a subset of the data. I remember seeing a way to...
View Articlehow to alert which forwarders are throttling
how to create an alert for any forwarders that are reaching max throughput consistently? index=_internal source="*splunkd.log" | eval KBps=tcp_Bps/1024 | stats sum(KBps) as throughput by host | where...
View ArticleWhat is the best way to stream data out of one Splunk instance to another?
All, We have some highly unstructured data I'd like to export from one Splunk instance to another one for testing reasons. Basically a few gigs of a subset of the data. I remember seeing a way to...
View ArticleCan you verify my plans for a search head cluster configuration?
Hi All, I'm trying to create a sh cluster, here are the sequential things that I have. Please correct me. **On the deployer** [shclustering] pass4SymmKey = shc@cluster shcluster_label = sh_cluster...
View ArticleHow to alert which forwarders are throttling?
How to create an alert for any forwarders that are reaching max thruput consistently? index=_internal source="*splunkd.log" | eval KBps=tcp_Bps/1024 | stats sum(KBps) as throughput by host | where...
View ArticleSearch to get the license usage per a single host?
Please I need the SPL to get the license usage per a specific host per GB in splunk Note: not all host in the environment , just a single host
View ArticleHow to create a new field out of values of a current field?
I have a field with event IDs. Some of the IDs indicate an issue, while some of them indicate the opposite. eventid=1 MalwareScanDown eventid=2 MalwareScanUp Eventid=3 SystemOffline EventID=4...
View ArticleHow to create a regex to extract key value pairs
I have a data feed with CEF format. Splunk picks up the key value pairs except the value with the whitespaces, for instance, "subject=my testing" from the sample log below, Splunk only extracts "my"...
View ArticleGEOIP - Is there a step by step guide to getting this set up?
I am presently running Splunk Free on my home network, collecting syslog data from my Sophos UTM. I'd like the ability to translate srcip and dstip fields in the firewall data into country names so...
View ArticleStatsD backend for Splunk
With the release of Splunk 7 and Metrics being top priority - I am trying to configure StatsD to send UDP traffic to my Splunk indexer. However, I am unable to configure statsD properly. Has anyone...
View ArticleBest way to deal with the \local configuration files after deploying new...
I have integrated a deployment client into my environment to manager the configuration files but now I am having multiple issues with configuration files precedence. I am able to deploy new...
View ArticleHow to sum correctly?
Hello All, I am having an issue using the stats sum command. This is currently my search: source="Jan_Sept_FinanceSample.csv" host="Jan_September" index="finance_sample" sourcetype="csv"...
View ArticleCan all fields be outputted with outputcsv in double quotes?
We are currently using the outputcsv command to generate a report for one of our support teams. Overall it works great but they did have one request - currently only fields that have a special...
View ArticleExtracting specific JSON field where duplicate exists within array
I have a JSON feed that I'm trying to parse fields in and the event contains fields with identical names but are different based on the "measurementType" field. What search can I run to pull the...
View ArticleCan we rename fields in transforms.conf?
In the following thread we extracted the name value pairs from the embedded json document - [How can we extract a json document within an event?][1] [1]:...
View ArticleWhy am I getting these error message in the server message log?
Hi everyone, does anyone know why I got a lot of below errors in server message log. which generated by nmon runs on forwarder ? thx Oct 23 00:56:36 tbkafkapldi01us2 kernel: nmon_linux_x86_[31521]:...
View ArticleMultisearch - Brute Force Attempts for both Linux and Windows
I am trying to create an alert to monitor for brute force attempt behavior for both linux and windows systems using a multisearch to stack my queries. I currently use the following query for Linux but...
View Article"ImportError: ... Symbol not found: _inflateValidate" when starting Splunk...
When starting Splunk 6.6.3 after upgrading to High Sierra, I was seeing the following errors: Checking prerequisites... Checking http port [8000]: open Checking mgmt port [8089]: open Checking...
View ArticleClicking on legend to get specific data
Hey All, I have below visualization, ![alt text][1] As seen there are many usernames as in legends, is there a way to click a particular user say : xyz and the only xyz scatter plot is visible instead...
View Article