Issue with indexing multiple files from same folder
Hi, I would like to index files into different indexes which are residing in same folder. I did whitelisting. But only first file in folder got indexed successfully. Other 2 files are not indexed....
View ArticleUnable to login by installing Developer Lincese
Hi Everyone, I have just installed the developer license in splunk but I am unable to login with my credentials. I have also tried to login from the Admin credentials also but it is owing **Invalid...
View ArticleReport PDF Delivery not finished
Hi Everyone My Question was allready ask before, i know, but Long time ago and without a clear answer: ([answers][1])...
View ArticleI want to ignore particular username
I want to ignore below user name. So I written following manner is it correct? ......| where NOT (user="*$" OR user="NOT_TRANSLATED") Now, Can I rewrite as below: ......| where NOT LIKE(user, "*$" OR...
View ArticleI want to output statistical data for each session with a log without session...
I am looking at the traffic log of the firewall now, But there is no infomation of "session ID" in this log. However, there are basic information such as duration of session , transmit/receive packet,...
View ArticlePossible? or Not? Let the specific word be colored on "inline search...
Hello all, I have a question that it is whether possible or not to be colored the word which I select with my input panel of text function. It is my best image to be colored such as the time when I...
View ArticleNeed help understanding how KV stores work
I've set up a KV store as described in this article: http://dev.splunk.com/view/SP-CAAAEZJ I wanted to replicate it in my indexer cluster, so I used replicate = true. What I've ended up with is, the...
View ArticleOSSEC confusion regarding how to get log data forwarded to Splunk
Hi, I currently have a ossec server running on my linux server with Splunk Forwarder installed on it as well. I have also downloaded the add-on and app for OSSEC in my Splunk indexer. **I have...
View ArticleCALENDAR VISUALIZATION DRILLDOWN
I would like to ask if in this calendar visualization, is it possible to have a drilldown, what i want is when i click the calendar date it would get the date value and pass it to the token or a...
View Articleschedule search settings for time range
Hi we have created saved search with schedule type (cron every 2 mins) and time range (-2 mins earlier to now) with enabled the summary index which is working perfect. Can we schedule saved search in...
View ArticleHow can I filter the field only from certain events?
Hello! How can I filter the field only from certain events? There are a lot of events with the same fields, I need to filter these fields when indexing, only in some events.
View ArticleCan ES 4.7 be installed on a Windows SH?
Hi Can ES 4.7 be installed on a Windows SH? I know the documentation excludes ES with SHC on Windows, but it does not state anything (that I have found) about single SH for ES on a Windows machine....
View ArticleRemove duplicates within rows?
Hi guys, so I need some data to put into a dashboard table, but the problem is that the data contains everything twice per row. This is the query I use: index=epo_script...
View ArticleMS Windows AD Objects APP: Default source code of AD Objects - User - Logins...
Can someone provide me with the source code of the AD Objects - User - Logins by Group Membership dashboard. I seem to have changed something I can't reverse. Inputs are no longer populating.
View ArticleNo data being received form syslog server
New Splunk environment just stood up. All was working well on Friday, came back after the weekend and now getting an alert indicating that the searchhead is not recieving data from some Windows hosts....
View ArticleHow to extract a field between two patterns in a search
Hi, How do I get "7515-36283" between "Result:" and "/ Value" from following text: Result: 75153-6283 / Value "Result: 75153-6283 / Value" occurs multiple times with different numeric value and might...
View ArticleWhy do I get different results from save search
Hi, I have a customer who is exporting data via the REST API, and getting different results from the same time period, when testing, and I can't determine why. The data is kept for 90 days, so it...
View ArticleOSSEC confusion regarding on how to get log data forwarded to Splunk
Hi, I currently have a ossec server running on my linux server with Splunk Forwarder installed on it as well. I have also downloaded the add-on and app for OSSEC in my Splunk indexer. **I have...
View Articleearliest time and
I have the following search: ..index bla bla... | eval eD_A=strptime(D_A, "%Y-%m-%d %H:%M:%S.%N") , eD_AV=strptime(D_AV, "%Y-%m-%d %H:%M:%S.%N") | eval days=floor((eD_A- e D_AV)/86400) | stats count as...
View ArticleEnterprise SPLUNK Upgrade
What is the best approach for upgrading SPLUNK? 1 DP 1 SH 1 F 2 ID running 6.5.1 on link rehl 6 download 6.63, copy to each device and then untar or is there an upgrade from the UI? Do I need to worry...
View Article