KVStore with replication setup
I have 2 indexers and 1 search head. i migrated from splunk 5 to 6 and had some difficulty with realtime alerts and ldap lookups. also moved from windows to linux. anyway my work around was to dump the...
View Articleusing sed to split event into multi-event that starting with Uppercase !!
Hi, am wonder how split the below such event into multi-events in order to extract fields easily, this event from Active directory via syslog "Feb 21 09:24:17 192.168.1.11 Feb 21 09:15:55...
View ArticleIs there a way to get the "fielded" result into an alert script (and not the...
I have a few issues with them Basically, I want to POST to a ForeScout Web Service. My first go was for the Webhook option. It worked great, but It turned out that I cannot parameterize the URL with...
View ArticleDefining summary indexes in indexes.conf in a distributed/cluster environment
My app includes the definition of a summary index in indexes.conf. When I am providing a copy of the app for clustered/distributed Splunk Enterprise environments, I like to split the app into two...
View ArticleSplit already indexed data into new events?
Does anyone know of a way to create new events from already indexed data? Here is my issue: 1) I am monitoring a directory where random files with random file names are deposited for parsing 2) I need...
View Articlehow to extract time from multi line log
Dears, i have log that repeated every 10 min as below 16-02-08 Name Succ drop 04:26:50 Searches 12 0 04:27:00 Searches 17 0 04:27:10 Searches 12 0 firts line contain Date of the Day and each line...
View ArticleProps.conf for JSON File
All, Having some trouble with a JSON file field extractions. It’s funny the only extraction I am getting is “PATH” and “HOME”, but nothing else. here is my props.conf KV_MODE = json LINE_BREAKER =...
View ArticleITSI and non-host entities
Does anyone have an examples of ITSI entities that aren't hosts. The docs state that these entities can be: physical or virtual hosts; network devices; users (AD/LDAP user); storage systems, volumes;...
View ArticleHow to Forward splunk reports and charts to service-now
Hi , I have splunk enterprise in linux environment . And I am using with service-now integration. For that i am using Splunk add-on for service-now. I am able to create some reports and generate charts...
View ArticleTime Difference In Days
Hi, I wonder whether someone may be able to help me please. I'm trying to put together a query which calculates the difference between the current date and a "Created Date". If you could have a look at...
View Article[Farsight DNSDB for Splunk] Configurable proxy support
This is a feature request The app needs to support proxying requests to be used in enterprise environments. I've made a temporary hack in bin/dnsdb_query.py myself but a supported proxy config is needed.
View ArticleHow to sum(field) depending on another field
Hello all, I have a field called Type with three values and I want a chart of the percentage of these three values. I am looking for a chart like this, which is easy to achieve: ![alt text][1] [1]:...
View ArticleApproach to building a panel with two searches that only differ in period;...
I am a newbie to Splunk and have a question on best approach. I am doing a panel with three single value views. The first two do the same search with only the earliest and latest modifiers (feel free...
View ArticleDeployment Server Configuration
Hi All, I have configured deployment server and clients, I could see clients in the deployment server, Below are thing which I need to know > I have created 3 folders in deployment server as...
View ArticleHas the "main" index been replaced by "default" since 6.3 ?
It seems that since my upgrade to 6.3 from 6.1 a new index called "default" has appeared. Also since then my license usage has increased. I am not sure if they are related.
View Articlehow to increase number of trend lines depicted
Hi All, I am creating a dashboard which has 30 trend lines. However, when I create the visualization chart, only 11 trend lines are coming. Is there any configuration files which can be edited so that...
View ArticleSplunk ES - Identity Investigator - Editing the Top Box?
Is there a way to edit the top box in the identity investigator to include additional fields? Can I add a "ManagerEmail" or some other field? I can't seem to find it anywere. For example: ![alt...
View ArticleHow to integrate Python script with Splunk (input, output)
I have a Splunk alert which returns some JSON results as well as the usual Splunk fields and sends them by email to several recipients. The results are not so readable by humans, so I have created a...
View ArticleTransport Windows Eventslogs via a View
Hi, In our environment many applications are logging into the Windows Application Eventlog. We would like to transport it speparately. Is possible to transport data from a Windows Eventlog View? -Jens
View Articlequestion about a scheduled report pushing data to a webserver
Hello Splunk, I have a question about the process for web hooks. Looks like it is asynchronous but can it push data to a web server? If so, how does that occur? Trying to understand this as the end...
View Article