What is best process of sending logs from splunk to syslogng server ?
Hi , Actually we are planning to forward windows events logs from splunk to RSA ? https://answers.splunk.com/answers/581066/how-splunk-can-send-data-to-third-party-system-spe.html Since we already did...
View Articlesearch syntax for comparing events
The purpose of the query is to identify those events that occurred after 10/14/2017 01:00:00 that had not occurred in the 30 days prior to 10/13/2017 22:00:00. Not sure how to display this, any ideas?...
View Articlepassing data from Global search to child search not displaying data on...
Hello, In my dashboard, I am using one global search and multiple sub search queries(which use global search query data). Issue is data is not getting displayed on dashboard, but when i click on search...
View Articleopen google from dashboard
Hi splunkers , I want to open or load google page in my splunk dashboard panel . currently i am using this testinggoogle But that is not working is there any other way to achieve the same please let me...
View ArticleCanĀ“t save DATETIME_CONFIG parameter in our sourcetype
Hello, we have tried to edit our sourcetype as described in the followig article: https://www.splunk.com/blog/2009/12/02/configure-splunk-to-pull-a-date-out-of-a-non-standard-filename.html Pulling the...
View ArticleGroup results based on criteria
Hi Peeps, source="Log.txt" resp_status=503 | chart count by req_url If I execute the above query I will get the following results /account/signin.jsp...
View ArticleIs there any way to define a shortcut to display data values on chart?
My chart has a lot of columns, so the values overlap each other. I need configure a shortcut that I can use when I want to display the data labels values. For exemple, display the labels only when I...
View ArticleJson parsing error JsonLineBreaker
Hi, I'm getting errors with parsing of json files in the universal forwarder. I'm generating json outputs - a new file is generated every time a run a routine. Output has the below: [ {...
View ArticleRadius Authentication and LDAP Authentication
It is possible to use LDAP Authentication and Radius Authentication together. It is possible to set some kind of priority,if it is not available in Radius check LDAP or vice versa.
View ArticleRapid7 Nexpose Add-On not pulling all assets
For my onsite Splunk deployment with the Rapid7 Add-on, it will pull assets from all my sites with less then ~300 assets. However for any site larger site with more then ~300 assets the site fails to...
View ArticleLDAP Search Query Error Messages - Error Code 1.
After running the following query: | ldapsearch domain=**mydomain** basedn="ou=,dc=**mydomain**,dc=local" search="(objectclass=group)" attrs="cn,description,primaryGroupToken" | eval...
View ArticleSplunk License Violation - Investigate additional data for last 24hrs
Last night the license usage passed 95%, which used to float around 60-65%. There would definitely be additional host or logs started ingesting data yesterday. Is there a way I can trace down if any...
View ArticleHow can I make dispatch file names shorter?
I have a dashboard with 3 panels, each with long involved search strings. Recently I started getting log errors that dispatch file (directory) names are too long. I checked and they are indeed 256...
View ArticleReport creates multiple emails, looking for single email
I have a report that is generated every 24 hours and emailed out, however, instead of the report sending the entire report in one email, it sends an email for each search result . Is there something in...
View ArticleHow to get data structure and some data from Splunk?
Our client has been using Splunk to research logs from IT systems. I need to make Java-integration with his Splunk. So to do this I need to understand the structure of his data. For the first visit I...
View ArticleCan't get SSL to work for Indexers and Forwarders
I have read almost ever answer provided in earlier questions, still not having luck with my self-signed certificates to work with our Indexers and Forwarders. We deploy the inputs.conf for indexers in...
View ArticleHow to query the following events that are attached in the Images? Also my...
index="app_qe" sourcetype="automation:merchantMonitoring" monitorName="Performance Test - " | stats by...
View ArticleJavaScript SDK throws timeout when connecting. Application on AWS
Hi everyone, I am currently trying to retrieve some information from an enterprise splunk from a Node.js application hosted on AWS EC2. Currently, I can successfully retrieve information from our...
View Articleurl_domain not showing up
Hi, I've started using this app, but I'm unable to get url_domain to show up for any of my web proxy logs. Am I doing something wrong? | urlparser field=url url...
View ArticleIs it possible to fix a scripted input once it's been indexed?
I'm writing a Splunk App and looking for a few pointers on how to approach the following: - A scripted input requests events from a rest api. - Sometimes, but not often, an event needs to be corrected...
View Article