Unknown search command 'ldaptestconnection' when configuring Splunk...
Configuring the Splunk Support Addon for AD but keep getting this error when testing the connection Search | ldaptestconnection domain="test.lab" Result distinguishedName: DC=test,DC=lab Error...
View ArticleSplunk Add-on for Squid Proxy: various URL formats are not being extracted...
Hi Team, I have onboarded Squid Proxy logs on my Splunk instance, but the log contains various formats of URL so URL's are not getting extracted properly. Below are some of the types of URLs present in...
View ArticleResults generation only in last 24 hrs
Hi , Below is the query that will run over last 2 weeks of data but I want an alert to trigger only if "good count" is greater than 4 in last 24hrs . index=abc sourcetype=abc| stats max(resptime) as...
View ArticleCompare two fiels (IP addresss) from 2 different vendor firewalls
Hi mates, I'm figuring out how can I show a table with match IP addresses from 2 different vendor firewalls. So far, I've tried with the "join" statement in order to do a 2nd search and then, an if...
View ArticleInvalid key in stanza "SHOULD_LINEMERGE" of inputs.conf. How to resolve ?
getting this error When Splunk runs the process, "checking conf files for problems..." during restart, Checking: C:\program files\splunk\etc\apps\TA-meraki\local\inputs.conf Invalid key in stanza...
View ArticleWhat is the best way to send data to Splunk HTTP Event collector vs UDP vs...
Hi Can someone please help guide based on experience on what is the best mechanism to stream data to Splunk. As part of our organization we have built a custom logger service that you can make a rest...
View Articledynamic lookup not returning a value
i have been starring at this problem for yons but stuck i have two dynamic lookups. 1. volumeCheck (external lookup), fields defined=ip, volumes, vrank Result; volumeCheck always return vrank=UNK . I...
View Articlesfchange monitor remote file access
I am trying to monitoring the change on a remote file share directory. I want to know when the file changed, who made the change if posside (uid is fine.) I have following config put in input.conf file...
View ArticleError applying with indexes.conf when adding maxWarmDBcount
So whilst modifying my index cluster configuration to be a little smarter with what data is maintained between hot/warm/cold/frozen, I'm a little stuck with maxWarmDBcount. So if i try and push the...
View ArticleHeavyForwarder not sending logs (windows)
I've got an issue with HF not sending the logs to indexer. does anyone have experienced something like this? HF was sending the log to indexer as it should until yesterday. at one moment, indexer OS...
View ArticleIs it possible to create Alert for multiple Instances of an Application?
I'm currently trying to set up alerts if an instance of our application is down. However we have 40 Instances and I want to create an individual alert for each of them. My log event is something of the...
View ArticleIs it possible to create Alerts for multiple Instances of an Application?
I'm currently trying to set up alerts if an instance of our application is down. However we have 40 Instances and I want to create an individual alert for each of them. My log event is something of the...
View ArticleCombine mvexpand and stats(sum) in one command
Hi Ninjas I struggle with query including several "challenges". I got proxy events like: time="10-27-17 10:00:00" url="www.applepiesamurai.org/get_more_apple_pie" user="arnold.schwarzenegger"...
View ArticleExtract Part of Field
Hi, I wonder whether someone could help me please. I'm trying to extract a particular value from a field which is "file-upload-ready". I can manage to exclude the value but not to extract it. This is...
View ArticleOSSEC how to check if log is monitoring anything on webserver and forwarding...
Hi, Firstly, I have a question regarding what components are required for the forwarding of the logs to Splunk from my webserver. My current setup is: **Splunk running on a Linux Server:** - Splunk...
View ArticleHow to sum the count of three users?
Hi, in my scenario i have a lot of users for example: user1, user2, user3... and i want to count their logins to a server and create a pie chart. I have the problem that there are some users which have...
View ArticleCreate pie chart that shows values >=0 also when there are no results!
Hi, i want to create a pie chart by different values what works well. I have the following problem: the pie chart shall display 0 when there is no event. I created a search that results a dummy value...
View ArticleHaving trouble to forward data to Kiwi syslog
Hi, I am trying forward data to Kiwi syslog. I have installed and configured a Heavy Forwarder and forward my syslog data to Heavy Forwarder. Then configured the HF to forward data to Kiwi syslog...
View ArticleHow to skip header in CSV files before indexing?
My input files are in the following format (CSV): Icon Statistics Time;26.10.2017 00:00 - 27.10.2017 04:40 Service;Servicename Statistic;Report_servicename...
View Articleadding JS in splunk dahsboard
Hi splunkers, I am using code provided below for adding the code.js in my splunk dashboard. html_css_jsClick the following button to call the functionUse different text in write method and then try......
View Article