Does Splunk Addon for AWS support Server Side Encryption/ Decryption of...
Hi , We encrypted Kinesis stream : https://aws.amazon.com/blogs/aws/new-server-side-encryption-for-amazon-kinesis-streams/ using Server Sided Encryption. We then have the Splunk Addon for AWS with the...
View ArticleConvert an indexer into a (heavy?) forwarder?
Hello all, We are replacing our single splunk indexer with a pair of new indexers and have migrated all the indexes except those filled by syslog sources. We know that sending syslog straight to an...
View ArticleHow to click on a table in a dashboard and open the search in a new window in...
I have a dashboard coded in HTML and when I click on a table element, it changes the page to show the search ran in Splunk. Is there a way to click on the table but keep the dashboard up but show the...
View ArticleHow can I search for events that match two subsearches?
I'm trying to pull back events that have a specific field value, but should only return events that match that field value if it has related events (two criteria of subsearches match). E.g., I have a...
View ArticleDelta over Multiple SIDs
In my raw data I have a lot of values for a field called "sid". For each of those values I want to calculate the delta of another field "Number" from the previous value for that sid. Then I need to do...
View ArticleHow to reduce the timespans used by accelerated searches?
We use accelerated searches to speed up the data being presented by our dashboards, but we would like to reduce the amount of space that it is using. However, because this data is aggregated by a...
View Articleexact value from log
Hi, can someone help me to exact 536 MiliSeconds from below is log 536 MiliSeconds 6>2017-11-02T05:55:12Z d065d14b-3bcd-481c-512a-bfd42485714d doppler[15]:...
View ArticleNot able to see the syslogs of ASA on Splunk Web
Hi All, I've configured my ASA to send syslog to splunk server installed on centos. I took capture on ASA and I can see packets are leaving the ASA. I took capture on centOS on port 514 and packets are...
View ArticleREST modular input index zip file error
I want to read a file in the zip archives and index it into splunk with rest modular input. The following is my code for the handler: ![alt text][1] I have been doing research to get my code to work...
View ArticleHow to round the 3 decimal percentage in a pie-chart ?
I had a pie-chart and I have added the following line on the source to display the percentage on the piechart But the percentage is displaying as xx.xyz. Now, how can I round it to single digit likle...
View Articlesearch/jobs/{search_id}: View the status of this search job - Is there a way...
HI , When I try to get the status of the search_id using the REST endpoint "search/jobs/{search_id}: ", I see a lot of information in the response. Is there a way to only get the response to check the...
View ArticleCentralized Splunk config synchronization over HTTPS
I have a customer with a very unique network environment. They will have multiple ES clusters worldwide. The only way those clusters can talk to a central region is via web proxies that don't support...
View ArticleIs there a way to only get the response with "isDone" using the REST endpoint...
HI , When I try to get the status of the search_id using the REST endpoint "search/jobs/{search_id}: ", I see a lot of information in the response. Is there a way to only get the response to check the...
View ArticleWhy are some of the checkboxes in my dashboard greyed out?
I have a dashboard that has a number of tick boxes. I have 4 in one panel at the top of the dashboard (snipped of tick box that I can see and tick) ![snipped of tick box that I can see and tick][1] and...
View ArticleCentralized Splunk config synchronization like rsync over HTTPS
I have a customer with a very unique network environment. They will have multiple ES clusters worldwide. The only way those clusters can talk to a central region is via web proxies that don't support...
View ArticleHow can I search for two different error messages to see if they both...
I have 2 sourcetypes. For each sourcetype having different error messages, how can I search those 2 different error messages to see if they happened in a bucket of 1 minute timespan? sourcetyep=first...
View ArticleHelp extracting a value from this log?
Hi, can someone help me to exact "536 MiliSeconds" from below is log 6>2017-11-02T05:55:12Z d065d14b-3bcd-481c-512a-bfd42485714d doppler[15]:...
View ArticleREST API Modular Input: index zip file error
I want to read a file in the zip archives and index it into Splunk with REST modular input app. The following is my code for the handler: ![alt text][1] I have been doing research to get my code to...
View ArticleHow to round the decimal percentage in a piechart with XML?
I had a pie-chart and I have added the following line on the source to display the percentage on the piechart But the percentage is displaying as xx.xyz. Now, how can I round it to single digit likle...
View ArticleSplunk Universal Forwarder fails port scans on AIX 7.1 servers
I have several AIX servers (AIX 7.1) with Splunk Universal Forwarder 6.5.2 that all fail Nessus port scans for allowing TLS1.0 on port 8089. All configs, verified by btool, have "sslVersions" and...
View Article