Bit9 Security Platform: How to troubleshoot why no data is getting indexed?
I've run through the installation process and quadruple-checked my work, but nothing is showing up in Splunk. We have 3 indexers and 1 search head. One thing that isn't clear is whether port 9997...
View ArticleHow to set up an environment with an indexer on one machine and a search head...
Dears, May I know please if it's possible to have a setup in which I will have only two machines: one of them will act as Indexer and the other to act as Search Head, and if it's possible, how can I...
View ArticleWhy am I getting a Server Error when running a search in Chrome using Splunk...
I get a server error whenever I run a search on Chrome. This doesn't appear on other browsers. I have cleaned up my cookies and cleaned up Chrome, but somehow this doesn't go away. Does anyone have any...
View ArticleTwitter2 stream configuration
Given the Twitter2 app uses an example data source of the Twitter sample API, how would I go about making this useful by configuring it more specifically to follow certain hashtags or download certain...
View ArticleAlert to trigger secondary search
Is there any easy way for an alert to trigger another search? my use case is for an account lockout to trigger a search for failed login attempts for that account, so i do want to pass in some result...
View ArticleBetter way to write or statements
Is there a better way to do an "or" in Splunk? (api_domain="purchase" OR api_domain="user" OR api_domain="testX") I assume there is something like api_domain="x" OR "y" OR "z" but Doens't seem to fly.
View ArticleDoes the add-on for jira work?
Hi, I'm trying out the add-on for Jira, but can't seem to get it working. When I execute the provided jira examples, no results come back. I also noticed that nothing gets logged into splunkd (or any...
View Articleadd form inputs on dashboard and make it interactive
I have a dashborad from multiple source and I would like to replace fixed host input (hots=prdo*) to be user manual input, so with that user can add one or more host name and the dash-board will give...
View ArticleHow is frozen data accessed in splunk?
I've been looking at sizing a splunk instance based on https://splunk-sizing.appspot.com/#v=10 and it mentions hot, cold and frozen data. If you want to access the frozen data for some reason what do...
View Articlerestrict search terms only some field extractions working
I have a user group that I'm trying to assign access to a specific subnet of firewall traffic. Their network traverses a few firewalls that are shared. So I added in the restrict search terms;...
View ArticleAVAYA CALL: What format should I use for SMDR from Avaya Aura?
I would like to use AVAYA_CALL to log data from an Avaya Aura server. On the CDR System Parameters screen, I see four options for output formats: customized, int-direct, int-process, lsu, and...
View ArticleWhat is a simple way to clear some space if I'm running out of disk space...
The indexes almost consumed the entire terabyte of space allocated for them. What would be a simple way to clear some space?
View ArticleHow to truncate a string to fit in a table, but still be able to see the full...
I have a table where sometimes the value of a field can be a very, very long string. I want this to be shown in a truncated form, but still have the option to see the full string somehow. Is this...
View ArticleHow to deploy a Splunk environment to monitor switches, routers, and database...
Hi, I would like to know the environment to install in case I use Splunk Enterprise (Trial version). I just want to oversee the local area network containing switches, routers, servers DB to supervise...
View ArticleHow to dynamically generate a dropdownInput on a button click
My office currently has a query tool that allows users to query a database to generate reports. On the query form, the user can select "where criteria" from a drop-down list of fields and then enter...
View ArticleIs there a limit to how many tags can be defined in Splunk 6.3.1?
Hi, I have around 100 test units in Splunk. I started off with creating tags for them to describe and quickly categorize them. Eg. 1Camera, 2Camera, 3Camera and 4Camera. I first created these tags and...
View ArticleWhat is a good way to compare all the VMs in a VMware vSphere with all of the...
First off, let me say that we do not have plans to purchase the VMware app. I would like to be able to identify any VMs which do not have the Universal Forwarder installed and I considered having the...
View ArticleWhy is my pivot search returning "Error in 'DataModelEvaluator': Data model...
I just did a pivot search: | pivot test1 EventObject and it gives me this error: Error in 'DataModelEvaluator': Data model 'test1' was not found. My data model test 1 is as follows...
View ArticleHow to troubleshoot why I am getting no search results using the C# SDK?
I have two Splunk instances: one on localhost and one remote. My C# app returns data when it pulls from localhost, but it doesn't when it goes against the remote server. The search I am using works...
View ArticleWhy do I have events that show up ok in the last 24 hours, but not in the...
I have a search that works perfectly fine and works well for the last 24 hours. When I try to aggregate the data from the last week, 0 results show up host= my_host | fillnull Example value="" |...
View Article