SPL to take a field and make it a different "word"
Palo Alto has a field called “flags”. It can have several hex type entries, but what I’m interested in is whether or not a session was decrypted, and this is the field that indicates that. What I could...
View ArticleHome Monitor Not doing bandwidth tests Windows 10
Does anyone else have problems with bandwidth tests not working on Windows 10? I set up the application correctly based on the instructions for manually turning on the inputs.conf file, and the other...
View ArticleQuery return value if NULL event
I have a query I'm working on where not all the values I feed it are in the index I am querying against. For example suppose I have two emails, lrhg@gmail.com and charlie.brown@peanuts.com...
View ArticleTwo queries with different timeframes using join. Is there a more efficient way?
Hi there. I am new to SPL and wondering how to make a particular query more efficient. In particular, I want to create a table with a list of all hosts that have had an event with a given timeframe,...
View ArticleWhy is my installation of Splunk 7.0 failing prematurely on my Windows Server...
The installation finished without any problems whenever I try to install using the local install option. I used to have this running in the past but I un-installed the software and tried to re-install...
View Articleis the nginx add on going to be updated for 6.6?
nginx addon doesn't show up for download with 6.6.3 and the addon page shows Splunk Versions: 6.5, 6.4, 6.3. Is this going to be updated in future?
View Articlemultivalue field search time extraction
Here is part of two raw log messages "memberOf=CN=AU-SG NAT_ClientReadyApp,OU=UniversalGroups,OU=Groups,DC=au,DC=tworld,DC=GHY,DC=com|CN=**AU-SG...
View ArticleInstrumentation License Usage Data
Hi , splunk machine is not sending License Usage Data to splunk and In Instrumentation GUI it's showing No data sent in the last 30 days .while in...
View ArticleHow to split a row by 2 field values
I have a sample data which I am trying to split over 2 fields. For Example: ![alt text][1] In above image we have a test case ID which has some values in Different time spans, It contains combined...
View ArticleSet event time as time the file was created
I have a number of csv files which don't have a 'time' field in them. I would like to set the time of all the events within the csv file as the date when the file was created. Is this possible ?
View ArticleAnimate SimpleXML Dashboard Elements with a Carousel
Hi all, i am trying to implement the Carousel animation as explained by the below link however still getting issues.....
View ArticleUnable to add XIO node using EMC XtremIO Add-on for Splunk Enterprise
Hi, I'm getting a number of errors when trying to add the first node using the Splunk web on a forwarder from the Setup screen: Set up screen shows the following: Error while posting to...
View ArticleSplunk as a CDC Solution and Reporting BI Tool?
I have a question about using Splunk as a CDC solution (Change Data Capture) from relational transactional database and as a reporting BI tool. The use case I am looking for is, Splunk acts as a CDC...
View ArticleUnable to index data coming from syslog
Hi Everyone, We are injecting data into splunk using syslog-ng i verified the data is coming into the heavy forwarder , when i create a data input to index them i am unable to see the logs are getting...
View Articlemonitor log file macOs
i have recently installed Splunk entreprise to play with it a little and I am trying to get the monitor my log files or CPU activity on my mac but I am unable to unable to create to have a...
View ArticleIs is possible to show Splunk ITSI glass table in a Splunk Dashboard?
I need to display multiple glass tables in one view, probably a dashboard. Is it even possible to do in Splunk dashboard?
View ArticleCentOS 4 to forward syslog to Splunk Indexer but no data was forwarded after...
I have already appended my Splunk IP Address and UDP port in /etc/syslog.conf "(asterisk).(asterisk) (asterisk)192.168.0.1/9995", restarted syslog service too. At the Splunk side, I also added a new...
View ArticleCreating a search head cluster, what are the default indices i need?
I have created a new index cluster and need toknow what default indices I need to add to the cluster? I have my own site indices but need to know that def cluster indices I need. Any help is MUCH...
View Articlecontinuously monitor any local event Log windows 10
I am a data analyst interested in Security that have been reccently introduced to Splunk that I am learning on my own now. I was wondering how can I monitor any event on the **local event Log** ? here...
View ArticleHas anyone had issues with Splunk not indexing any new data from a particular...
Our Splunk instance stopped indexing data from a particular index over 72 hours ago. There have been many updates from the data source that should trigger new events, but the last event is from 3 days...
View Article