Grouping by user, count by number of countries
Using splunk to look at some auth data, and want to get search results that show the number of countries each user has logged in from. I've gotten as far as adding the iplocation information into the...
View ArticleTimestamp from CLI oneoff data file load
Hello, I need to load a number of historical CSV files that don't have timestamps fields. When I load it with CLI oneshot command, `% /opt/splunk/bin/splunk add oneshot my-csv-$DATE.csv -sourcetype...
View ArticleHow to troubleshoot the setting screen in Splunk for Unix app? Stuck on...
I'm finally giving up on my home built, mediocre performance dashboards and reports, and moving on to the official Splunk for Unix app. Awesome! I can't wait. But wait i must cuz the settings screen is...
View ArticleCompare the final value of two searches against each other using data from...
Apologies for the confusing title We have 1 search that gives us Revenue To Date - (*s are to mask sensitrive info) index =**** source="/srv/***/SRR.csv" | dedup "Document Number" | search "Class_...
View Articlewhat is a zip Bundles?
I need to know everything about the theme Zip Bundles this is an area of splunk and I am researching this topic. any help will be welcome. best regards.
View ArticleIs it possible to create a single alert that triggers is event count is <1...
Is it possible to create a single alert that triggers is event count is <1 on a per-host basis? e.g. if I search **index=network-devices** and set the alert to trigger if event count is <1 in a 2...
View ArticleNessus 6 support not working in version 4
Is anyone able to get this to work? I've got the API setup and the app configured to use it on a heavy forwarder, but nothing happens. I don't get errors in the logs, or any logs generating for that...
View ArticleSplunk 6.3.0 firefox web UI issues
I installed Splunk 6.3.0 build aa7d4b1ccb80. If I login using either Firefox or chrome none of the dropdown menus work (App, Messages, System, Activity, help). However, if I use safari everything works...
View ArticleError event time (one more year)
Hi all, In DB Input of DB CONNECT, inside PARAMETERS, I configured to CHOOSE COLUMN on timestamp, instead default option (CURRENT INDEX TIME), and select my column that have a date. When I go on search...
View ArticleWhats the best way to learn Regex commands?
I'm learning splunk and I would like to write Regex commands. Can anyone suggest best way to master Regex commands. Is there any manual apart from Search Manual to learn Regex commands?
View ArticleHow to Configure Splunk Enterprise to receive Active Directory/Windows Event...
Can anyone please tell me how to Configure Splunk Enterprise to receive Active Directory/Windows Event Logs from Snare. I know how to configure using Splunk Universal Forwarder but i don't know how can...
View ArticleHow to Configure Splunk Enterprise to receive Oracle DB logs?
How to Configure Splunk Enterprise to receive Oracle DB logs? What are things i should know to start configuring that?
View ArticleCan't delete data in splunk 6.3.0
I know that a problem old, but I didn't find the solution. Error in 'IndexScopedSearch': The search failed. More than 1000000 events found at time 1445044125. how to delete data if I receive such error?
View ArticleEdit the FieldForLabel in a drop-down
Hi dear experts, I have a dropdown with a Usernone*index=blabla sourcetype=etc OR sourcetype=etc |dedup Machine_Name|table user,Machine_Name-30dnowMachine_Nameusr So, what I want to do here is type the...
View ArticleWhy am I unable to forward logs from a Linux machine to Windows using Splunk...
I am new to Splunk and downloaded Splunk free to several machines, Linux and Windows. All machines are on the same subnet. I have been successful at forwarding logs from Windows to Linux, and from...
View ArticleSubtracting time from search, from another specified time
Hi all, Currently I have the following search- | eval nowstring=strftime(now(), "%Y-%m-%d") | eval nowstring2=strptime(nowstring, "%Y-%m-%d") | eval TD= (nowstring2- it3)/86400 where I'm taking the...
View ArticleHelp with stats: identify the latest result for each set of results
I am searching through the router and switch syslog data trying to find spanning tree state changes for a given time period. Once found I want to put the device name, port and STP state in a table. I...
View ArticleWhy is my summary index suddenly not working and _internal log says -...
Summary Index is not working suddenly. Checked _internal for idx summary index and got the below message _Internal Error - "Streamed search connection terminated". Can anyone help what this means?
View ArticleIs the Splunk App for Web Analytics SHC compatible?
Is there any impediment to using the Splunk App for Web Analytics (v1.5) in a Splunk 6.2.6 Search Head Cluster? As a suggestion, the documentation could be updated using the template:...
View ArticleConfiguring an automatic lookup in a Distributed Deployment
I've been trying to find how to create automatic lookups on a distributed deployment. I have a fairly large collection of normal search time lookups on my search head cluster, but when I try to make...
View Article