send the time value for a search range
hi, I need to take the start and end time of the first dashboard, and send the variables with token from the first dashboaad but I do not know how to filter the time with the variables from the first...
View ArticleTrendmicro deep security logs integration with Splunk
Hi All, I am trying to integrate trend micro deep security file integrity monitoring logs to Splunk. Configured trend micro admin part for log forwarding with UDP port 5514 current setup is three...
View Articlehow to fill NULL in dashboard when element is not occurred in XML
Hello, I have following XML loaded into filed 'data'. Strin2String5String7 I am able to extract the 'stepEventName', 'nextEventNam' element values using below spath: spath input=data output=StepEvent...
View Articleserverclass and regex help for wildcard
We have got few servers which could come with or without FQDN in its name. I'm not sure how Splunk UF generates the hostname of the servers, but it seems not consistent. So have to filter serverclass...
View ArticleIndexing logs as event
Hello all, I would like to monitor a file that is being changed every 15 minutes (unique file in the directory) and it is a very large log file (almost 100MB ~ 150MB). I have some questions about that:...
View ArticleNo persistentqueue attributes in outputs.conf. How to configure data...
I was referring to this link, [https://wiki.splunk.com/Community:Best_Practice_For_Configuring_Syslog_Input][1] to configure data buffering on Heavy Forwarder. The instructions provided talk about...
View ArticleIntegrating client logs from Symantec SEP
Hi Splunkers, I have a need to integrate SEP ver.. 12 with our Splunk environment. I'm aware that there is a SEP add-on which gets the parsing job done. However, my scenario is not straight forward...
View ArticleSplunk - JMX configuration issue
Hi Team, I am very new to the app 'Monitoring of Java Virtual Machines with JMX'. I have configured the hostname and port number of the jvm into config.xml file. Also I have removed all the default...
View ArticleAlert for monthly reporting
How to set the alert to run from 26 of last month to 25 of current month. Say example, Every month at day 1 I will run monthly report, for the run on December month the period should be 26th of October...
View ArticleOperation when the import job fails in Splunk DB connect
I want to know operation about Splunk DB connect when the import job fails, If it failed import job, is there a movement to do the job again automatically? Also, is there a function to manually retry...
View ArticleSplunk Connection Disconnect
Hi All, We have 3 Search heads in a search head cluster which are mapped to a ELB which has an azure app proxy over it. When we access splunk through app proxy's url, we find that we are getting a...
View Articlenetflow on linux
hi i want to send my routers netflow logs to splunk. how can i do that? i install splunk in linux centos 7 and install at Splunk Add-on for NetFlow. but my logs dont show in splunk
View ArticleLine Chart with a day wise usage count
I want to know how frequently a keyword is found(from the list of events) and see it in a time chart. This is the search I am using, I am not sure if I am using it correct . And there is a null line...
View ArticleMSSQL Database Cluster with Active Node and Non-Active Node
Hi. We have a MSSQL Database Cluster with Active Node ![alt text][1] -- And with Non-Active Node ![alt text][2] -- Normally I would check if a service is up-and-running by using e.g. index="windows"...
View ArticleExtracting the date from a filename without modifying the datetime.xml
Hi, I'm trying to extract the date from a filename without having to configure the config.file, i want to be able to achieve this through the search panel. This is my file name: name_name_20171130.txt...
View ArticleDetermining when an event was summarized for data model acceleration?
Is there a timestamp or any metadata stored about when an event was summarized for datamodel summary ? I'm looking for something like the _it field. Or is there any other way to look at what was the...
View ArticleLDAP Authentication Manager Errors
Hi, I have a Splunk stand alone test system that I have successfully configured to use LDAP Authentication. Everything seems to be working fine but I am receiving a lot of errors from the...
View ArticleCreating a SubHeading in Splunk
Hi, How do I go about creating a subheading in splunk. My table is in the following format: Date1 Date2 ITEM | DIFF | DIFF2 | DIFF | DIFF2 Essentially, I have data for DIFF and DIFF2 for day 1, and...
View ArticleMonitor remote directory on Windows machine
I have a directory which is located on a Windows machine. This directory contains a files and I'm particular interested of the content of those files. My Splunk Enterprise is running on a Linux machine...
View ArticleHow do you use a AND statement in a IF statement?
I am looking through log files and building a report that will give a list of usage based off those logs. Currently I am only showing one of the values, Portallogins, but additional data will be pulled...
View Article