How to search for values in a lookup table with wildcard
My lookup table is a simple list of malicious domains. How can I do a search such that I can search for the `malicious domain*` instead of just an exact match for the `malicious domain` in my firewall...
View ArticleTool to check pre-requisites prior installing Splunk
Is there any tool to check prerequisites prior installing Splunk enterprise edition in Linux?
View ArticleGetting the following error in splunkd - Could not find user="system" with...
Hello community fellows, I'm experiencing the following errors in splunkd from each of the shc members. INFO AuthenticationManagerLDAP - Could not find user="system" with strategy="LDAP" INFO...
View ArticleHow to add a role to a user?
We have SHC and LDAP authentication. we have a role called "RoleA" and I want to add user "AAA" to that role. How can I achieve this and from where?
View Articlelog's error code so that base on error code splunk can notify
I want to know error codes we can take from multiple services of hadoop like hbase , hive ..etc so base on those error codes splunk could notify ?
View Articlecisco router bandwidth utilization , memory , cpu and all metrics monitoring
Hi I am planning to monitor CISCO router performance metrics via splunk. As far now for monitoring we need to rely on syslog only for this.Via remote monitoring i need to know what all metrics can be...
View ArticleHow can we download Splunk ITSI
Hello Members, Can we download Splunk ITSI for on Prem installation. My management has gave me the license for Splunk ITSI they might have bought some time back but they don't have process to download...
View ArticleSplunk user login failure with "404 Not found" error
I have a Splunk role say 'test_role' with following capabilities and have a user 'testuser' under this 'test_role' with Default app as say "xyz":- accelerate_search get_metadata get_typeahead...
View ArticleSearch Head Cluster captain confiugred to run ad hoc searches only still...
Hello there, On a Search Head Cluster (6.5.3), when performing an Health Check, I have had a warning for having a high skip ratio - between 60 & 80 %. It seemed like it only affected the SHC...
View ArticleSplunk App for Salesforce Marketing Cloud?
Hi, does Splunk App for Salesforce support the Salesforce Marketing Cloud (API)? It is somewhat different from the classic Salesforce API and I am wondering if we can pull email send reports into...
View ArticleSplunk Add-on for Tenable: No Data
Hi, I installed the Tenable Add-on for Tenable, but I don's see any data or events When checking the nessus index, it's 0 -- so there is no traffic/data I use Splunk v7.0 and have Security Center 5.6.0...
View ArticleLogs with parameter INDEXED_EXTRACTIONS on UF could no be forwarded from...
Hello splunker, I have some trouble to forward data to third-party systems via syslog. All logs are forwarded via syslog except one where parameter INDEXED_EXTRACTIONS is set on a uf. I share my...
View ArticleInterval setting in inputs.conf
Hi, Is this interval field in the inputs.conf in seconds or minutes? Cheers, Jeremy
View ArticleSubsearch 2 fields with Match and 1 mismatch
index =ttt beforeController [search index = ttt beforeController | fields pnr, bnr, NOT(gnr)] How can I achieve that? I am trying to subsearch same types of transactions where 2 fields needs to match...
View ArticleSplunk Enterprise 7.0.1 Add-on for Google Cloud Platform is there a way to...
Hi I'm using now splunk Enterprise 7.0.1. Right now I'm quite new to it that's why i'm asking. Is there a way to get data(logs etc.) from Google Cloud Platform with this version ? Or I have to get...
View ArticleOverview of events and feeds coming in
Is there a quick way on getting a list of all events coming in and all feeds coming in? Would it also be possible to see which feeds are being used for the data models? And also getting a list of feeds...
View Articlelitte search: all src-ips whitch alled more than 4 dest. in a short timerange
Hi there, I am new and I expect, that a have only a small Problem. I want to select all Source-IPs, whitch called more than 4 destinations in a short timerange (maybe 2 Minutes). Diana
View ArticleChart line thickness (line width)
It is possible to make the lines thicker in a standard splunk line chart? I found the "charting.lineWidth" option in the Chart Configuration Reference at...
View ArticleHow do I merge lookup table and index results?
Hi. To start with, I have a lookup table like so. keyValue.csv `date key value` `01/01/2017 EE Enterprise Edition` `01/03/2017 EE Edited Edition` `01/05/2017 EE Epsilon Edition` Now, we see that the...
View ArticleCan't receive Container's logs from Docker with Splunk Logging Driver
Good afternoon from France ! I'm sorry to boring you, but I need your help. Since this morning, I started the installation of Splunk on Linux RedHat. I successed for read the logs from the physical...
View Article