Using lookup table as source for search
I am looking for a way to perform a search and produce results matching search results against a lookup table or vice versa. The scenario is a lookup table with two columns, IP & Description. I...
View ArticleWhat is your favorite dashboard?
Hello, little friends. We are starting strange questions! What is your favorite dashboard or dashboards? Ye, describe what it reflects :)
View ArticleHow can I use results of a stats table to output to another pipe or timechart?
index=source earliest=-2h sourcetype=e | bucket _time span=1h |stats count by code _time| delta count as difference | eval percdif=round(abs(difference/count)*100,0)|table code, count, difference,...
View ArticleWhy did I receive this error while clustering search heads? "Error=Connection...
I am trying to cluster search head In this process when I am trying to execute cammand for captain Throwing an ‘error=Connection refused’ But I checked for the ports it was in the listening state
View ArticleMatch IP address in Splunk to IP range in CSV
index=logs ip_address=* has single ip addresses like 5.9.100.100 CSV file: range, owner 5.9.0.0/24 Owner1 5.10.64.0/24 Owner2 How can I correlate ip_address to CIDR in CSV file? I guess we need to use...
View ArticleMemory usage from remote machine with splunk forwarder
Hi everyone, I have the following wmi.conf [WMI:LocalMainMemory] interval =300 wql = select CommittedBytes, AvailableBytes, PercentCommittedBytesInUse, Caption from \...
View ArticleWhy shouldn't we search index=*
I'm interested in knowing why it's frowned upon not to search index=*. I was asked by one of our employees and remembered it being mentioned at this .conf.
View ArticleHelp in writng the transforms
Hello, Since i am new to splunk,, having hard time in understanding and writing the transforms for varying password length.It would be great if someone can help me with transforms to mask username and...
View ArticleHow to write the transforms.conf for varying password lengths
Hello, Since i am new to Splunk, i'm having hard time understanding and writing the transforms for varying password lengths. It would be great if someone could help me with transforms to mask the...
View ArticleHow to prevent some search heads from searching on a specific index that has...
We have one index on our indexer cluster that has sensitive data. We want to set up a standalone search head that has additional security requirements (using RSA tokens/OTP for 2-factor authentication)...
View ArticleRapid7 Nexpose Technology Add-On for Splunk: Version 1.1.8 crashes on app setup
Unable to install and setup this new TA (released on 12-6-17). 'Setup' link on the app 404's. Tried on multiple Splunk instances and versions.
View ArticleCreate Tab in Dashboard
hi i create tab in my dashbord base on this Link :https://www.splunk.com/blog/2015/03/30/making-a-dashboard-with-tabs-and-searches-that-run-when-clicked.html but at the end it does't show my...
View ArticleSearch Head Queue Pile Up
Hi Splunkers, We have dashboards that refresh every minute. We observed that after some time, our widgets are not refreshing and turning to "Waiting for queued job to start". The users who are using...
View ArticleHow to make a line chart that shows 6 months of data with each datapoint...
Im trying to show a trend in event data by platform. I want to create a line chart showing the last 6 months with one data point for each month. That data point should be the sum of an event field for...
View ArticleProblem with alert-triggered scripts for ServiceNow
I am trying to get the alert-triggered script working but having some difficulties as I keep getting exit code 1 on the scripts. I'm not a python guy, so I'm unable to reverse-engineer the script, so...
View ArticleSplunk forwarder not able to send data to TA-NIX index
Current setup for forwarder server is, it sends data to 2 indexes. One for the TA NIX index and the other index is being used for some log files. No data is coming for TA NIX index but for the log...
View ArticleHow to create a linechart showing the previous 6 months with each point being...
Im trying to show a trend using a linechart. It should show the previous 6 months and have a data point once for each month. The data point should be sum of events for the previous 6 months, and the...
View ArticlePossibility of adding buffer in Splunk
Is it possible in Splunk to dump data of 3 days consecutively and to compare that data on 4th day to find the unique values from 3 days data. For example, I want to dump data of left alone events of...
View Articleparse multi string array
Hi! I have log 2017-12-09 16:25:00.477;RC;2017-12-09 16:24:00;ReleaseCauses={SMS={34=1;}; Voice={}; GPRS={};}; 2017-12-09 17:03:00.252;RC;2017-12-09 17:02:00;ReleaseCauses={SMS={}; Voice={}; GPRS={};};...
View ArticleFiltering data using SHOULD_LINEMERGE
Hi all, I have configured the line breaking parameter as (SHOULD_LINEMERGE = true) to read a log file that contains the below data for each update. It will allow to have all data in the same event to...
View Article