Mule Splunk Connector error
I'm working with the Splunk Connector for Mulesoft. when I attempt to test the connection I get the error: "Test Connection failed: No appropriate protocol (protocol is disabled or cipher suites are...
View ArticleExtending Splunk
Hi, I want to extend Splunk with my own commands. Where is the best place to start on how to do this?
View ArticlePerformance issue with query
Hi, I have a query written to find average exceptions per device on monthly basis for my use case. The query returns results as expected but the query performance is very poor. Below is the query and...
View ArticleHow to implement a Serial Number decoder in Splunk Enterprise?
Hello, I am a trying to implement Serial Number decoding in Splunk in anyway possible. For eg. I have 100 test units each with a Serial Number like ABCDEF001. There is a significance for each and every...
View ArticleHow can I populate a host tag from an external source?
I have a list of hosts that are assigned to a tag so the user doesn't have to input the list of hosts manually in search. These hosts are changed occasionally and I have an external system that manages...
View Articlehow can i get the line count(records) of a file without reading the complete...
I need to get the records count only from a file , so is there a way without reading/indexing the complete file ?
View ArticleSplunk alert not sent
I have an alert configured for detecting an issue and even though Splunk dashboard says it sent the alert we haven't received any. I tried searching in splunk logs...
View ArticleField extraction from lines with different fields from same source
I have a source from which I am collecting logs via syslog. My challenge is that the log files send by same source contain lines that are not consistent in terms of fields. Pl see below. Mar 11...
View Articlenot able to see "ADD DATA" after clicking on settings icon in splunk home...
In order to add data into splunk, I am n![alt text][1]ot able to see add data after clicking on settings icon in splunk home page. I have logged in by using my normal account than company. [1]:...
View ArticleLookup File Issues
Hello I have multiple Questions about Lookup Files. 1. Can you upload a lookup file into Splunk and search fields in the lookup file such that it returns values in those fields without having to...
View ArticleEvents not breaking at timestamp - Cisco Networks App
Hello, Have a question. I had my cisco logs indexed as sourcetype=syslog, coming from a syslog and sent to Splunk with a forwarder. I then installed the Cisco Networks App and change the sourcetype of...
View ArticleObtain difference of a field between 2 searches
Hello Splunkers I just started to use splunk and you know how it is to learn something new, you punch the keyboard lots of times haha. Well I have 2 timestamps (besides a lot of other fields):...
View ArticleWhy won't the DMC pickup the updated SHC Label
Hi, I am setting up my DMC for a SHC, and it warned me that a cluster label had not been created. I logged on to one of the shc members, and executed the ./splunk edit shcluster-config -shcluster_label...
View ArticleUniversal Forwarder
Does Universal Forwarder need JVM ? How can we monitor if a Forwarder goes down.
View ArticleUsing Stats Average and Count to Display my Results
Hi All, I have a search string that reports three fields, Server name, Vulnerability and Severity (in numbers from 1 to 5). So it is possible one server could have multiple vulnerability and each...
View ArticleMultivalue delimited field extraction using SPLUNK Web
In my logs I'm expecting to see groups with multivalues delimited by %257. for example in my logs im expecting to see ***&group=Group1%257Group2%257Group3%257Group4&*** I've created a field...
View ArticleAnomalies Command
All, Just started looking at Anomalies command. Re-read the doc a few times and played with the command some but I don't get it's usefulness. Can you give me some examples of how you're using this...
View Articleshc peering and other questions...
Hi, I'm setting up a pre-prod SHC and have some questions on best practices and such. My existing indexers are clustered. How should I setup distributed searching? Do it from the deployer? Or from the...
View ArticleUsing a lookup file in a subsearch
I have an original search to identify some vulnerabilities in my network, one of the fields in the search string is the Server_name field, however I want it to pull that information from my lookup...
View ArticleES incident_review_lookup
Dear All, In Splunk ES, is it possible to create a realtime alert for any update in incident_review KV store? The search query ( | inputlookup append=T incident_review_lookup) will always list the...
View Article