What is the difference between index and indexer?
What is the difference between INDEX and INDEXER in SPLUNK
View ArticleHow to add Total grouped by a field ?
My table output gives me values in two columns . Column 1 gives different user name, Column 2 gives transaction time. Column 1 contains user ids (repeated many time over differenr transactions). I want...
View ArticleSplunk Enterprise Security: risk modifier from search pipeline not working
Used a search from the Splunk Risk Framework page: http://dev.splunk.com/view/enterprise-security/SP-CAAAFBD Search: | makeresults | eval risk_object="mysystem" | sendalert risk param._risk_score="100"...
View ArticleDoes anyone have any experience running Splunk on an Intel Compute Stick?
Has anyone ran Splunk on an Intel Compute Stick like the CS125? How does it perform versus the CS325 or CS525? I'm curious to hear any stories from the trenches on how a Search Head or Universal...
View ArticleSplunk Enterprise on REHL 7 in AWS, how to mount S3 storage data for splunk?
Hi All, I know this question leans more to AWS support but I thought I would poll the community for any insight. I have an EC2 (RHEL7 OS) rolling in AWS and I am in the midst of installing Splunk...
View ArticleIs there any way to get the top 10 hosts with event count spike compared to...
I have lookup file which contains a list of hosts around 500 as follows host A B C d Now, how to write a query to identify the top 10 hosts with event count spike compared to yesterday's event count ?...
View ArticleSplunk Python SDK multiprocessing
My code uses splunk and the python sdk. It firsts connects to splunk. Then it creates two child processes, who each run their own search. My question is, why is this slower than just not creating any...
View ArticleFULL NULL Values based on certain values
The OverAllStatus only displays on the first row but I require the OverAllStatus to be displayed on each row for each machine (either Pass or Fail). I need some sort of eval to correctly assign the...
View ArticleJson ingestion --> Data models Inquiry around best practices
A colleague of mine is reporting that data models don't support {} characters in field names. 1) Is this true? 2) If it is true, what's the best practice for getting around this? Is there an addon...
View ArticleI would like to create a new index with some extract fields which are not in...
Hello **Topic:** I would like to create a new index with some extract fields which are not in my initial index **Description :** I have an index and I create new fields with a python script index "A"...
View ArticleDifferent authentications for HEC Token
Hi, I am following this online doc to test the three authentication for HEC tokens: http://dev.splunk.com/view/event-collector/SP-CAAAE7G. I don't understand why only HTTP authentication works while...
View ArticleJSON transformations
Hi. I have a problem with transformations in Splunk: Example event(small part of it): `Dec 1 22:29:42 127.0.0.1 1 2017-12-01 LOGSERVER 1292 - -...
View ArticleRebalancing Indexes On New Larger Index Nodes
We are looking to upgrade our Splunk Indexers to a set of more performant AWS instances with more disk space available to them. I was reading about data rebalancing and it said that it makes the...
View ArticleIs there a Splunk search command that will give an organized summary listing...
Hello, I was wondering if there is an SPL command that will give an organized summary or listing of all field aliases that have been defined. So far it looks like a user has to go into the settings and...
View ArticleConfirming machineTypesFilter for Sun Solaris Servers
Trying to setup a catchall for all our Sun Solaris servers but can't find the proper way to match by **machineTypesFilter** **serverclass.conf** #...
View ArticleA threat intelligence download has failed...status="threat list download...
Started getting the following alert after installing ES in our environment. A threat intelligence download has failed. stanza="iblocklist_rapidshare" host="jsspl9.domain.net" status="threat list...
View ArticleHow to extract date:time format from raw data using REGEX?
Below is part of my sample data .. I want to extract date and time from the data. 00.111.222.1 va10n40596.abcdefgt.com - - 443 [02/Jan/2018:18:25:41 -0500] I want new filed called start_date as...
View ArticleHaving trouble connecting to LDAP server with SSL (LDAPS)
Hi everyone, I'm trying to setup LDAPS authentication with Windows LDAP server. However, I have been getting the below error message: Error binding to LDAP. reason="Can't contact LDAP server" To narrow...
View ArticlePalo Alto inputlookup errors
I have a file (servers.csv) with a set of server addresses, e.g. 1.2.3.4 4.3.2.1 5.6.7.8 I uploaded the file, and I am trying to use an inputlookup to find relevant logs to any address. My query does...
View ArticleAdd column Value with condition
The table output of my splunk query gives me an output like this. There are two columns "fruit" and "rotten_time". fruit | rotten_time nyf| 97 sec mse | 16 sec sem | 20 sec ert | 33 sec dhg | 21 sec I...
View Article