Splunk apps: How do you resolve certificate verification errors?
I've searched the similar questions and did not find a direct answer. I have a Splunk APP (Code42) that fails because of SLL verification issues. "file=RESTClient.py:error:319 message="message="[SSL:...
View ArticleThe maximum number of concurrent historical searches on this instance has...
I'm getting this message on the Indexer Master for my Cluster when I open the Monitoring Console. On which server should I modify the limits.conf file? The Indexer Master? Each Indexer? Both? Since...
View ArticleEVAL for multiple conditions check
I have a search which checks if the values within con_splunkUL exist within con_UL (or visa versa). I need a field created called "Action" which checks this and also if the word "Hosting" exists in the...
View ArticleSplunk Upgrade to 7.0 TLS and SSL on Windows Server 2008R2 question
I am in the process of planning an upgrade from 6.5.2 to 7.0.1 and am looking at the Windows-specific changes listed here:...
View ArticleResource/guide sought for ProofPoint TRAP [ThreatResponse] integration with...
Hello Team , we have requirement to integrete the proofpoint threat response [ TRAP] appliance logs within splunk. i have checked and gone through documentation here and it seems we have options to...
View ArticleDoes splunk use Apache tomcat or Apache struts
Hello All does any one have any idea, weather splunk use any of the following **Apache tomcat or Apache struts** if it uses what is the purpose? Thanks.
View ArticleIf statment is not returning value with evaluate a "tag" value
Hi, i'am trying to evaluate a tag value like this: eval X=if(tag="NY",_time,"1") I have trying everything and stuck in the mud. Anybody?
View ArticleCheck values exist within two columns
I tried to apply this logic as I want to check if the values from con_splunkUL exists within con_UL, but for me it seems its checking for a direct match between both fields rather than checking for a...
View ArticleExternal search command exited unexpectedly with non-zero error code 1
Hi I create a script whit python and i configure the commands.conf but appears the follow message: "External search command exited unexpectedly with non-zero error code 1" commands.conf [sshprueba8]...
View ArticleSingle Token for multiple values
Hello All, Below is the format of my queries in single dashboard: index=xyz $abc$ $abc1$ index=xyz $def$ abc,abc1 & def are not the same, my requirement is, i need to create a single drop down,...
View ArticleHow to integrate Splunk and HP's Performance Center
How can I achieve integration of Splunk with HP's Performance Center in order to do the analysis and other operations? I need to get the results generated by Performance Center (ALM) into Splunk so I...
View ArticleWhy do some searches only display statistics and not Events?
Below is a screen shot from my Fortinet FortiGate App for Splunk. In this case I'm clicking the search "Threat By Severity" on the Threat Dashboard. I noticed that I cannot drill down to events and...
View ArticleSingle token for multiple values in a dashboard
Hello All, Below is the format of my queries in single dashboard: index=xyz $abc$ $abc1$ index=xyz $def$ abc,abc1 & def are not the same, my requirement is, i need to create a single drop down,...
View Articlethe search job terminated unexpectedly
This search take only a few second to come back index=* sourcetype=* (source="/opt/data/*-AA_*.csv" OR source="/opt/data2/*-AA_*.csv") | fields - field1 and return 81,000 records but once I add below...
View ArticleWhy is my default app not loading when Users login?
I have tried many things and googled, but unable to find a solution to this issue. I have an environment that I have inherited from someone else, who has now left. Situation is I want users to have a...
View ArticleShould the master node be a license slave?
I have 1 master node, 2 peer nodes (indexers), and a separate search head. I've set up the search head as the license master (not the master node, as recommended in the documentation), and currently...
View ArticleSplunk Python SDK: In what order are jobs run?
For the Splunk Python SDK, I have a question regarding the order in which jobs are run. For example: I have two processes on the same connection creating jobs for Splunk to run. These jobs are blocking...
View ArticleIs Splunk DB connect supported on Solaris 11 Sparc Platform
Hello, Can someone tell is Splunk db Connect app is supported on Solaris 11 Sparc Platform. For DB connect doc - it was mentioned that it is supported on Linux and Window platform only? We have...
View ArticleHow to count the number of eventts starting at 9 am each day?
Hi Guys, I have the below query using that is using the shared timepicker: today, which is counting the events from 00:00 to 23:59. How can I make it to start count the events from 9:00 to 23:59? |...
View ArticleChange CheckPoint value DB Connect v. 2.4.0
I need to reindex a data from one of my DB Connect inputs. How do you change the checkpoint value? It's version 2.4.0. Thanks! Tim
View Article