SAP PowerConnect for Splunk Enterprise
Have good day for everybody, I want install SAP PowerConnect (https://splunkbase.splunk.com/app/3153/). But i don't find the file: BNWVS 400_700.sar Pls share me how to download this file. Thank
View ArticleSPLUNK Search if word form file appears in logs
Hi I have the following issue. I'm using SPLUNK for real-time monitoring of chat bot. I have as well file with banned words, let say that's a csv file. I want to do search to check if any of those...
View ArticleChange query dynamically based on dashboard
I am having dropdown with values as below: ec count dc count fc count Now I want to draw a line chart from this dropdown input. My Query may entirely different for each dropdown input, So I want to...
View Articlesplunk Dont read the estreamer lookups
hello, in my testing env, I have installed streamer encore addon, firesight addon and ES. and I have configured the eStreamer and its working good. and renamed the sourcetype from cisco:estreamer:data...
View ArticleAdd trendline to timechart splunk
I am having the chart with durations, Now I want add a line over the chart with values as avg(duration). I used below query, but its not showing up trendline index=cloudfoundry...
View ArticleWhere I can find the instructions about forwarding the Balabit SCB (5.0.0a)...
Where I can find the instructions about forwarding the Balabit SCB (5.0.0a) events to the Splunk Enterprise? I have installed the Balabit Privileged Account Analytics application. And now about the...
View ArticleHow to split and retrieve a value ?
I think we may need regex for this and I am not good at it. I need to be able to extract the last part i.e. (TMNT-1752) from the below string . In some cases the numeric part could be three or more...
View ArticleCan splunk identify bank details being changed on a legacy trading system?
Can Splunk identify a pattern in which fraud is occurring, for example, emails asking to change bank accounts, emails from spoofed execs’ accounts, bank details being changed on a system, large...
View ArticleField Extractions in Search Head GUI
Hi Team, I have an event which is getting segregated with pipe (|) symbol and i want to separate those events with a regex expression how to proceed further. Sample Event are below: 2017-06-04...
View ArticleIndex gz archive files from Storage Account via Splunk Add-on for Microsoft...
Is it possible to index gz archives files from a Azure Storage account into Splunk using the Splunk Add-on for Microsoft Cloud Services Import of not archived files via the Splunk Add-on for Microsoft...
View ArticleIs there a github repo ?
Hello, Nice app ! Is there a github repo to request changes in the code ? Thanks
View ArticleCombine Dynamic Fields Starting with same value
So I have multiple fields whose field names could end with a different values. Examples of these fields are below: foo.foo_a = 1 foo.foo_b = 2 foo.foo_123 = null foo.foo_test = 4 What I want to do is...
View ArticleHi Experts,Could you please give me the script which will work to send the...
Hi Experts, Could you please give me the script which will work to send the SNMP traps to other systems with alert name , hostname and some other fiedls.
View ArticleWhy Doesn't Coalesce work in an If/Case Statement?
I am trying to write a search that if the field= Email then perform a coalese, but if the field isn't Email- just put in the field- below is what I have written. It seems like coalesce doesn't work in...
View ArticleCitrix Netscalar app
Hi, I am trying to get logs for Citrix netscalar. Is it better to use the app for the logs or is it better if I get the logs and create my own dashboards. Thank you.
View ArticleDoes EVENT_BREAKER configuration need to be added on a Splunk UF collecting...
Hello Splunkers, Will EVENT_BREAKER configuration be a good idea to reduce indexer stickiness for a Splunk UF collecting windows logs via windows event forwarding or will it be handled natively by...
View ArticleTable ES Suppressions including start time and end time
I'm looking to create a dashboard of existing suppression's, and those that have recently expired or will expire in the near future. But I'm struggling to find where I can extract the relevant...
View ArticleAssigning sourcetype to a source in HeavyForwarder props.conf is not working
Shouldn't this work ? Only If I assign the sourcetype in the inputs.conf of the Universal forwarder this works.. But I don't want to assign it in UF. [source::/...../config/server.cnf]...
View ArticleHow do you include a literal double quote character in a Splunk Regex
I'm using the _rex command and I want to create a regular expression that contains a literal double quote character. How do I do this? Thanks, Jonathan
View ArticleChanging of management port still pointing to DS & receiving the logs.
My question might be weird. I change the management port on one of endpoint(universal forwarder)from multiple forwarders but still I receiving logs & client report to DS. Why it works correctly?
View Article