IP Reputation app directory structure error.
I recently tried to install the ip reputation application to spunk enterprise. i had downloaded the .tgz file from splunkbase and tried to install by uploading to the file. i received the following...
View ArticleHow to create a lookup matching non-exact words ?
I have the below type of event and I want to add a category field to it using lookups time Transaction Business name 6/01/2018 40.22 ABC foods 6697 VALE TAP AND PAY 0000 So, I created the following...
View ArticleHow can I automatically rotate Splunk local passwords?
All, I've been asked to automatically rotate the local passwords on Splunk every week. It can be predictable. Like HelloP@ssword1June1st goes to HelloP@ssword1June8th. But just needs to rotate to meet...
View ArticleAppend eval'd streamstats to stats in table
I am trying to append and eval'd field from streamstats to other fields from a stats command within a table. The following produces results in each field except new_loss (the eval'd field from...
View ArticleMultiple Channel posts with Slack Notification Alert app
I am trying to configure the slack notification alert app for multiple slack channels. There seems to be only one option for a webhook URL but we need to be able to configure multiple webhook URLs to...
View ArticleHow to display "0" instead of "No Results Found"
Hi guys! I have the below query for a Single Value Dashboard Panel. It is counting the daily total error duration of the system. My problem with this is, when there is no error, it displays "No Results...
View Articleinvalid search or missing required fields for thresholding
Hi, I'm using ad hoc search for a glass table. By search, when run i'm able to get the value that i want. But in the glass table, error appear as "invalid search or missing required fields for...
View ArticleHow to find field data that does not match expected output
I am collecting data from a field that should contain a 9 digit number. I am finding that there are some instances where this field is blank, or contains alphanumeric characters In order to quantify...
View ArticleGetting Error message while accessing the Splunk Add-on for AWS via splunk...
Hi All, Currently I had pushed the Splunk Add-on for AWS in one of the heavy forwarder instance, but when i was trying to open the Add-on its throwing an Error. Kindly guide me to fix this issue. Error...
View ArticleSource and sourcetype filtering no longer working after upgrade
After upgrade from Splunk 6.2. to 6.6.3 having large existing indexes, any search by either source or sourcetype does no longer work. I.e. "No results found. Try expanding the time range" Indeed, both...
View ArticleHow to configure inputs.conf to send data from 1 directory to 2 different...
We have a scenario where we need to forward data from 1 directory to 2 different indexer clusters. While this is achievable through TCP Routing in inputs.conf, I believe the solution will only work if...
View Articlegrouping and adding the group values
I have these fields Server, LUNs, Application, Used in GB, Available in GB How can I group by server column and then add the total and used columns by each group. I only get one server back with the...
View ArticleHow to restrict a user to a single dashboard?
I want to make a role such that a user can only view a single dashboard. They should not be able to access any other page, including any settings pages or the search app. Is there a way to achieve this?
View ArticleCustom fields of a query are not showing up in the Splunk Machine Learning...
In the search module, I have extracted 2 custom fields for a query and they show up after some time in that module itself. However, custom fields are not present when I put the same query in the Splunk...
View ArticleSplunk AWS integration Unable to Fetch instance Details
Hi Team, We are using latest 7.1 Splunk Enterprise version of Splunk and integrated with our AWS enviroment. In the overview page i am seeing configuration details but other then that there is no...
View ArticleHow to change table column headings?
The search command that I have used is: | chart list(field1) as A list(field2) as B by name month The result I am getting is something like this Name A : JAN A : FEB A : MAR B : JAN B : FEB B : MAR abc...
View ArticleCan i use wildcard for the indexes.conf indexer name?
I am trying to use wildcard to the indexer name is it possible? example: i have indexes name with a patern name and same configuration of how and cold but different maxdatasize below [index_name_1]...
View ArticleUnable to setup SSL self sign cert on Windows forwarder and Windows Indexer...
1. I have follow the splunk instruction, on my Windows Indexer server I have created a CAroot.pem file 2. I have also created a myNewServerCertificate.pem file using the instruction combining the below...
View Articlesplunk enterprise security cloud base
What is the minimum gb/day for ES I can purchase on cloud base? I have 20gb/day splunk enterprise licence and i want to add the ES module. Thanks
View Article