change splunk app logo
I am new to splunk, how can we change splunk `app logo` can anyone give me detailed instructions/steps?
View Articlebins for count values
Hi at all, I have a problem that I don't know if it's solveble: I have a search with a stats command with a values option (e.g. `| stats values(prog) AS prog BY key` ) prog can have few and many values...
View ArticleHow to update host name in 200 alerts ?
If I am having 200 alerts and want to change host name in all alert , how to do that ?
View ArticleSplit a column in the search data into multiple columns
Hi All, I have a file of Tickets to analyse. I want to arrange the data as per the following image. What can I do to achieve the same. ![alt text][1] [1]: /storage/temp/226683-expected.png
View ArticleSplunk Stream: Finding NTLM V1 and LM Usage
Hi, This article describes how NTLM v1 and LM usage can be detected: https://blogs.technet.microsoft.com/askds/2012/02/02/purging-old-nt-security-protocols/ Based on the article I came up with the...
View ArticleNot getting all the files from forwarders
Hi, I know there are lot of questions under the same topic,but i am stuck.i have an application server which forwards the logs to splunk.The way logs are written is that are on random selection.i will...
View ArticleGet Data into Splunk from Elasticsearch
Hi What is the best way to get data into Splunk from Elasticsearch, so i can put Datamodles on to it. Thanks Robert Lynch
View ArticleSplunk to uCMDB Integration
I have been doing some research and need to know if there is any Splunk certified secure app in splunkbase for integrating Splunk to uCMDB OR what is the correct and tested procedure of doing so that...
View ArticleHow to setup HP Procurve switch only security logs send to Splunk server
How to setup HP Procurve switch only security logs send to Splunk server
View ArticleBlank Login Page
Hi, So I have just installed splunk for the first time on my linux ubuntu machine. The only changes I have made during configuration is I have changed the HTTPS port in the web.conf file so that it...
View ArticleUsing Timewrap to compare yesterday to today per hour
I have the following search as I'm trying to compare yesterday's count to today's count per hour and I am seeing events per hour for latest_day, but no events per hour for today index=foo | timechart...
View ArticleCombine RegEx with a condition
Assume the following squid log samples: (squid-1): 1515606581.001 100 1.2.3.4 TCP_TUNNEL/200 500 CONNECT some.fqdn.com:443 - DIRECT/1.2.3.4 (squid-1): 1515606582.002 200 1.2.3.4 TCP_TUNNEL/200 2000...
View ArticleWhere is the first part of the index home path defined?
I've sort of took on Splunk administration for my company so I'm trying to make sense of this as quickly as I can. Under Indexes I see you can define a "Home Path" and here is what I currently see:...
View ArticleModifying an input for dashboard. (Change a time format to fit the _time format)
(Sorry if this is confusing) I want to create a dashboard to find like events that happens at a certain time. This is going to be searching a datamodel so I can see all the events that happens at a...
View ArticleTransformation to index events to different index not working
**Goal** I wish to place some events into a longer living index "staging-boeing-audit" for audit purposes. All other events I wish to continue to be indexed as before. **What I have tried** I...
View Articlesplunk IA-sourcefire connector app is not reporting logs .
Hi , I have issue with splunk sourcefire connector app , it is conifigured on one of the splunk Heavy forwarder . it was working upto 4 th jan . I had tried resetting the connector and also restarted...
View Articlesplunk sourcefire connector app is not reporting logs .
Hi , I have issue with splunk sourcefire connector app , it is conifigured on one of the splunk Heavy forwarder . it was working upto 4 th jan . I had tried resetting the connector and also restarted...
View ArticleUploading new release does not complete - "package validation in progress"...
Hi, I am trying to upload a new release to Splunkbase. After uploading the file, splunkbase is performing some type of package validation. Usually, this validation is very quick. Today (Jan 10, 2018),...
View ArticleSplunk windows docker image
Dear Splunk team, I am trying to pull docker windows image. I can find only the linux image in the docker store. https://store.docker.com/images/splunk Where I can find the equivalent windows docker...
View ArticleIP Reputation threatscore not working.
Hi, I have installed application correctly. but i still don't get the threatscore displayed. I have added the key to file ***scorelookup.py*** at ***/ipreputation/bin/scorelookup.py*** and restarted...
View Article
