rename EventCodes
Is there a way to rename EventCodes xxxx field to "description" in timechart? Here is a sample search: Account_Name=* (EventCode=4800 OR EventCode=4801 OR EventCode=4768) index=blah...
View ArticleSearch Schedule Window option not there
Hi all, I have a 6.3.0 enterprise clustered installation with several alerts running with 5min intervals. Most of the time this works fine but now and then they miss a run due to concurrent search...
View ArticleIs there a way to blacklist certain hosts from indexing without stopping the...
I would like to be able to blacklist certain hosts that have the universal forwarder on them from indexing because its killing my license and I don't have the budget to buy more at the moment. I also...
View Article[HELP] No events from remote FileServer - SECURITY log
I can't seem to get this figured out. I've tried adding the stanzas to the output.conf file on my fileserver where the SplunkUniversalForwarder is installed, but nothing from the security log ever...
View ArticleAggregating fields in JSON array
I'm relatively new to Splunk queries. I have an event that contains JSON and within the JSON data is an array. There's some data about a web page request, then an array of resources that make up the...
View ArticleHow to filter Windows Security Event Logs Output?
Hello, I understand this question had been ask before in varies variations, but I am a newbie and I’m trying to filter out the following information below. I would like to keep everything after Logon...
View ArticleUnwanted masking of user name
Hello, new Splunk user here. I have some syslog events that have a field automatically extracted named "user". In the top values of this field, one of the usernames is masked as `'*****'`. But when I...
View Articlebutton token to control search for a panel
Hi i have a panel whose search i am trying to control from button which sets a token to true - $memory_chart$ i have included the below in search Database Connections|search * $memory_chart$ index=XXXX...
View ArticleMaster Node Failure Impact on Search
Hello, As per documentation Search Head queries Master to get list of peers and direct request to them and in case of Master failure all operations - search/replication will work until one peer node...
View ArticleIndex Lag for Source - Results up to 4am Every Day - Host last update is current
I have a source where the Index is updating up to 4 am every day. (Before Daylight Savings shift it was 3 am every day). Splunk is monitoring a folder over the lan of rotating log files. In the past...
View ArticleSplunk Indexer and Universal Forwarder version compatibility
I noticed that Splunk official suggested us to keep the Indexer and UF using the same version (I am using 6.2.3). However, due to some issue, I need to upgrade the UF to 6.2.6 or 6.3. So doing, any...
View ArticleField Extraction when text have %%01 and others Symbols The search of the...
Hi I have a log like this Mar 10 20:19:39 10.18.10.11 Mar 10 2016 20:18:07 HIPDR-M909-X8-CA %%01SHELL/5/CMDRECORD(s)[37105]:Recorded command information. (Task=VT1, Ip=10.2.11.10, VpnName=O_G,...
View ArticleDBX Sybase connection
Hi there. I'm trying to make a sybase connection but I"m getting a '*table_name* not found' error. The dba has tested the same query using my credentials and it works so must be something my end. I've...
View Articlesplunk unable to connect to INTERNET
hi, my splunk instance in unable to connect to Internet .i tried proxy (http https both) nothing work.i think my org firewall blocking my access can any one tell me which ports should i ask them to open
View ArticleEval If Statement
Hi, I wonder whether someone may be able to help me please. Although I've been using Splunk for a few months now, I'm still coming against statements I've not see before. One of which is this `| eval...
View ArticleHow to call python script from Dashboard, and download a file from local to...
Hi Here is what I am trying to accomplish: 1. Click a button on dashboard 2. it calls a script (Python or JavaScript) 3. the Script will then run some shell script and do the CLI search which creates a...
View ArticleChart Windows Security Events User Sessions
Using standard Windows security logs im trying to chart user sessions for TimeLoggedIn and TimeInactive TimeLoggedIn = logged out time - logged in time TimeInactive = ConnectTime-DisconnectTime Im...
View ArticleWith multi-site clustering, can I replicate per index?
As I prefer to upgrade to 6.3, I'm debating whether to use multi-site clustering. We don't currently replicate any data, but that could happen in the future, on a specific index level. Looking at this...
View ArticleDoes splunk clean all remove server names?
We are trying to put our Splunk Indexer on a Windows system image. Based on the documentation, stopping the Splunk service and issuing the `.\splunk clean all` command should clean out everything so...
View ArticleREST API Modular Input: How would I configure a custom authentication handler...
Knowing nothing about REST or Python, I've been trying to configure an input in the REST API app to make a call to our Modulo cloud instance but I'm having no luck. The GET request keeps giving me an...
View Article