Did they deprecate Splunk app for Ansible Tower ?
Was trying to set up the Splunk app for Ansible tower, but was unable to find the app in Splunk base. please advice if the app was deprecated
View Articleerror message: script exited with code 1
Splunk is producing error message "script exited with code 1" for the following scripts: rlog.sh, time.sh, and lsog.sh
View ArticleSplunk DB Connect: Why am I getting this error when I try run a SQL query...
I have tried the following queries in SQL Editor: SELECT * FROM sys.fn_get_audit_file ('\\"mydatabase"\Z$\NONDBDATA\SQLAudits\Audit-Test_*.sqlaudit',default,default); SELECT * FROM...
View Articleable to see events after deleting
Hi All, We have multisite clustered environment with 24 indexers and 8 search heads and all servers are running with 6.5.2 version. We are deleting some of the events from Search Head GUI using delete...
View Articleregex works in search but not in props.conf
I have a file that I am monitoring on a HF. The file is JSON logs. On the HF I have the following props.conf: [EC-json] KV_MODE=JSON TIME_PREFIX="timestamp":" TIME_FORMAT=%Y-%m-%dT%H:%M:%S...
View ArticleSplunk App for NetApp Data ONTAP - can we use OnCommand
I suspect the answer is no, but thought I'd ask the question anyway, we have around 150 NetApp appliances all managed by OnCommand, ideally we want to hit OnCommand rather than each NetApp...
View ArticleWhy am able to see events even after deleting them from GUI?
Hi All, We have a multisite clustered environment with 24 indexers and 8 search heads and all servers are running with 6.5.2 version. We are deleting some of the events from Search Head GUI using...
View ArticleHow can I limit the results to only users that have more than 3 EventCode=4625?
How can I limit the results to only users that have more than 3 EventCode=4625? I am trying to show only users that have more than 3 login failures within 5 minutes EventCode=4625 user="*" | dedup user...
View ArticleEventgen.conf missing on App for Windows Infrastructure
Im trying to generate data using eventgen for the APP for Windows Infrastructure but I cant find the eventgen.conf within the app directory. Does anyone knows where could I get a eventgen.conf for the...
View ArticleNeed to move an index from a standalone host to a new env with 2 indexers(no...
Hello Need to migrate data from a standalone env to a small distributed env. Honestly I really only need one index. I tried exporting to CSV and importing but the fields/columns dont line up as the did...
View ArticleFine Tune splunk queries
Hi, We have some queries which are very slow and return huge amount of data which finally causes the search head to be very slow. Is there a general document or something which can help us fine tune...
View ArticleJavascript/CSS files fail to load on search head?
I deployed an app to my search head cluster. In one of the search heads, the custom javascript/css files for a dashboard are failing to load. None of the search heads have a local directory for this...
View Articlehacking domain tools downloaded
I don't have proxy logs, but i do have ids/firewalls etc and i want to create a search that will identify when a user has downloaded tools such as nmap, kali etc. any ideas?
View ArticleWhy are the SSL certs are showing under my VIPs and also why are the expiring...
Hi, I setup iapps and analytics for F5, but SSL certs are not showing under my VIPs and also not showing on the expiring ssl certs in the dashboard, I do have a cert that expires in a couple of months....
View ArticleHow can I get this field value in my table?
Hello Im trying to get the contents of a field What I am wanting is the date from a field called "Past Due Step Due Date" where the field "Workflow Step Sort Order" = 4 if the field...
View Articlebase64 decodeing in search
I have installed base64 splunk app for decoding base64 filed but didn't decode the logs, I have used |base64 field=myfiled action=decode mode=replace suppress_error=True is there anyone have used this...
View Articlegrep -f over multiple fields
i'm trying to do something similar to grep -f over multiple sourcetypes that i've appended together into one search. Example: index=xyz sourcetype=watchlist | fields name looks like this zeng smith...
View ArticleSplunk App for Unix
I created some dashboards where can I find them? i would prefer to do this in the GUI
View ArticleHow can I fix my query for a malware dashboard, which is throwing me this...
I'm trying to fix my query for my malware dashboard, but it doesn't seem to work in any way possible, maybe I'm just not experienced enough to fix it. The query is the following: | `tstats` count from...
View ArticleHow can I get the Table cell colorization rendering for every cell instead of...
I am using the example from the Splunk Dashboard Examples for Table Cell Highlighting, I'm using Splunk 7.0.2. I am creating a chart where only one of the column names is known ahead of time,...
View Article