Extracting simple array of strings
I have a simple entry in my logs like so: types=["A","B","C"] There are several entries like that throughout the logs. Another one could look like this: types=["B","C"] Is there a way to extract the...
View ArticleSplunk DB Connect and MSSQL View
I am using DB Connect V2 to query tables in MSSQL 2014 and no problem. Then I created a DB Input pointing to the same DB but a simple View rather than a table and during the Input setup query preview...
View ArticleSplunk DB Connect 1: Splunkd daemon is not responding: ('The read operation...
I'm having problems with DB Connect v1. This is a new Heavy Forwarder that's been running Splunk 6.3.3 well since early this month. A few days ago some of my DB inputs stopped indexing any data....
View ArticleHow to re-index a file everyday, even when the file is not updated?
Hey All, We have a file which has the version number of an application in the below format : version = 4.0 The requirement is to get notified when the version field gets updated. In order to do so, the...
View ArticleHow to append in a csv file only records which are unique from a certain...
Hi, I need to append in a csv file only records which are unique from a certain date/time. The aim is to have only new events added to the csv file (and so the search would be scheduled) I used the...
View ArticleSplunk Enterprise Security: How to automate the population of assets.csv with...
We are running Enterprise Security and I'm trying to schedule and automate the population of assets.csv that ES uses as an Identity Management lookup file. I figured I could use DB Connect to connect...
View ArticleHow do fields "Earliest" and "Latest" work under "Edit Alert Type and Trigger...
There are new fields in 6.3 for alerts called "Earliest" and "Latest" on the "Edit Alert Type and Trigger Condition" dialog in Splunk. I suspect these have to do with a feature called "Scheduling...
View ArticleHow to edit my search to filter out all but 1 concurrent event?
In my current run, if two estops / jams are active at the same time, it will count count every minute they are both in alarm as 2 minutes for the "MinutesInAlarm" field. I need them to count as 1 real...
View ArticleHow to duplicate/clone a deployment app (Splunk Add-on for Microsoft Windows)...
We are using the Splunk Add-on for Microsoft Windows to get Windows Event sourcetypes that we're forwarding from Universal Forwarders. We're managing our UF's with a deployment server. I would like to...
View ArticleHow to edit my regex to extract fields from an imported CSV file with extra...
So this is fun... I need to import a CSV on a regular basis, and I have no control over the format or data in the csv. Contents include: name1-name2-Uptime,N. California [RealBrowser],8419,100,0,23...
View ArticleSplunk App for Stream: How to send and receive SBR accounting logs?
Hi ALL, I would like to get SBR accounting logs from SBR in real time. How can I achieve that? i found that Splunk App for Stream can understand Radius protocol, but how can I configure SBR to send...
View ArticleHow do I get some missing parameters from JSON payload to a script for a...
Firstly I am very new to Splunk app development. I'm trying to create a custom alert application and I'm having problems with getting some of the info on the detected condition from the json payload...
View ArticleI created a new index, but why am I not able to access it via REST API to...
I created a new index called perftestresults and I am able to see it when I search using the below Splunk command, but when I run a post command to the index, I get the below error: Splunk Command |...
View ArticleHow to apply multiple criteria in a single Splunk search?
Hi All, I try to create a saved search to fit into the following logic. How can I combine multiple criteria into one single Splunk search? Thanks. > sourcetype=xyz> c_application starts with...
View ArticleCan I have a chart overlay with 2 series stacked in a Splunk graph?
I have a chart with 4 series and what I am wondering is "can I have a chart overlay with 2 series stacked in a Splunk graph"? For example can I get the 2 lines(red and purple) in the below graph...
View ArticleWhy is the Threat Dashboard blank after upgrading the Palo Alto Networks App...
Using Splunk 6.2 Upgraded the Palo Alto Networks App for Splunk from 4.x to 5.0.1 and after waiting for the data models to update to 100%, all of the Content dashboards are populating, but nothing...
View ArticleSplunk DB Connect 2: Why am I getting this connection validation error?
Hi, Why am I getting below error? Validating connection with URL [jdbc:sqlserver://xx.xx.xx.xx:1433;databaseName=ABC;selectMethod=cursor] failed: java.sql.SQLException:,Cannot create...
View ArticleMultiple searches over a number of days across separate indexes
Apologies for the title, i couldn't come up with anything that made sense. Some background information before i explain what i am trying to do. We have multiple indexes in our Splunk instance, each...
View ArticleNo Alerts in Alert Manager - How do I install in a Clustered Environment?
I've installed Alert Manager into our environment, but I'm not getting any alerts to display inside the app. I am getting alerts emailed. I have a three node index cluster, with the TA installed on all...
View ArticleIndexer name change affected CIM Search
I recently change the name of two of my indexers to match the name on the third. Now the Splunk_SA_CIM searches that were turned on for acceleration are only running on the indexer that was not...
View Article