Splunk Add-on for F5 BIG-IP
I understand that the Splunk Add-on for F5 BIG-IP is not compatible with Splunk v 7. Any idea when this is going to be fixed?
View ArticleSplunk API monitoring
Hi All, I have a requirement to monitor the APIs which resides in Oracle database. The output of the APIs would be in Boolean value "0" or "1". Value 1 indicates error and team needs alert. I have gone...
View ArticleOracle Brute Force Search - Multiple Events Followed By One Event
Greetings, It's been a while since I asked a question. I'm hoping someone can help out. I currently have a brute force alert for ssh attempts that looks for a total of five or more attempts of success...
View ArticleHow to implement a cluster map based on telephone dialing codes?
Hi Team, We are trying to implement cluster map based on telephone dialing codes. need your help in implementing. How to create maps and how to map the volume against the corresponding area and how to...
View ArticleHow to make REST API call by using proxy from Splunk server to external...
I'm trying to pull data using REST API call from public external cloud service to Splunk however Splunk server is not exposed to public so can't make a valid connection. Can someone suggest how to...
View ArticleHow to extract Target Account Name or Subject Account Name Security ID field...
I'm searching on Windows Security Auditing logs and the Security_ID field but when I do, I'm realizing that there is a section for Subject and Target Account. I want to be able to extract each into its...
View ArticleWhy am I getting the below error message when trying to complete the...
index=_internal host="work" source=*web_service.log log_level=ERROR requestid=5aa016d4eb201a7887ac8
View ArticleHow to Troubleshooting syslog data source with source type missing for...
Hello all, I'm having some really odd issues with the TA-Meraki app. It seems I have my data set to directly come in on 514 and can search it in Splunk ES but it is not usable in ESS. From the TA...
View ArticleEvent sort not reflecting in Statistics tab
I have an xml containing steps with timestamps. When I run a search, I am able to sort the events based on the timestamps I have extracted from the xml. In the **Events** tab, my xml steps sort...
View ArticleHow to set a different time format?
I am trying to format the time that is in this format: [dd/mmyyyy HH:MM:SS GMT] when I set the time_prefi to a regex that contains \[ it seems to stop the data from being indexed. When remove the...
View ArticleWhen will the Splunk Add-on for F5 BIG-IP will be compatible with Splunk v 7?
I understand that the Splunk Add-on for F5 BIG-IP is not compatible with Splunk v 7. Any idea when this is going to be fixed?
View ArticleHow to monitor Splunk APIs in Oracle database?
Hi All, I have a requirement to monitor the APIs which resides in Oracle database. The output of the APIs would be in Boolean value "0" or "1". Value 1 indicates an error and the team needs an alert. I...
View ArticleHow can I create a brute force alert for Oracle logins?
Greetings, It's been a while since I asked a question. I'm hoping someone can help out. I currently have a brute force alert for ssh attempts that looks for a total of five or more attempts of success...
View ArticleIs there anyway to focus on a particular panel of a dashboard on click of...
I want to focus on a particular panel on click of a panel which is in some other dashboard. For example: My Dashboard A has 5 panels and dashboard B has 5 panels related to panel A. So if I click on a...
View ArticleCan you use 3rd party cert for Splunk Web while using another client-side...
It seems the Splunk Web application does not allow for configuration to serve a 3rd party certs for Splunk Web 443, while using another client-side cert connecting to Splunk API 8089. Is my conclusion...
View ArticleRenaming index in data sent from another splunk instance
We are receiving data from an external splunk instance. They have indexes A,B,C. When our indexers receive there data it cannot be indexed because we have indexes D,E,F. How can I rename the index for...
View Articlecreating Apps with App builder and alert actions - newbie
this alert action gave me an error when testing the python. 2018-03-07 18:34:42,033 ERROR pid=24690 tid=MainThread file=cim_actions.py:message:271 | sendmodaction - signature="Error: 'module' object...
View ArticleHow to run two searches and table the results?
Good afternoon Guys, Second question in as many days, but this one is puzzling me and my tiny useless uneducated brain simply cannot work it out. So, the concept is thus - We ingest an email into our...
View ArticleWhy is the event sort not reflecting in Statistics tab?
I have an xml containing steps with timestamps. When I run a search, I am able to sort the events based on the timestamps I have extracted from the xml. In the **Events** tab, my xml steps sort...
View ArticleCan you use 3rd party cert for Splunk Web while using another self-signed...
It seems the Splunk Web application does not allow for configuration to serve a 3rd party certs for Splunk Web 443, while using another client-side cert connecting to Splunk API 8089. Is my conclusion...
View Article