Splunk - Add-on builder - cant execute webhooks
anyone know why I cant execute filesystem commands in the app builder with python and slack web hooks? https://splunkbase.splunk.com/app/2962/ user log 1: 2018-03-07 18:34:42,033 ERROR pid=24690...
View Articlei installed splunk forwarder and tried to run below command : ./splunk enable...
i installed splunk forwarder and tried to run below command : ./splunk enable boot-start --accept-license. I got below error: This appears to be your first time running this version of Splunk. Can't...
View ArticleSyslog-help me
How can I transfer data from splunk to syslog? I did not understand the explanation in the link: http://docs.splunk.com/Documentation/Splunk/6.0/Forwarding/Forwarddatatothird-partysystemsd#Syslog_dat I...
View ArticleUse two depends in a dashboard panel
Hi at all, in a dashboard, I need the possibility to choose between two searches to display results in a panel and at the same time to display an html message if there's no result in each of them. In...
View ArticleIssues with the Qualys TA were not ALL scan information is pulled.
Hi guys, This is a bit of a generic question but I thought I'd ask in case anyone had ever seen issues from Qualys like this before. We currently ingest our data from Qualys 3 times a day (every 8...
View ArticleHow can i change the default 8000 port where splunk web interface get installed?
Can i change the default 8000 port for the splunk web interface? Usually if i install splunk, it gets started at default 8000 port. If this port is not accessible in my network, where can i change this...
View Articlehow transforms.conf and props.conf works?
what is the difference between props.conf and transforms.conf and how its works
View Articledon't show rows with specific column values
| base search table amount, currency , received, time The value of 'received' field is either 0 or 1. I want my table to show rows where the value of column 'received' is '1'.
View ArticleHow to put multiple rows in a table in single row by parsing some criteria?
I have a search query that gives me data as -------------------------------------------------- | {applicationid: app_1 | | data_type: data_A | | message: message_123 | | } |...
View ArticleHow to install Splunk on Windows 2012 R2 server?
Hi All, I m new to Splunk, I would like to install Splunk enterprise on Windows 2012 R2 server via RDC Manager , I can able to connect to respective server via RDC but internet connection on that...
View ArticleHow to filter users ending with $ using inputs.conf on a UF v6.6.
Hi and thankyou in advance, I need to be able to filter EventCode 4624 to NOT includes events with "Account Name" ending in $ (the machine name). OR Possibly with the Security ID: NULL SID However i...
View ArticleHow to replace field values received from one search result in one index with...
Index 1 search result:- Provider IP Version Count Provider1 10.10.10.1 1.0 30 Provider1 10.10.10.2 1.0 40 Provider1 10.10.10.3 1.0 100 Provider2 10.10.10.2 1.0 50 Provider2 10.10.10.2 1.0 75 Provider2...
View ArticleHow to hide navbar collection for a role
I want to hide the "advanced" dropdown label in the navbar for a role. Is there any option without using css?
View ArticleIs there something like a "sql database view" in splunk to hide the...
Is there something like a "sql database view" in splunk to hide the complexity of a search/report from the end user?
View ArticleTRANSFORMING TABLE
I have data as given below in table format A B C D E F 517 2498 186 1000 250 100 399 314 1559 100 100 1000 I want each row of D E and F against each row of A B and C kind of cross transformation output...
View ArticleAuthentication error: Client is not authenticated while trying to add search...
I'm trying to set up a simple Splunk environment, but when running: $SPLUNK_HOME/bin/splunk add search-server http://192.168.4.210:8089 -auth admin:password -remoteUsername admin -remotePassword...
View ArticleI am using subsearch and trying to pass ID from sub to the main and trying to...
Normal index query : searchA[search search B|stats count by _time,BusinessIdentifier|return BusinessIdentifier]|stats min(_time) as E by BusinessIdentifier Tstats query: |tstats min(_time) as E from...
View ArticleSearch Multiple Sourcetypes using different fields - return all rawevent...
I need help figuring out the best way to get the information I want in one query. I have indexA with sourcetypeA, sourcetypeB and sourcetypeC. I also have indexB with sourcetypeD. I input two values to...
View ArticlePalo Alto: Adaptive Response: Tag to Dynamic Address List requires commit?
Hello, I am using Palo Alto App for Splunk and its adaptive response feature. We have done some troubleshooting and testing and based on what we have accomplished so far, I have few questions: 1....
View ArticleChart overlay is invisbile
Hi, I am using line chart overlay on column chart. but It's not displaying overlay line chart, even though data points are present. When I hover the mouse, I can see all data points. When I use...
View Article