How to forward the results of data power search app from search head to third...
I would like to know whether it is possible to forward the results of data power search app, displayed results on search head to third party server. If it is possible, how is it done.Thanks, Obaid Mohi
View ArticleHit and miss extractions
I have come across a strange issues with regex extractions - the information I'm trying to extract seems to be only extracting some of the time. I have an automated report which uses a lookup list of...
View ArticleCisco MARS to Splunk migration
Hello, I'm looking for input on my plan to migrate our Cisco MARS appliances to Splunk.My basic plan is to set up the Splunk for Cisco MARS module to import archived data from the appliances to get the...
View ArticleInput from csv from my local drive
I have a list of IPs that I'd like to use as input to a saved search. Instead of manually typing (ip=x OR ip=y OR ip=z), if I have a csv file on my local drive with a single column of IPs, is there a...
View ArticleConditional Filter count results in chart
index=rhwindows sourcetype="WinEventLog:System" Type=Error OR Type=Warning NOT (*PrintSpooler OR *SpoolerWin32SPL) earliest=-24h@h latest=now | chart count over host by SourceName Hopefully simple one:...
View ArticleThe "Global Threat Landscape/IP Watch list" App link is not working.
Dear Splunkbase,Global Threat Landscape/IP Watch list V2 @ http://splunk-base.splunk.com/apps/22322/global-threat-landscapeip-watch-list-v2, returns the following error: The requested URL...
View ArticlePassing 2 values Drilldown
Hi Everyone,While using Simple XML, I am able to easily pass a value from a table row or from an actual form. The problem I have is when I try and pass 2 values through the drill down link, here is...
View Articlefile with list source for search OR file with list of search request
Hello! I have a csv-file that contains list of source, for example: source MySource1 MySource2 MySource3 ... I have also a search request, it is the same for all sources. I need to create automatic...
View ArticleIndexing logs to remote server
I have installed 1 forwarder on my linux machine-1 and another on windows apache machine-2. The splunk has been installed on another windows machine-3. i was able to enable the receiving and am able to...
View ArticleTwo lookup commands in one search
I am trying to use two lookup commands in one search string. The output of the first lookup command is being used in the second lookup. index=proxysg | lookup myfile.csv A as B output C | lookup...
View Articleshowing null values in a lookup table
I have lines in multiple lookup tables that look likelista,listb,listc,listd a1,,c1,d1 ,,b2,c2,d2 a3,b3,c3,d3when i do a lookup on these and try to show all of the results it just eats up the lines in...
View ArticleTrying to integrate perf4j with our project and aggregate the results in Splunk
I'm trying to figure out how to integrate perf4j into our project in such a way that I can easily read the statistics and aggregate/graph/make charts in Splunk.Anyone have any experience with this?
View ArticleSplunk for Exchange - Index Requirements
How would one go about estimating the size of an index when using Splunk for Exchange? There are articles which are specific to Windows server, but nothing specific to Exchange (at least from what I've...
View ArticleCorrupted bucket journal?
Hi Everyone! I hope this isn't a "frequently solved problem." I've searched and googled for answeres but I ren into a wall. First, I started getting this error in splunkweb:[EventsViewer module] Error...
View ArticleSplunkStorm & IIS & time stamp
I've seen a few similar questions asked with answers that either don't apply or don't help, and I apologize in advance if I missed the helpful one somewhere. I'm fairly green on the forwarders so I may...
View Articleaccumulator widget calls endpoint twice
can someone explain why my custom endpoint gets called twice for the accumulator widget in my custom setup.xml? And possibly how to get it called only once? I have not seen this behavior with the...
View ArticleSplunk DB Connect - KeyError 'Elements' on setup
I just installed a new copy of splunk and immediately installed the DB Connect app after initial setup. I am getting an Error 500: KeyError 'Elements' when I try to go through the setup the first time.
View ArticleOSSEC app sudo messages gumming up the stats
On my Splunk server I am seeing the following every 5 minutes:Apr 21 05:14:20 ts-sl-server sudo: root : TTY=pts/0 ; PWD=/opt/splunk/etc/apps/ossec/bin ; USER=root ; COMMAND=/var/ossec/bin/agent_control...
View ArticleTrying to add additional info fields into top output
Hi,I have a simple alert that runs nightly, it is something like:index=bluecoat cs_categories="*Forbidden*" | top limit=20 client_ip Basically shows a report of top 20 clients that access forbidden...
View ArticleConfiguration for Splunk for Excel Export ap
After installed the Splunk for Excel Export add-on and restarted Splunk I can't see any integration on my apps.To see the "Excel Export" button on my apps have I to configure anything on the...
View Article