compare value from search with multiple column in lookup
Hello! I have some log with next format:CDR_NUM1,CDR_NUM2,CDR_STATION,CDR_TRUNK1,CDR_TRUNK2 71234000000,71235000000,OR_00029,1109,28 72335000000,72337000000,OR_00030,1043,6...
View ArticleDefine time from 6am to 6pm of 1 week
Hi splunk, I had a search of sourcetype="ltaTraffic" Type="Accident" tag=expressway earliest=-30d | transaction locationaccident maxspan=1s | bucket span=1h _time | dedup locationaccident| fields...
View ArticleField Extraction of CSV on forwarder
Hi,I have setup an universal forwarder to monitor a csv file and send the output to indexer(single instance acting as splunk web also). below are the config files on Universal forwarder.input.conf...
View ArticleSplunk login error - "Undefined index: roles in ssoScript.php"
Several of us here in my office have a lot of trouble logging into Splunk. After entering my username and password the Splunk login web page gives the error: "Invalid username or password.". It is then...
View Articlesub-search and destIP foreach srcIP
Hello,I would like to obtain a complete list of all connection.for exemple : SRC | DST |PORT a.a.a.a | z.z.z.z | tcp 22 | x.x.x.x | tcp 8080 b.b.b.b | x.x.x.x | tcp 80 ... For that, I've made two...
View Articlesplunkstorm API support for querying of data
Does splunkstorm support querying of data though their APIs (REST or otherwise)?I see a earlier query where the answer is no...
View ArticleActive forwarder not showing in Storm
The forwarder is installed and active, and monitoring a directory. Why is it not showing up in Storm? Is that the correct host? I had to manually add this forward-server, nothing was there by...
View ArticleDeletion of event data in a index for performance
Hello, I would like to know if deletion of events which are not required will increase the search performance? They are in very big numbers which slowed my search down on the dashboard.If not do i have...
View ArticleUsing extracted fields in automatic lookups
I have a series of fields I've extracted using the GUI for a particular sourcetype. I've also set up a lookup table, definition, and automatic lookup using one of those fields. The automatic lookup is...
View ArticleExchange Powershell cmdlets not accessible to Splunk for Exchange Powershell...
Hi, I've installed the Splunk App for Exchange and it appears that none of the powershell modules are functioning correctly. I know that they are running, but none are returning data. On further...
View ArticleUpgraded Splunk for Symantec from 1.0 to 1.03 and getting errors
Upgraded to the latest version of the app and TAs. Getting the following error on the search console.The lookup t able 'sep_vendor_info_lookup' does not exist. It is referenced by configuration...
View ArticleAdding authorized IPs for splunk storm remotely
Is there a way to add/remove Authorized IP addresses for the "network input" for direct syslog data? The situation is that we have many sip devices connected to the internet that may have changing IP...
View ArticleEvents are gibberish
Hey guys, running into a big of a problem with this app. We're testing the feasibility of replacing Blue Coat Reporter with Splunk but I'm not having much luck getting it to work. I've got Splunk...
View Articleforward _internal index from deployment server
Hi, I have the following outputs.conf set in deployment server but the _internal index doesn't seem to be forwarded to the Indexer. What do I miss?outputs.conf[tcpout] autoLB=true autoLBFrequency=30...
View ArticleSupport for Security Center
Does this app support exporting from Security Center? Currently we have Security Center managing multiple scanners across an enterprise deployment. Thanks.-Josh
View ArticleWhich IP addresses to put in reputation.conf?
I have a simple question... Does the reputation.conf file in the Splunk App for Exchange require that I list the INTERNAL or EXTERNAL IP addresses in the file.
View ArticleHow do I expire a bucket with future events?
I realize buckets die off as the newest event surpasses the expiration date. I also understand that deleting events do not remove the events, simply mask them from appearing in search results.My...
View ArticleHistorical Events Not Showing Up in Searches
I needed to restart my Splunk instance on our heavy forwarder the other day. After restarting, I am unable to search on anything before the restart on our main indexer. I am not seeing anything in the...
View ArticleCustom drilldowns in splunk storm?
Drilldowns from my dashboard work as expected -- it adds the clicked element to the search and shows the filtered logs. But, I would like to modify that behavior. For example, in my pie chart of top...
View ArticleSuppress alert email due to splunk internal error
Hi, Is it possible to suppress alert email from the saved searches due to splunk internal error.For example, I received alert email from the saved search due to this splunk internal error.-- Search...
View Article