Does Splunk support excel imports
Does Splunk support excel imports. We data in spreadsheets and want to be able to import as excel. I know that CSV imports works but wanted to check if excel imported is a supported future feature of...
View ArticleTimes Unchanged For Newly Indexed Data After Time Zone Config Changes
I am using splunk-5.0.4-172409-x64 for Windows and can't get the time zone to offset from GMT to CDT. I have changed to central time in my user settings as well as made recommended changes to the...
View ArticleNeed help modifying this correlation search
This correlation search detects a "substantial increase in port activity" and it works well. How can I tune/modify it so that it is a little less sensitive so that it doesn't "trigger" as often?...
View ArticleIncident Review Dashboard incidents storage
As I understand the splunk app for Enterprise Security creates a number of TSIDX namespaces that are used to store summary statistical data used by the dashboards and correlation searches throughout...
View ArticleCannot track a case
Login ErrorYour login attempt using single sign-on with an identity provider certificate has failed. Please contact your salesforce.com administrator for more information.
View ArticleHow to seperate a total list of services to compare them individually
Hi All,I have a search that pulls up data from 1 week ago, 2 weeks ago, and 3 weeks ago. The data is the total of all of the services coming through our enterprise service bus.What I want to do is...
View ArticleWhat happens to knowledge objects once the owner user is deleted?
Is this documented anywhere?I noticed that one of my scripted alerts stopped working once the owner account was deleted. The script and saved search were still there, but the saved search would not...
View ArticleResults bar not showing all events
Ok so, I don't have enough points to upload an image, so this might be a bit complicated to explain. I have set up a script that sends that to an indexer every 10 seconds. If I run a search I can see...
View Articleframework and splunk both run?
Hi,I'm a little confused with how the app framework works. Does it run seperately outside of splunk? One of our developers installed in their environment, and it's running on port 3000, and people...
View ArticleComplex lookup table question
I have a lookup table with two values in the lookup table that I want to use in the end report.Example: (table with and ip,source) (xxx.xxx.xxx.xxx,incident report)I want to look at my events and find...
View ArticleHow to correlate the current period count with last week value and average of...
I need help with a correlation query where the aim is to find a particular type of event count in last 1 hour , the event count for the same hour for same day in last week , and the average event count...
View ArticleTime Range options in Correlation Search?
In Enterprise Security I have this correlation search which I believe includes searching through the previous 24 hours of events:| inputlookup append=T listeningports_tracker | eval _time=firstTime |...
View ArticleWhere to find more correlation searches?
My Splunk + Enterprise Security installation came with 51 canned correlation searches. For example, searches to discover Brute Force Behavior, LogMeIn activity, etc. All have been very useful and leave...
View ArticleCompact indexes after piping search results to 'delete'
Is there a way to compact the indexes after a search that is piped through to the 'delete' command so as to recover disk space? If so how? I haven't been able to find it in the docs or from searching...
View ArticleSplunk App for Vmware 3.0 No data displayed
Hi all,I've got the splunk app for vmware on a trial and under the collection config, everything is configured. I have a green tick on the data collection node, and green ticks on the virtual centre,...
View ArticleCPU-bound search. seems related to KV processing.
Ahoy. We've been experiencing a search performance problem and I'm having trouble figuring out what to do about it. I've been following the advice and techniques outlined...
View ArticleUpgrading Universal Forwarder on Windows Via CLI
I am trying to upgrade UF from 5.0.3 to 5.0.4.Documentation says the following: Note: You do not need to stop the forwarder before upgrading. The MSI will do this automatically as part of the upgrade...
View ArticleREST App's rest.py isn't killed even after stopping splunk server
The rest.py process isn't getting killed when splunk server is stopped via command prompt. There will be one process per each Rest Data input. If if i start splunk again then it will create another set...
View ArticleUnable to instal free app
Im unable to install free app and receiving below error : AuthorizationFailed: [HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/services/apps/remote/loginCan...
View Articletimechart an average count
Hi, I want to get a chart as 'timechart avgcount span=1d' or 'stats avgcount by _time, span=1d' in which, avgcount means average of last 5 days. That means each point or bar in this chart, is the...
View Article