Issue in Sideview Utils: pulldown causes dashboard refresh before submit button
Hi,We have an existing dashboard that makes use of sideview utils Pulldown and TextField modules. The layout is as following:Pulldown1 TextField Pulldown2 SubmitButton Our requirement was that any...
View Articleaws.conf file confusion
Within the aws.conf file there are 3 stanzas.Keys, Regions, and Misc.[keys] In the Keys section it states to format your information like the following: <accountno> = <company group="" name=""...
View ArticleHow do I clear my search history?
I'd like to clear my search history. How do I do that?
View ArticleAlert sending multiple emails
Have a configuration with two splunk servers(logging01 and logging02) configured with shared configuration processing syslog data. The two servers are behind a load balancer.Created an alert which...
View ArticleQuestions about CentOS rsyslog and Splunk configuration
I have a dedicated syslog server running on CentOS6 (rsyslog) which gathers all logs from other servers/devices (stored in a database). My questions are: 1. Can I install Splunk on same server? 2. What...
View ArticleIFX question
Hi,When i try to extract a field using IFX, the event in which the highlighted filed is not showing up in the newly opened window. So can't even generate a regex for that value. Any suggestions please?...
View ArticleCombine date field with millisecond offset column
Hi, I'm currently performing an evaluation on Splunk, so I am very new at this. I have a few questions concerning time stamps and combining fields.Here is an example from the top of my data file:Start...
View ArticleCase with Tag's
I am trying to use Case to rename taged events like thistag=audit OR tag=cleared "" | eval Event=case( tag == audit, "Logging Stoped", tag == cleared, "Logs Cleared" )The case statement is not working...
View ArticleCreating a static lookup table in Splunk Storm
I have a list of about 30+ exe files that are know to be used for good and bad purposes. I'm more curious about the bad. Right now I simply have all 30 of them listed in the search query "makecab.exe"...
View ArticleOverriding popup.js
Where do I need to place a copy of the popup.js script in order to override it? Is it even possible?I have tried placing a copy in my applications appserver/static folder, but none of changes I have...
View Articleoutput from both nix and win matchup issue
I am looking for logon errors from both windows and nix systems and trying to get as much data to match up as proposalHere is my win search:index=main or index=os action=failure 'logins' | top host,...
View Article"Export results..." output blank when using inputlookup
If I perform a search for:index=myindex | table field1, field2, field3 and then use the "Actions" menu to "Export results", I can get a csv with 3 columns and as many lines as there were events...
View Articlesplunk real-time search does not scan incoming data
Hi,all, I made a real-time search with my own index,it looks like it can only scan event once, after one scan,splunk did not scan any other incoming data,my index has 2mins delay, and update file once...
View ArticleIs there a way to limit the thruput of my forwarder?
I don't want my forwarder to consume too much bandwidth or other server resources sending out data. How can I limit thruput?
View ArticleSplunk Technology Add On for Unix and Linux opensource repository
I have seen a number of announcements for previous versions of the Unix and Linux TA to be on GitHub, but it is not there. For example...
View ArticleNeed help with a rex extraction
Hello I have a string like thisa SysStatsUtilizationDiskSpace=17.60% /, SysStatsUtilizationDiskSpace=11.25% /storedconfig, SysStatsUtilizationDiskSpace=7.15% /tmp, I need to extract the value and also...
View ArticleHow can I identify the longest string in a multivalued field?
I'm trying to make the Linux audit daemon data play nice. One of the challenges is that a particular action can trigger anywhere from one event to half a dozen (all with the same event ID, but each...
View ArticleWhy Fear the PDF export?
So I see we can export to XML, CSV and another thing or 2. Ok, great. What's the deal with PDF, why is that all but taboo? With so many reporting apps or even just using Splunk naked (without an app)...
View ArticleModSecurity not reading forwarded events?
Hello, My Splunk deployment includes a Linux server where ModSecurity 2.7.2 logs events in /opt/modsecurity/var/log/audit.log. This server sends data to another Splunk server via a syslog and forward....
View ArticleKey/Value pairs from json are not showing up as fields
We have the events in the below format and i was thinking i would see the fields without any extraction. But that did not happen. Do you know why?ReadyToSubmitToFraud PROCESSING_ERROR...
View Article