AD Field Dates Converting and Searching
Hello AllNew to splunk and would like a bit of guidance on dealing with Active Directory attributes that ave dates such as accountExpires and pwdLastSet.For example; this work...
View ArticleAssigning a max value from one field as a new field
I am attempting to write a search that creates arbitrary "buckets" for qualifying events using a numeric code (1-5). For this particular search, I'm calculating the number of orders that individuals...
View ArticleCSV File Issues
Hello, I am having issues with csv files imported from an S3 bucket. The files get imported and indexed fine however what I get when i try to do a search on what has been indexed is something like...
View ArticleNot Working
Not sure why -> everything looks installed correctly but I am not seeing the additional fields when running this search -> sourcetype = "iisw3c" | lookup browscap_lookup http_user_agent We are...
View ArticleSplunk_TA_nix install from deployment server
Hi,I have 9 universal forwarders where i want to install Splunk_TA_nix from deployment server.Please let me know is it possible to install from deployment server or i have to go one by one to forwarder...
View ArticleThe Answer to the Ultimate Question of Life, the Universe, and Everything
Anyone else notice that the default value under a the visualization option of "single value" is listed as 42? en.wikipedia.org/wiki/42_%28number%29#The_Hitchhiker.27s_Guide_to_the_Galaxy Good job...
View Articlenot seeing additional fields when using the browscap TA.
Not sure why -> everything looks installed correctly but I am not seeing the additional fields when running this search -> sourcetype = "iisw3c" | lookup browscap_lookup http_user_agent We are...
View ArticleMixed version environment possible?
Is it possible to have a Splunk environment with a mix of 5.0.x and 6.0.x versions?Specifically have all ES components running the currently compatible 5.0.x version like the master node, indexers,...
View ArticleAlt-Click not working selected fields
When I have an event where there is selected fields that I want to eliminate, if I ALT-click on the value in the selected field it adds it to the search rather than removing it.Ex I ALT-click machine1...
View ArticleHow to troubleshoot real-time alerts not working?
Hello, I am having a hard time trying to pin down why most of my real-time alerts have stopped working. I have looked into scheduler.log and python.log, and did not find much insightful details to the...
View ArticleApplying time modifier (earliest and latest) to multiple search?
Hi!Is it possible to do something like below possible?If I have 5 searches ,search A search B search C search D search Eand specify time modifier , for example , as earliest=-2d@d latest=-1d@d , Is it...
View ArticleOkta APP will not pull in data
Hi there,I have requested access to the OKTA API and tested it with curl which works. Then I set up the Splunk App for Okta according to the documentation but it does not pull in any data. Any help...
View ArticleUsing an existing OSSEC app with ES
I have a working install of "Reporting and Management for OSSEC" working nicely now. Now that we have purchased ES and want to start deploying it, I'm a little lost on how if its even possible to use...
View ArticleCERN HTTPD Access Control Bypass (Splunkd service)
Vulnerability scanning software returned the following result for a handful of systems in my environment:"There exists a vulnerability in the CERN web server running on this host that could allow an...
View ArticleWildcard certificate and PDF 1.3 failed to generate PDF: 400 Bad Request
PDF 1.3 under Splunk 4.3.3 was working fine until I replaced the current cert with a new wildcard certificate.I get the email alert but instead of the expected results, the contents have the error...
View Articlesplunkd keeps on crashing (crashing thread: archivereader)
Hey, i am currently experiencing severe problems with my splunk installation since splunkd repeatedly crashes right after starting splunk. Here's the output of the respective log file:[build 182037]...
View ArticleAdministration App for NetWitness not working pulling from Broker
I am getting the following two errors when trying to connect to broker.<urlopen error="" _ssl.c:494:="" the="" handshake="" operation="" timed="" out="">
View ArticleDisplaying results table in tab switcher tab, BEFORE clicking on drilldown...
I have a dashboard with two panels. The first panel contains a table which is a drilldown table. When the value is clicked, the second panel has three tabs with different searches, for the filtered by...
View ArticleSearch generated too much data...
Has anyone run into this message?"Search generated too much data for the current display configuration, results have been truncated"The search is for collecting and grouping latency times (spent)....
View ArticleHow to get the row values of the table using TableView.BaseCellRenderer
I have requirement to get the row values of a table at one time and store it in array and use them and specify the conditions.Actually i can able to retrive the single table cell value.can any one help...
View Article