Lincence Use Search Question
I have a number of Linux systems that are reporting to the OS indexI need to move to an Organizational indexI can do this using the deployment server since they are all reporting to the DSThe...
View ArticleSplunk Search that returns ALL the user ROLES assigned to all the specific...
I am looking to run a search that provides a complete list of user roles assigned to each and every index so I can do an audit of who has access to which indexes. I know i can do this manually by...
View ArticleModify e-mail alert output
Hello splunk users,I am trying to modify the structure format of the e-mail alerts that I am receiving to XML or other other format. This would help me to be able to grab easier the required fields in...
View ArticleIndex time props and transforms not working
I have the following props & transforms in splunk dev and prod environment monitoring the same set of iis logs: #props.conf [source::/home/luan/logs/someiislog2*] CHECK_FOR_HEADER=false TZ = UTC...
View ArticleChange Color Scheme (or Search Bar Color from Green) in 6.0
How can I change the color scheme of the site or, specifically the color of the search bar background from green to a different color?Same for the 'app' header where your username is located.
View ArticleCan I use it without the app?
Can I use fireeye without the app? We created the sourcetype/index added a user account in splunk and configured the fireeye appliance using the XML POST string. Do we need anything else? Also, if we...
View ArticleIntegrating Splunk with Amazon SES to send e-mails
I'm trying to get our Splunk to integrate with Amazon SES but I'm not have had any luck so far. E-mails can be sent out on the Linux box using sendmail so there is nothing wrong with Authentication and...
View ArticleUse Renamed Fields in Dashboard Drilldown to Form
Is there a way to use a renamed field as part of the $row.fieldname$ variable?Take the following single panel dashboard:<dashboard> <label>Temp</label> <row> <table>...
View Articlewinevent index location
Hi,I have a customer who configured a universal forwarder and now wants to send their files to my indexer. I do not want to use "main" as the index, however. I can't find where the index association is...
View ArticleQuery to detect "lost sessions" on IIS Server
We have an application that logs every page that a user obtains. It appears that sometimes that the IIS session for one user is lost (as opposed to App pool recycling...). I am trying to find evidence...
View Articletimepicker and real time
Hi friendsI am using timepicker to select a time range, and pass it to dbquery command to search the database. But the timepicker is showing realtime menu, which is not compatible with dbquery. I want...
View Articlechange UI of dashboard
I want to change web page first, If I click the element I want to see a page of other dashboard. second, now If I drag a element I can see the value of the element. Although no drag I want to see the...
View ArticleSideview Utils PostProcess and local csv inputlookup too slow!
Hello all!I'm implementing a search panel with 2 sideview pulldowns. First one is just made of 3 static options, that serve as arguments in the nested second pulldown module, which queries its values...
View ArticleError code 255 on Sentiment App
Hi, I'm getting this error:External search command 'sentiment' returned error code 255. Script output = "ERROR "Search results do not have the specified text field: ""text""" "I'm using a field called...
View Articleerrors.txt logs entries
I see a mountain of these in the errors.txt file.01-14-2014 16:37:38 E. Australia Standard Time xxxxxxxxxxxx ap-southeast-2 --ops-3--Can get no indication on where or at what stage this app fails.What...
View ArticleHow to filter a single value from a Multivalue of a field in the same event?
10.10.10.10 - - ProfileID=CRTClientAdmin 1,ProductCode=CRT,ou=products,o=cyH,ou=clients,o=a.com^ProfileID=SDGUser 1,ProductCode=SDG,ou=products,o=cyH,ou=clients,o=a.com^ProfileID=4MEUser...
View ArticleChange report query
Is it possible to change the query for a report and save it with the original name? When I tru to do so, Splunk gives me an error that the report already exists. The reason I want to edit this...
View ArticleFilter iis logs before indexing
I've upgraded to Splunk 6.01 and noticed the improved handling of the windows events prior to indexing and wondered if there were any improvements to the IIS logs. To minimize indexing licenses, I'd...
View ArticleHow to search for empty logfiles?
Is there a search that will warn me of a logfile that is 0 bytes and is not updating?TIA.
View ArticleComparing two string values
I have email address' that are used as user names in two different source types in two different indices. I am trying to compare the two in order to find a list of matches and also the list of ones...
View Article