Creating a role that can read every app
I'm setting up my roles like this:== Global Roles ==Admin RoleManager RoleUsers== App Specific Roles ==AppName_RAppName_RWAppName2_RAppName2_RW... etc ... You get the idea.I have everything nicely set...
View ArticleFAVM problem: error when running "enginebuilder.py"
I'm following the instructions here to configure data collection on my FAVM. After copying the default "engine.conf" template and configuring it with my vCenter and ESXi details, I ran...
View ArticleLookup table challenges
Tried experimenting with the Http Status codes example in the documentation for lookup tables. This is the error. Could not find the specified look up fields in the look up table for conf, source=mine...
View ArticleDisplay last 20 lines from search query
I'm searching for a particular keyword in Splunk & now that I found the results in Splunk, I need to see last 20 lines from that particular word in raw log file. How can I do that in Splunk?Thanks!
View ArticleMerging v4 and v5 indexes
I have previously merged multiple v4 indexes together with no issues (ie. http://wiki.splunk.com/Community:MoveIndexes - Last updated 18th April 2013.). My question is, are there any v5 specific issues...
View Articlesplunk reload deploy-server not updating bundles
According to splunk official deployment server documentation (5.0.2) if you do change to a serverclass.conf you need a full restart BUT if you only update a file within an deployed app then its a...
View ArticleHow can I configure and set metatada of a dataset using ***SPLUNK*** for...
Hi, I am having trouble with the use of ***SPLUNK*** sourcetype=xxx for batch input with sinkhole option.My inputs.conf looks like this:[batch:///opt/sinkhole] move_policy = sinkhole and, the input...
View ArticleError message
Error 'Could not find all of the specified lookup fields in the lookup table.' for conf 'cisco:asa' and lookup table 'cisco_asa_event_codes'.
View ArticleCisco Firewalls/IPS apps update, now I get lookup table error
I recently updated Cisco Firewalls and Cisco IPS apps to the latest versions (2.0 and 2.0.0). Now when I perform a search I receive errors similar to this: "The lookup table 'err_code_lookup' does not...
View ArticleUp Down status from a Pre Defined List
Hi All,Below is my requiremnt , I have a CSV file which is quite big but in the belwo formatIps,Name 10.10.10.1,IndiaFW 192.168.5.6,UsFWThese Ips are sending Logs to Splunk , I want to Know which are...
View ArticleLocalizing Google Map on Dashboards
Hi everyone,I am very new to splunk. And i am still unsure about it's functions and usage. I am now in the midst of creating a new app that has two different dashboards (under two separate menu...
View ArticleEditing of search results using python and not inline with my search
Hi, is there any way where I can rename a specific value of the search results by coding it in our own custom command python file? Please help. Thanks.
View ArticleCleanup the output from email alerts
I have a similar problem as in http://answers.splunk.com/questions/9375/email-alert-actions-how-to-remove-default-fields-from-each-emailI have tried the answer provided (both of them) and they do not...
View ArticleClik here to view.
Possible Bug with chart visibility in Splunk 5.x
I have been trying to make a few charts using this example http://docs.splunk.com/Documentation/Splunk/5.0.2/AdvancedDev/TableChartDrilldownI have noticed the 2nd chart will never display unless i set...
View ArticleF5 BIG IP'S Security iRule
Hello Splunkers, how have you been?We've been taking with F5 BIG IP Security (WAF) app and we've been observing some strange behavior on panel's dashboards, most of that connected with Attacks and...
View ArticleF5 for Security - Slow to load BIG-IP Hostname, and other dropdowns
Has anyone else experienced a deathly slow loading of the "BIG-IP Hostname" dropdown, or any other dropdown fields in the new "Splunk for F5 Security" App? We can search the data in normal display...
View ArticleRedirect to Null Queue is not working
I'm trying to redirect all 5145 events (from WinEventLog:Security) and all Security events from 'SYSTEM' (or another account called digitalsender). I've tried several variations of the entries below,...
View ArticlePerformance of using wildcard in query
I was wondering what the performance was of using a wildcard in a query. Specifically for the following:source="/mnt/logs/*/debug.log" OR a query containing a custom field:uri_path="/v1/*"
View ArticleDrilldown not returning results
I have a drilldown set up in a panel on a dashboard, and it's not returning any results. I have tested the underlying search, and it returns results as I would like. For some reason, the view shows...
View Article