I think I have a problem with my Splunk Indexer filter. What is the best way...
Hi! I am trying to setup filtering on my Splunk server that is receiving events from the Splunk universal forwarder on a Windows 2008r2 server. The universal forwarder is configured to only forward...
View ArticleCan the S.o.S app use data from the Windows and *nix TA instead of the S.o.S...
I already have the standard Windows TA and Unix TA why do I need to install the SOA TAs? Are they not compatible and if not why can't they be?
View ArticleHow can I disable splunk auth for the command-line
I have a regularly scheduled job which generates a log-file which I then use my local splunk light-forwarder to send to a remote splunk instance with splunk add oneshot $LOG_FILE -sourcetype...
View ArticleShow fields containing X?
Hi, I'm using dbconnect appHave some fields that contain long strings of text, want to search for only those results that have a certain word (X) within themTo phrase it another way trying to do...
View ArticleConvert the timezone from a time field
I have a field extracted from log entries, containing time values in GMT. Can I convert the field to PST time? If so, how can I accomplish that? stats values(SearchUser) as User values(SearchStartDate)...
View ArticleResult files disappearing
Hi,I am creating a splunk alert trigger script which parses the output csv file. I am having a problem because the result file keeps disappearing. The trigger passes in the full path to csv file as one...
View ArticleUpdating LookUp Table Data Externally - 'Auto-magically'
I am wanting to create a process that will make it really simple and easy for my users to update their lookup table files without having to go into "Manager / Lookups / Lookup table files" to delete...
View ArticleWhere can I find the app: McAfee Email and Web Security Reporter
Hi,We upgraded from splunk 4.1.7 to 4.2.3. After the upgrade the application McAfee Email and Web Security Reporter (McAfeeEWSReporter) is not working anymore. I want to know if there is a new version...
View ArticleIndexing CSV files where each line is a single Help Desk ticket. - Not as...
This is going to be long, but I hope it presents an interesting problem and hopefully, it has an elegant solution.One of the things that really sold me on Splunk was the ability to throw a huge CSV...
View ArticleProblems w/ basic lookup table.
added the table files & definitions w/ just defaults. command issourcetype="hitachi_poolinfo" host="*0695*" % | rex...
View ArticleVertical panel grouping
I see that you can group panels horizontally (from dev manual):<module name="StaticContentSample" layoutPanel="panel_row2_col1" group="All Indexed Data" autoRun="True"> <param...
View ArticleRex in Case command?
Hi AllIn the logs there are multiple Oracle codes with different reasons e.g.Product Mapping Error ORA-20030: PKG_PRODUCTMAPPING.Usp_Getsyscodesforprocodes failed while checking if list of inputted...
View ArticleBack up audit logs for PCI compliance
Hi,Just wanna ask if splunk has the ability to backup audit trailes to a centralized log server or media as indicated in pci dss 10.5.3?? Please someone reponse to my query. Thanks!
View ArticleWindows DHCP
Does anyone have any suggestions on how to monitor and analyze Windows DHCP logs? Specifically, show which IP's are active, the last time each IP was used, how often, etc.?
View Articlemultiplexer and flashchart
does the multiplexer work with flashchart. I have a dashboard that uses the multiplexer and it will work with jschart. when i switch to flashchart it does not render.
View ArticleVariable group widths in single-column dashboard panels (using CSS?)
Hey Splunk community!I currently have a dashboard with a number of panels, and each panel has 5 groups:panel 1: | grp1 | grp2 | grp3 | grp4 | grp5 |panel 2: | grp1 | grp2 | grp3 | grp4 | grp5 |panel 3:...
View ArticleCombining 2 different search results based on fields
Hello,I have 2 different searches for 2 different sourcetypes with field extractions. I'm doing the field extractions for search1 for xml data.search1:sourcetype=xmlapp | xmlkv search2:sourcetype=app2...
View ArticleInfinite loop when there are no results using JSON output
I am using Splunk 5.0.2 with Java SDK 1.1. If I run a search that does not return any result, and use the ResultReaderJson class to parse the result the com.splunk.ResultsReaderJson#readEvent method...
View ArticleWays to find license usage by Forwarder without using license_usage.log?
I'm putting together some simple dashboards to give our internal users a view into what their servers are sending into Splunk, and how much of it.I've had pretty good luck using the data that comes out...
View ArticleHow to populate data on google maps
Hi everyone.I have a set of data indexed by splunk and in a midst of populating the data into Google Maps' map on my dashboard but it nothing is reflected on my map. It shows "searching for results"...
View Article