Eval macro with string argument
I'm trying to define a Splunk eval based macro that takes a string as a parameter (where the string must be able to contain spaces), tests the value of the string, and then returns a value based on the...
View ArticleNo result found
Hi everyone,I got a question that as been ask before here. I want to customize a message when no result is found on a Dashboard build with Advanced XML. I use Splunk version 4.3.4 and I consider pass...
View ArticleGenerate lookup tables from searches with guarantee of unique entries
what is the most efficient way to achieve this.I run search #1 that populates the lookup table file with data.Then search #2 will search for values a specific field in the lookup table and only reports...
View ArticleActive Directory App signed powershell scripts not working
Hi there,Has anyone got signed powershell scripts to work successfully in the AD app. The app works but when when I replace the scripts with signed versions the powershell fails to run giving various...
View ArticleOne search job, one thread?
My deployment is: 1 forwarder + 2 indexers + 1 search head. The forwarder has forwarded 50GB(about 100,000,000 events) to the two indexers; When I launch a search like "sourcetype=xxx" from search...
View Articleuser name missing or exist in search
I am reading user from lookup file and then searching a search and find the user list from lookup file and giving table as user and status missing or exist in search. please suggest me what should be...
View ArticleShould I install google map app in each indexer?
My deployment is: 1 Forwarder + 2 Indexers + 1 Search head. My data are distributed in 2 indexers, and I only installed Google Map app in the search head. If I use the Google Map app in the search head...
View Articlesplunk forwarder - installation on solaris as a package
Hi - I am trying to write a script that will install splunk forwarder package on a solaris 64bit machine. I have downloaded the package using wget url. Now, i need to install the package using pkgadd...
View ArticleHow can I use the value of one field as name of another field?
Splunk 5.0.2Example: windows "Perfmon:Free Disk Space"Each check is actually two events, one with the free space in MD, one in percent like this:search: source="Perfmon:Free Disk Space"first two...
View ArticleSplunk App for VMware (FA VM)
According to the how-to videos, the FA VM appliance needs to be on the same subnet as both ESXi host and VC? What if we're using external switch tagging to segregate traffic for respective port groups....
View Articlerequirements for Check Point OPSEC LEA indexers?
Hi, I am looking at installing this app for our checkpoint logs/enviro next week. Under the "system requirements" are these necessary only for the forwarder that is connecting to the opsec server?...
View Articlejava bridge server issue
We are having issues with the Java Bridge Server. We are running splunk 4.3.4 as a search head in a windows VM. The server got restarted and the Java Bridge Server has not been able to come up.The...
View ArticleSplunk for Amazon S3 Add-on not able to fetch all logs
I'm testing out Splunk for indexing Amazon CloudFront logs which get stored automatically into Amazon S3. I'm attempting to pull in via the Amazon S3 Add-on. Yesterday, I installed splunk and the S3...
View ArticleMultiple sourcetypes with different lookup valaues in one search
I have clients that are identified differently in different sourcetypes but they all resolve to the same client name. I have a lookup table that has the different identifiers and their “friendly name”....
View ArticlePalo Alto Networks - threats and webfiltering
I followed the instructions for setting up the Palo Alto app, and things seem to be working OK with the exception of certain logs. I have nothing showing up for threats and/or web filtering. I know for...
View ArticleCompare SSH users against authorized user list.
I have a table that shows the usernames logging into to my various servers. I want to compare these results to a list of users I have specified in order to notice any users that should not be accessing...
View ArticleStats sum function causing fields to drop off
I am writing a search against a summary index and I am running into an interesting problem. When I perform a sum on one specific field all the other fields drop off. For example, this search returns...
View ArticleCounting total unique urls grouped by a particular parameter
Hi, looking at website log fileWould like to see how many unique instances of a certain parameter there areThe part of the log looks like this: "GET /filname.php?userid=114139&anotherparameter...
View Articleidentifying the user and the data submitted by the user via the rest api
i would like to report on the events submitted via the rest API by user. i have multiple users that submit data to splunk via the rest api. the request is recorded in _internal index as: 127.0.0.1 -...
View ArticleFilter results
I have a search that returns a 2 multivalue fields, product and productstatus - I have used mvzip to combine the results of these fields into one, productandstatus - I want to filter these results in...
View Article