splunk email alert subject
i would like to have variables from my query in my email subject. is this possible?
View ArticleIssues with Splunk App for AD and Group policy changes not being listed
The group policy audit does not show changes made to gpo's. I have two domain controllers in a forest, one serving the root domain and the other serving a subdomain. The Splunk App for AD uses event...
View ArticleSideview Utils 2.4.8 asking to update to 1.3.5
I've got Sideview Utils 2.4.8 installed, but in App Manager, it's asking me to update to 1.3.5.
View Article定期レポートでのPDFのフォーマット変更について
「サーチとレポート」から1日に1回PDFでレポートをメール送付する設定をしているのですが 表形式のレポートとグラフ形式のレポートが1つのPDFファイルに含まれています。表形式のレポートのみが欲しいため、サーチ文字列には、「 | table columnA, columnB, ・・・」として 表形式での出力にしています。...
View ArticleProblem downloading splunk_for_vmware_forwarder_appliance_2.0.0-121412a.ova
Hi There,I am having problem downloading the vmware forwarder appliance. I never get the whole file. every download has another size (something between 200MB and 510MB). Is there another address/place...
View ArticleHow to restrict user from links to App | Manager | Jobs?
I want my users to see only my app view and can not go to(see this links) manager, app and jobs. How can i restrict it?
View ArticleSplunk is not running, and it must be for this operation. To start splunk,...
I'm trying to install the splunk forwarder on HP-UX 11.31. It seems to go fine, but every time I try to use the cli to troubleshoot it i get:$ splunk statussplunkd is running (PID: 27310). splunk...
View ArticlelayoutPanel - how to specify rows and columns
The below snippet extracted from the lister module intro example. No results are displayed while using the below layoutPanel. Do we have to use any additional parameters? module name="HiddenSearch"...
View ArticleDeploying splunk agent with puppet
Hello,our security officer asked me to deploy splunk forwarder on several hosts. I wanted to use puppet for that task. Below is the class I have written to do that. And it installs the rpm package,...
View ArticleWMIでWindowsイベントログが取得できない
WMIでのWindowsイベントログ取得について教えてください。[データ入力] - [リモートイベントログの収集]から設定をしていますが、 対象マシンのIPアドレスを入力し、[ログのサーチ]ボタンをクリックすると、以下のエラーが発生します。データ取得に失敗しました: In handler 'win-wmi-enum-eventlogs': Unable to get wmi classes from...
View ArticleHow to extract data from the raw data of each event before sent to indexer?
Hi all,I am new to Splunk. I was stuck on how to extract data from the original log before indexing them.Below is my original log 160.19.104.25 2013-05-21 15:46:50 160.80.38.178:15010 GET...
View ArticleTransform a table and error code when using a perl script
Hello all,1) I would like to have a matrix of correlation (with |correlate) for the attribute (more than 20) of my table. I have a table like...
View ArticleREST API oneshot blocking saved search
EDIT: I've gotten some help from Splunk support team and now can get oneshot blocking calls working using the url...
View ArticleSplitting a field extraction into two parts
Hi all,I have a unique identifier in my logs that I am extracting at search time. It looks something like this: ABC987654321 It always has 3 letters followed by 9 numbers, so I use the following regex...
View ArticleEvent Break: does not work on forwarded log file, works fine on local copy...
Hi all,I've been absolutely stumped with a problem now for two days. I can't seem to get event breaks working for when a file is forwarded from a server, even though it seems to work with an exact copy...
View ArticleRegex not working for event splitting
HiSorry I am a newbie to Splunk and the question may sound silly but the splunk regex that I used to split events in the file doesn't workprops.conf [3GPP] BREAK_ONLY_BEFORE = ^Session-ID:s...
View ArticleModsecurity charts not working?
I have splunk using the local mod sec audit folder ( containing concurrent logs ) and I am able to search through the entries alright, but I am not seeing results or charts for any of the predefined...
View ArticleIndex Size varies between master dashoboard and peers
Hello facing some issues with indexes size:I have a Factor2 splunk cluster configured, and I'm facing this issue.Master's node dashboard RepFactor SearchFactor Size index 2 2 282 56.05 GBIndex peer...
View ArticleHow can i use whitelist to allow only the required data from eventlog?
Hello, i would like to forward only my program related data from e.g. Program A: error occurred at step 6!!How can i use the whitelist and blacklist to get rid of the unnecessary event logs.Thanks
View ArticleIs there a final answer for fschange behaviour ?
Hi Another day, another issue ;) I would just like to get a verified, valid, tested answer to the following behaviour: (The reason is that docs / wiki / splunk-answer provide different answers)Here is...
View Article