Rename sources in summary?
I have a few things in my summary in the search app that I'd like to change.Some of my source names are long or obscure, and I'd like to make them more user friendly.Ex: WinEventLog:ForwardedEvents...
View ArticleCan splunk listen to ETW?
Can splunk listen to events written to ETW the way the new Semantic Logging application block can? ETW - http://msdn.microsoft.com/en-us/library/windows/desktop/bb968803(v=vs.85).aspx SLAB -...
View Articlenesting switchers
Hello,Is it possible to nest switcher modules? I have a dashboard panel that I want to break out with a tab switcher (grouping by Total or by instance) and then have two separate link switchers with...
View ArticleChart width in Sideview Utils Table module
I have a dashboard in which a Search at the top produces a datacube, which flow down to two post process modules then to a Table and a JSChart. Each row of the Table displays a Timechart. It is pretty...
View ArticleTiered pricing data calculation
Hi All,I have a CSV file with the following informationdate,retailer,lower,upper,price_rate 20120621,retailer1,0,10,10 20120621,retailer1,10,20,8 20120621,retailer1,20,100,5 20120621,retailer2,0,10,10...
View ArticleSideview: Switcher module with textfields
I am building a dashboard form using the tab -> switcher -> textfield modules (in that order). After the switcher module, I have multiple textfields that I want to change based on the selection...
View ArticleRex and this perl regex generator
I'm trying to use this niffty regex generator using the perl option. http://txt2re.com/index-java.php3?s=%3CTAGb[^%3E]%3E%28.?%29%3C/TAG%3E&-24I get the code from that page in perl format and then...
View ArticleListing Permissions for all objects
I want a search that will list all objects and their permissions so that I can audit who can read / write to each item quickly. This is as far as I got, but it will not show me obejcts for most of my...
View ArticleDisk Space Error Message
How do I resolve the following:"The minimum free disk space (2000MB) reached for C:Program FilesSplunkvarrunsplunkdispatch. user=admin. The search was not run."
View Articledboutput bug updating MySQL
I'm using DB Connect to send search results to MySQL. My search command is:... | dboutput type=update notFound=insert database=mydb table=mytable fields=IPAddress AS ip, NetAddress AS mac, ComputerName...
View Articlegeoip lookup script fails with error code 1
I'm trying to use the geoip external lookup script, the one that uses the MAXMIND database.When I run my search, I get the "Script for lookup table 'geoip' returned error code 1. Results may be...
View ArticleGenerate 80 reports at the first of each month
I use splunk to collect Cisco firewall data. I have 80 firewalls in my network. I would like a report to be generated which has the results of 3 searches (in table format) for each of my firewalls on...
View ArticleDoes Splunk support multi-threading searches?
If I launch a search in search head, can I make it possible to let each distributed search job in every indexer run on muilti cpu cores? Since my indexer has 24 cores, so only one cpu doing the job is...
View Articlesplunk showing multiple events as single event
I'm using rsyslog to send snort alerts from my NSTPRO box to splunk. Multiple events are showing up in splunk as a single entry. Note the timestamps are different. Any ideas why or how to fix?...
View Articlesimple correlation
Hi, Basically, I'm trying to correlate 2 datasources with 2 fields. For example, I have datasource1 and datasource2 then I need to be able to return all field1 with corresponding field2. But I also...
View ArticleGeoIP by state/province
Is it possible to aggregate GeoIP/Google Map location results by regions like state or province?
View ArticleGoogle Maps GeoIP max 1000 events
I have about 20,000 matching events when I do a search for a specific term. Piping to geoip limit my results to 2,724 events, and 998 events with location information. What is going on here? Any limits...
View Articleexternal lookup script on search head
I've written an external lookup script that makes a rest call to an API & returns data. The API destination requires going through a firewall, so we are only allowing our search head to make the...
View Articleanyone have luck tracking user logons using events for authentication ticket?
The "windows security operations center" app can return kerberos successful logons using exclusively event id 4768. This does capture the 4768 event generated whenever someone logs on in the morning...
View Articlesplunk showing multiple events as single event
I'm using rsyslog to send snort alerts from my NSTPRO box to splunk. Multiple events are showing up in splunk as a single entry. Note the timestamps are different. Any ideas why or how to fix?...
View Article