If we have corrupted Windows metadata, can we delete every file without...
Hi everyone, After a disk accident, our Splunk has corrupted/inconsistent metadata, but to solve the problem, we should execute recover-metadata /pathname/ --validate and check every single file. If it...
View ArticleIs it possible to provide a user the capability to change the colors of a...
I'd like to provide individual users the capability to change colors of their dashboard. Individual A = Blue dashboard Individual B = red dashboard but it is the same dashboard
View ArticleCan we save a search as an alert via email with a sparkline in it?
Is there a way to save a sparkline in an email alert?
View ArticleHow to search the percentage of occurrences of certain values in a field?
Hi, I have a table like this: userID is_successful version userA true 1.1 userA true 1.3 userB true 1.3 userB true 1.1 userC true 1.1 userC false 1.1 My application sends data to Splunk with userID and...
View ArticleAre Splunk consultants and Splunk developers the same? If not, what are the...
Are both a Splunk consultant and Splunk developer the same? If not, what are the roles and responsibilities of both?
View ArticleSplunk Add-on for Check Point OPSEC LEA: Why am I unable to set up...
I have a problem, and I hope that you can help me, please: I'm installing the Splunk Add-on for Check Point OPSEC LEA, and I can't set up lea_loggrabber: I'm using CentOS 7.1, and I have only one...
View ArticleWhy is the Splunk Python SDK export running twice for large searches?
I am using Splunk's Python SDK to try to export a search. I am referencing this code: http://docs.splunk.com/Documentation/Splunk/6.2.3/Search/Exportsearchresults#Python_SDK This is my actual code: rr...
View ArticleAfter mapping groups to roles configuring Splunk to allow LDAP...
I'm trying to configure Splunk to allow LDAP authentication. I select "Configure Splunk to use LDAP and map groups" and then complete the LDAP strategy. I then select Map groups and map roles to...
View ArticleAfter renaming a sourcetype, why is it only being applied to new data and not...
Hi Guys: I have renamed a sourcetype, but after renaming the sourcetype and recycling the indexers, I only see new data being allocated to the new sourcetype. Historical data still seems to be...
View ArticleHow do I change the owner of a saved search or view in a search head cluster...
I need to change the owner of a search or dashboard view. Using the deployer merges changes from local.meta back to default.meta on the SHC members when the bundle get distributed and the original...
View ArticleHow to create a field based on cidrmatch in Splunk 6.2?
Hello, I am using Splunk 6.2 and I am trying to use `|eval cidrmatch` in a search to identify a series of subnets by a common name. I am using the following: some search highlighting individual IP's by...
View ArticleHow to view records/data horizontally by host?
Hey is it possible to view data/records from a file horizontally by host. For example, I have a search string like this: search "event1234" | table host, value1,value2, value3 The result looks like...
View ArticleHow do i search for IPv6 addresses from my src_ip field.
I'm trying to do a search that finds IPv6 addresses. Currently our field src_ip has both IPv4 and IPv6 in it. How can i search so only events with IPv6 addresses are returned?
View ArticleHow to get Postal Code (and other new fields) from paid version of...
I purchased a paid version of the Maxmind GeoIP2-City database, because I want to map zip code information to the IP addresses. I changed the db_path in limits.conf to point to the new version....
View ArticleTime window -24 hours.
I'm trying to write a query that displays a time window -specified time. Example If I use the search tool to provide me results for the last 15 minutes. I would also like it to provide me results for...
View ArticleHow can I split an event into two or more events according to two multi-value...
The raw data is like : FieldA | FieldB | FieldC | FieldD 14-51-P-1216;14-52-P-0258;14-52-P-0053;14-52-P-0054 | 99DF-E8FF-DA0F-5F6D;1B33-9DAE-7B47-A7B4;FCFF-8F4A-106F-5894;5864-CDA1-7400-AD33 |...
View ArticleHow to compare multiple fields in 2 indexes and return the differences
I'm currently trying to compare 3 fields (ID, Start_time, Log_time) from 2 different indexes, and to get the differences when any of the 3 attributes are unmatched. How can I go about doing this? Thank...
View ArticleHow to integrate VMware MIBs in SNMP Modular Input?
Hello together, I’m using the SNMP Modular Input and have my IP cameras, my ESXi servers and Unitrends Enterprise Backup connected to it. But I have some questions regarding the MIBs: How can I see...
View ArticlePfsense 2.2 to splunk & home monitor
Good day. Can't get any info about how i can do this. When i add input from UDP, Can't see pfsense Sourcetype. Only syslog. Ok. i Added syslog. But, home monitor won't recognize it. And i can't find...
View Articleerror configuring Stream 6.3.2 on splunk 6.2.5 osx 10.x
Seeing this error in splunkd.log when I try to configure data inputs for Wire Data 08-15-2015 18:22:24.921 +0100 WARN ModularInputs - Validation for scheme=streamfwd failed: The script returned with...
View Article