Remove SA-EVENTGEN Data
I enabled SA-Eventgen for my ES App and now I have many faux security events. This seems to be a demo to fill the dashboard with events. I have since disabled the SA. I can't seem to drill down into...
View ArticleDifference between the NOT and != operators?
What is the difference between the NOT operator and the != operator?I have always used NOT up to this point, but am seeing some very strange behavior associated with it today* and != seems to function...
View ArticleSplunk REST API without SSL (i.e HTTP only)
Hi,I'm trying to use Splunk REST API, using standard HTTP request (not HTTPS). When trying to connect to port 8089, I get a connection reset, because the server assumes that the connection on this port...
View ArticleSplunk Predict App works only for my first 50 results
Hello,I've been testing the Splunk Predict App to do some work on Sentiment Analysis, however, after training some model, and using the guess command to predict sentiment, I noticed it works only for...
View ArticleDistinct count across multiple fields
How to get a distinct count across two different fields. I have webserver request logs containing browser family and IP address – so should be able to get a count of different & distinct...
View ArticleSplunk authentication with Proxy Server?
I want to authenticate Splunk using Apache Http Server. I am able to configure reverse proxy for splunk, but not able to authenticate through server. Please suggest the possible way to perform this.
View ArticleForwaders hosts are also being displayed as comsumed data
Hi I have used the following query to find indexer host wise mb consumed in indexeing. index=_internal source=*metrics.log group=per_index_thruput series="Myindex" | eval MB=kb/1024 | stats sum(MB) by...
View ArticleConnecting to Heroku Postgresql DB
I am trying to add a connection to pgsql database on heroku and I getting this error when I click Fetch Database Names:ERROR org.postgresql.util.PSQLException: FATAL: no pg_hba.conf entry for host...
View ArticleCombining similar log entries and counting as one
I have multiple users making a request to a web server each time they type a character into a search box. User 1 is typing 'please' and user 22 is typing 'cat'. Simplified log...
View ArticleUse python to build XML dashboard?
As part of a project we're working on, we want to define a dashboard in advanced XML based on user input (the built in dashboard tools don't meet our needs, unfortunately, we need the dashboard to have...
View ArticleIndexer shows multiple CLOSE_WAIT sessions on 9997 with forwarders.
This is probably a follow up to the question asked 20 Mar '12, 02:49 by nebel. ERROR TcpInputProc - Error encountered for connection In the process of adding a number of new forwarders to our recently...
View ArticleGenerate PDF file but NOT email it
Hi,I need to be able to generate PDF files of views, which I can get working, but I don't want them emailed. I want to script the generation of the PDF so I can save it somewhere - how do I do this?
View ArticleIs there a way to save the PDF file on the scheduled PDF delivery?
I have a scheduled job with an email alert. I do get the PDF file as an attachment. I need to download and ftp the attachment to our ftp server automatically. How can I get the PDF file? Thanks!
View Article[PDF Report Issue] We want to generate 'PDF File' on Local Server.
Hi , Splunker We are now generating PDF Report using 'Schedule PDF Delivery' in Splunk 5.0.0 Version. But it has some problem that, Sometimes report is well sent, but other times it is not sent well....
View Articleindexing load balancing with [script] input
Hello,We have set up a small splunk cluster, with 3 indexers getting data from universal forwarder, which is configured for output as[tcpout:default-autolb-group] autoLBFrequency=40 server =...
View ArticleDifference between stdev and stdevp
This is mostly a statics question. Is stdev(X) only using a portion of the total population or what? They results they gives are very similar but not exactly the same.
View ArticleHandling a large number of forwarders
Hi,The set-up is Splunk 5.0, and the requirement is to monitor the Windows Security Event Logs on 10,000 desktops for specific Event Codes. We would be using the Heavy Forwarder on the desktops, so...
View ArticleArchiving the Indexed data in Clustering to a single location
I'm trying to setup a single external storage to my peer nodes and archive the data to that location once it crosses certain time period ? How can i do that without storing multiple copies to the same...
View ArticleLookup Source IP or Destination IP value
Greetings,My journey continues. Now I would like to have a lookup match either the source or destination IP to an internal department.This works for src_ip:transforms.conf[ipam] filename = ipam.csv...
View ArticleAnyone using Meraki Presence API to send AP stats to Splunk REST API?
Meraki cloud controller allows you to configure a secret and POST URL (to your server) in order to send JSON post files. I'm having trouble getting started within SPLUNK REST API to capture that data....
View Article