Splunk Enterprise

Discussions

Thread Info

Windows Event Logs Best Practice monitoring to reduce the splunk license usage

Currently, I already filter the Windows event logs for only Windows Security logs. However, windows logs have take up...

by Engager in

What is the path to the etc folder on windows or Unix hosts. How do I copy the etc folder for backing up purposes?

What is the path to the etc folder on windows or Unix hosts. How do I copy the etc folder for backing up purposes? Pl...

by Contributor in

Splunk DB connect Error: "connect timed out ? How to fix this issue

When I am trying to validate the connection the validation is taking time and finally popping out a message sayi...

by Motivator in

help on stats command for retrieving _time

hello In the stats command below, i try to retrieve the _time values (which is the Splunk timestamp) corresponding ...

by Builder in

Query / search string is not giving results

Hello everyone, I am getting event data inside my splunk. I want to query data ( logins by country) on splunk sear...

by New Member in

Wineventlog Filtration

Hi All, Based on this query I want to filter out wineventlog before ingesting into Splunk. So that i can save some ...

by Path Finder in

SC4S, Properly Indexing Juniper Netscreen

I recently installed SC4S. For most logs it works as expected; however, it is improperly indexing Juniper Netscreen a...

by Explorer in

Splunk 8.1.2 Python problem

Dear all,How many of you faced the issue that Intersplunk library drops this error: AttributeError: module 'splunk....

by Explorer in

WARN SearchResultsCSVSerializer - CSV file contains invalid field '', ignoring column.

Hi, we are seeing > 70,000 of these messages per day per instance on several Searchheads on Splunk 8.0.5.1 and SUSE...

by Engager in

Creation of Splunk entitlement ID

Hi Splunk Team, Need to create a Splunk entitlement id based on Purchase Order applicable for enterprise license. ...

by New Member in

Which Splunk version each of our Splunk servers are on ?

2 Question on Admin Side :Question 1 : How many hosts are on each version of the Splunk Universal Forwarder ? index...

by Explorer in

can 2 different splunk enterprise one on azure and one On-prem can share the same license?

Hi, I have two splunk Enterprise one hosted on AZURE and one on ON-PREM. Basically Two license masters will be pres...

by Communicator in

Summary shcedule has Duplicates

I had set up a summary schedule reports with calculated results every 5 minutes.Howerver, The same summary schedule i...

by Observer in

Data age in splunk

Hi Splunk Team Why is the age of the data larger than the frozenTimePeriodInSecs time without being deleted ...

by Path Finder in

Active: failed (Result: protocol)

splunk@:~/bin $ systemctl status splunk● splunkd.service - Splunk Universal ForwarderLoaded: loaded (/etc/systemd/sys...

by Explorer in

TA-Suricata issue - Data not properly parsed

Hello, i have a search head (deployment server) with ES and a distributed environment with suricata eve.json monito...

by Path Finder in

DB Connect Log Files

We're using DB Connect v3.1.4Occasionally, an SQL Query in a Data Lab Input gets changed. I need to know where the lo...

by Path Finder in

help on average line which is dont displayed

hi I wonder why my verage line is not displayed in my timechart? <search> <query>`CPU` | fields proc...

by Builder in

Unable to start Splunk universal forwarder on AIX Server

Installing the universal forwarder version 8.1.2 using monitor user on AIX server 7.2 but unable to start splunk on t...

by Observer in

Data Extraction from Winevent XML

Howdy Guys, We were getting windows event Application logs through, with a simple stanza previously, that would be ...

by Explorer in