Splunk Enterprise

Community Activity

Cannot save custom field extraction when using my own regex Hey, I'm attempting to extract a field by using: (?<=cs4=)(.*\n?)(?=categoryTechnique) It matches 100% of the result... by Julznova_ New Member in Splunk Enterprise 07-08-2021 0 1	0	1
\| rest /services/data/indexes only return event indexes Hi all,can anyone confirm the behaviour?when running:\| rest /services/data/indexes \| table title datatype I'm only ... by schose Builder in Splunk Enterprise 07-07-2021 0 4	0	4
2 seperate indexer cluster with different splunk version Hello,We are planning to upgrade our splunk to version 8.1.4. We have 2 separate indexer cluster for 2 different clie... by maginoo_99 Engager in Splunk Enterprise 07-07-2021 0 1	0	1
Sending reports from On Call to Enterprise Hello, I would like to know if it is possible to send the reports generated in Splunk On Call (like the Response Metr... by ookamidono Explorer in Splunk Enterprise 07-07-2021 0 0	0	0
Duplicate events Hi Team,Getting Duplicate events during Index timeLog ingestion method - UFWhat would be done to stop duplicate event... by VijaySrrie Builder in Splunk Enterprise 07-06-2021 0 3	0	3
index time extraction not working Hi, I have a HEC input on an indexer. I am trying to send Palo Alto Traffic Logs over HECI have the this stanza in t... by aamer86 Path Finder in Splunk Enterprise 07-06-2021 0 3	0	3
How to configure Apache/Httpd on linux server Hi,I have installed httpd using the command "yum install httpd" but when i see the status it is showing as not active... by Ashwini008 Builder in Splunk Enterprise 07-05-2021 0 1	0	1
Lab module 12 I am, going through Lab Module 12 – Creating Lookups and I have downloaded the products.csv file and trying to save ... by JoeSab New Member in Splunk Enterprise 07-05-2021 0 0	0	0
Getting error "sendemail:1370": Users can't send mail after upgrade from 7.2.6 to 8.0.5. Hi all, after upgrade to 8.0.5 from 7.2.6 all my users can't send mail using sendemail.py because they don't have acc... by netspin Engager in Splunk Enterprise 07-04-2021 3 15	3	15
db connect and hive 2 We are trying to get a Cloudera Hive 2 connection in DB Connect to work but have so far been unsuccessful. We have tr... by jbspecht Explorer in Splunk Enterprise 07-02-2021 0 2	0	2
procedure to replace a deployer on a shcluster Hello,I need to replace the deployer on a shcluster but I can't find any procedure on the documentation to do it.Does... by ktn01 Path Finder in Splunk Enterprise 07-02-2021 0 2	0	2
LicenseMaster with no Internet connection Hi, I’m going to deploy a distributed Splunk system where the licenses are going to be held by the License master. Th... by pbfb New Member in Splunk Enterprise 07-02-2021 0 1	0	1
With your Splunk Enterprise & ES being VMs, how do the Indexes & configs get backup during the VM backups? With your Splunk Enterprise & ES being VMs, how do the Indexes & configs get backup during the VM backups? Are there ... by SamHTexas Builder in Splunk Enterprise 07-01-2021 0 0	0	0
Why does my search on specific indexer shows more GB of data than what is set up as part of maxtotalDataSizeMB? I have set up the maxtotalDataSizeMB for main index as 20 GB. But when I try to run the search for the index main on ... by abhi04 Communicator in Splunk Enterprise 07-01-2021 0 4	0	4
Rare iplocation fields handling when applying to data model I added iplocation lookup into my CIM data model. I found there's a rare handling when I validate the result by runni... by phil_wong Explorer in Splunk Enterprise 07-01-2021 0 0	0	0
How to map Splunk Enterprise log with Mitre Attack. Hi Team,I am using Splunk Enterprise version.I will try to map Splunk Enterprise logs to SSE app for Mitre attack tac... by vatsalshah2511 Observer in Splunk Enterprise 07-01-2021 0 0	0	0
Triggered Alert Monitoring of a search head using another search head Hi, Looking for a suggestion/query to monitor the triggered alerts of one particular search head (one Splunk URL) usi... by sureshkumaar Path Finder in Splunk Enterprise 06-30-2021 0 3	0	3
lookup table file location VS lookup definition location Hi,I have created a lookup table file via GUI, in the backend it is saved under /opt/splunk/etc/apps/search/lookupsTh... by VijaySrrie Builder in Splunk Enterprise 06-30-2021 0 1	0	1
Splunk 8.0.8 versus Splunk 8.1.1 features and enhancements Hello,I would like to know the enhancements and features of Splunk 8.1.1 versus Splunk 8.0.8. May I know what are the... by maginoo_99 Engager in Splunk Enterprise 06-30-2021 0 1	0	1
Unnable to Access the splunk search page Hello everyone ,Please can anyone help me outsince last Friday 6/25 (or maybe earlier actually), some of our team mem... by anil1432 Explorer in Splunk Enterprise 06-30-2021 0 2	0	2
what is the quickest way to list files that exit on index what is the quickest way to list files that exit on index.I am use this spl command usually but it take long time spe... by indeed_2000 Motivator in Splunk Enterprise 06-29-2021 0 5	0	5
Mapping MITRE Tactic and Techniques I will try to map Splunk Enterprise Alerts Logs to Splunk Security Essentials for Mitre Attack. But mitre Tactic and ... by vatsalshah2511 Observer in Splunk Enterprise 06-29-2021 0 0	0	0
Timestamp extraction is not working WE have data coming from syslog which is like below :2021-06-16T19:03:02+02:00 XXXXXXXXXX - (6/16/21 5:03:02.000 PM ... by iamvinaykumar Engager in Splunk Enterprise 06-29-2021 0 3	0	3
Windows Event Monitoring - Utilisation calculation logic We have to calculate the Utilization of the system (PC\Laptop) based on the Windows events logs (4800 & 4801).4801 --... by Dv_Nikhil New Member in Splunk Enterprise 06-29-2021 0 0	0	0
How to extract the required keywords using REGEX Hello!Log:transactionId: NA, businesskey: GRNJob, environment: prod, flowName: app-report-grn-scheduler-flow, message... by phanichintha Path Finder in Splunk Enterprise 06-29-2021 0 10	0	10