Splunk Enterprise

Community Activity

How to set up secured syslog from Splunk? I have a device that set up the syslog to send to Splunk and everything working great. I can see the syslog in Splun... by matoulas Path Finder in Splunk Enterprise 10-26-2020 0 0	0	0
Kvstore is filling up on search head The search head that our security team uses is filling up the /opt/splunk/var/lib/splunk/kvstore/. The directory is a... by jcgever Explorer in Splunk Enterprise 10-26-2020 0 0	0	0
Forwarder/Indexer compatibility with Intermediate Forwarders I've read all the compatibility matrix docs, but I'm not sure how my situation fits into it. Specifically compatibili... by jdmclemore Path Finder in Splunk Enterprise 10-26-2020 0 2	0	2
splunk upgrade 7->8.0 failure Splunk upgrade process seems to be very confusing from 7->8.I stop splunk using a systemctl splunk stop to stop the s... by gauravmsharma Path Finder in Splunk Enterprise 10-26-2020 0 6	0	6
How to configure UF to send data to splunk stand alone instance? I am trying to send logs through UF to my Stand alone instance but data is not getting forwarded.I have UF installed ... by Ashwini008 Builder in Splunk Enterprise 10-24-2020 1 4	1	4
How to compare a field from different index and display multiple fields from both indexes? I want to compare one field between two index. For example Field A.index A: Field A, Field B, Field Cindex B: Field A... by JustAnotherGuy Observer in Splunk Enterprise 10-23-2020 0 3	0	3
clarification with role inheritance needed Hello,I am trying to create basic roles for my app, the corresponding authorize.conf looks as follows:# Indexes that ... by damucka Builder in Splunk Enterprise 10-23-2020 0 1	0	1
DB Connect 3: not able to create output Hello,I need to create a db output, however when I try to do this the option to choose schema and table are grayed ou... by damucka Builder in Splunk Enterprise 10-23-2020 0 0	0	0
How to read data from email in outlook and index it in splunk? Hi,I have requirement where I have to read data from an email in outlook and index it in splunk.Every week after depl... by Ashwini008 Builder in Splunk Enterprise 10-23-2020 0 1	0	1
[Smartstore] Can we change homepath or coldpath or path for DM acceleration post migration to remote store. We would like to remove EBS volumes which were used for cold store and DM summary Docs is not overly clear on the r... by rbal_splunk Splunk Employee in Splunk Enterprise 10-22-2020 0 1	0	1
Windows Event Index redirects Trying to route windows application logs to correct index based on event data. The scenario I have XmlWinEventLogs co... by sean_aditum Engager in Splunk Enterprise 10-22-2020 0 1	0	1
Question on a Splunk Searchhead app and distsearch.conf Hi! I am looking to try to standardize my configuration across my Search Head Cluster. I have 15 Search Heads, and wh... by skirven Communicator in Splunk Enterprise 10-22-2020 0 1	0	1
Event annotation for the min and max value of a field Hey everyone. I have never tried creating event annotation before so i am not able to grasp it properly. I want to sh... by nikitha15 Explorer in Splunk Enterprise 10-22-2020 0 1	0	1
.conf20 Splunk Platform Announcements What were the new Splunk platform announcements made at .conf20? by judithsr Splunk Employee in Splunk Enterprise 10-22-2020 0 1	0	1
Python upgrade Hi at all, probably it's an already asked question but I cannot find the correct one: I upgraded Splunk to 8.0.2 on m... by gcusello SplunkTrust in Splunk Enterprise 10-22-2020 0 2	0	2
Regarding extracting show source code from an event I want to know how can I extract show source code from event action type. I tried using _raw and and rex command. I e... by animeshkmr54 Observer in Splunk Enterprise 10-22-2020 0 2	0	2
Insight into Citrix VDI Has anyone been able to track "unintended" disconnections from Citrix VDI with Splunk? We have a DB Connection to the... by Rob_O Engager in Splunk Enterprise 10-21-2020 1 1	1	1
Does Splunk support SSL Certificate SAN (Subject Alternative Name) We have scenario where we run a indexer cluster with 10+ indexers and the Universal Forwarders send data to all these... by VasukiPramod Explorer in Splunk Enterprise 10-21-2020 0 0	0	0
In searchhead cluster with six machines, only one SH machine is not giving results for a particular app. In searchhead cluster with six machines, only one SH machine is not giving results for a particular app.We have check... by Reethika Path Finder in Splunk Enterprise 10-21-2020 1 8	1	8
Settings for upgrade ufw app hi all,Has anyone able to get the upgrade ufw app for windows to work? I get a message in the logs saying it started... by boss6 Loves-to-Learn in Splunk Enterprise 10-21-2020 0 1	0	1
Upgrade 300 Forwarders to latest version Hello plp. At the moment i need to upgrade a bunch of Ufs (linux and windows), from versions 6 & 7 to 8.0. I have se... by tinrush1991 Loves-to-Learn Lots in Splunk Enterprise 10-21-2020 0 0	0	0
How to correlate two diferent searches into one event Hi guys, I need to configure an alert when people access as root in a server and for that I have two types of events:... by franciscof Explorer in Splunk Enterprise 10-21-2020 0 0	0	0
Adding attributes to existing event Hi all,Does anyone know of any way to update an event in Splunk?so far what my searches brought me was reindexing the... by johnsynack Loves-to-Learn in Splunk Enterprise 10-21-2020 0 1	0	1
Splunk 8.1.0 tags are unreliable Hi,I just upgraded our Splunk server to 8.1.0 and after a while realized some of our good old searches utilized in a... by kaurinko Communicator in Splunk Enterprise 10-21-2020 0 0	0	0
AppInspect Time for Approval I would like to pubblish an app on the Splunkbase and I would like to know how long it takes to get the approval afte... by Michele_G Engager in Splunk Enterprise 10-20-2020 1 2	1	2