Splunk Enterprise

Discussions

Thread Info

Can Splunk search DB2 LUW active logs and archive logs looking for DML activity against sensitive data tables?

Can I use Splunk to search DB2 LUW active logs and archive logs looking for DML activity against database tables? We ...

by New Member in

Can I rename a field conditionally?

I have a field named severity. It has three possible values, 1,2, or 3. I want to rename this field to red if the fie...

by Explorer in

Eval and multiple logic operators

Hi, Can anyone explain why the following dosent work? .... | eval suppress=if((hour >=10 AND hour <=12, "yes","...

by Path Finder in

Search pattern from one file in another file in same time frame

Hello, I have a pattern in one file that I need to check if it has occurred in another file. The two files are like: ...

by Engager in

comparing field values across sources/indexes

I have two different datasets as follows: dataset A - there is a field called TicketNo dataset B - there are two f...

by New Member in

Nested Join?

I have 3 different searches I need to combine, where the secondary and tertiary searches need to be joined, and then ...

by New Member in

Timerange picker: Change the value from _time to Reported date

Hi All, Thanks in advance. By default time range picker is using _time. I want to change the value of time ran...

by Explorer in

Same query send to Splunk multiple times

Hello, I have an external script which sends queries to Splunk via API. My script sends 10 identical query same ti...

by New Member in

What is the best way to estimate frozen storage sizing needs?

Hello All, I'm trying to assess some offline storage needs for archiving old Splunk data. I'm planning to adjust m...

by Path Finder in

Change color of stats count visualization

Hi I am new to splunk. I am trying to do a bar chart viz and trying to color each sourcetype by a color but havent...

by Path Finder in

File monitor wildcard not matching?

I'm trying to monitor a catalina logs that look like this: /home/loader/logs/catalina.2017-09-01.log with this ...

by Path Finder in

MAX_EVENTS issue on local Splunk Enterprise application

Hello all, I am having an problem with a Splunk application I am making on my local instance of Splunk Enterprise ...

by Path Finder in

How to tel Splunk to index based on second column(Timestamp) instead of column(Server Started)

How to tel Splunk to index based on second column(Timestamp) instead of column(Server Started). This is causing data ...

by Explorer in

user-prefs.conf in a custom app

I am creating a custom app for my company and I have put user-prefs.conf in default. The SHC always complains about t...

by Builder in

DNS lookup not returning returning results as expected

I am running a basic search and wanting to perform a reverse DNS lookup. index=*proxy src_ip="10.x.x.x" | lookup ...

by Path Finder in

Does splunk have any limitation to index recursive directories on NFS from sub directories ?

Hi all, I was trying to configure a log pattern main.log from using recursive option. However splunk is failing to pi...

by Observer in

Using lookup table data and event data to create a chart

I have a lookup table that has following headers Area, Office (area code and office number). There are many offices u...

by Explorer in

Unable to start splunk light in web browser

I had successfully installed Splunk Light (Free) yesterday, and was able to log into it (as "admin" user) without a p...

by New Member in

what to do if Lookuptable is not showing data for Automatic Lookup??

Hello Guys, I created a Lookup table called products.csv under destination as "source" and now I want to create an...

by Explorer in

Licence reset

Hi Guys, I noticed the message " Error in 'litsearch' command: Your Splunk Light license expired or you have excee...

by New Member in

Splunk Light on Mac fails to launch if your default shell is not bash

This isn’t really a question, but more of an observation. My default shell is fish ( https://fishshell.com/ ), and...

by New Member in

Use of TCP/UDP port

How can we use TCP/UDP monitoring on splunk light to monitor various server with different ports? Also, is there any ...

by New Member in

Oneshot and Kvstore update

Need to upload the contents of a CSV that exceeds the size allowed in our web.conf. Will modify this as a last resort...

by Contributor in

How do I count the number of receiving events per univearsal forwarder?

one day. Some of my universal forwarder have some problems.It sends a lot of duplicate events,On the server, the ngin...

by Communicator in

Data is deleted from cold db before reaching the retention period ?

The environment is standalone and installed splunk on D:drive. For particular index declared the db location in F:dri...

by New Member in

Get Updates on the Splunk Community!

Splunk Enterprise

Discussions

Can Splunk search DB2 LUW active logs and archive logs looking for DML activity against sensitive data tables?

Can I rename a field conditionally?

Eval and multiple logic operators

Search pattern from one file in another file in same time frame

comparing field values across sources/indexes

Nested Join?

Timerange picker: Change the value from _time to Reported date

Same query send to Splunk multiple times

What is the best way to estimate frozen storage sizing needs?

Change color of stats count visualization

File monitor wildcard not matching?

MAX_EVENTS issue on local Splunk Enterprise application

How to tel Splunk to index based on second column(Timestamp) instead of column(Server Started)

user-prefs.conf in a custom app

DNS lookup not returning returning results as expected

Does splunk have any limitation to index recursive directories on NFS from sub directories ?

Using lookup table data and event data to create a chart

Unable to start splunk light in web browser

what to do if Lookuptable is not showing data for Automatic Lookup??

Licence reset

Splunk Light on Mac fails to launch if your default shell is not bash

Use of TCP/UDP port

Oneshot and Kvstore update

How do I count the number of receiving events per univearsal forwarder?

Data is deleted from cold db before reaching the retention period ?

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

"Not allowed non-RFC compliant HTTP traffic"

Search History not loading on one node

AI toolkit app 2890

Deployment Manager フォワーダー管理でエージェントが表示されない

otel not pushing data to on-prem splunk

Splunk Enterprise

Are you a member of the Splunk Community?

Discussions