Splunk Enterprise

Discussions

Thread Info

EXTRACT-field command is not working in Splunk cloud for props.conf file

I am trying to add an EXTRACT-field command in Splunk cloud. I added the regex, it is working in search and capturing...

by Loves-to-Learn Everything in

Spunk logging properties file

I am trying to integrate splunk into my project. Currently, I have the following .properties file: mySplu...

by Observer in

Splunk Version upgrade 9.0.3 to 9.1.0

Hi All,I am planning to upgrade Splunk Enterprise app in production Our Splunk Environment has1 - Cluster master4 - i...

by Explorer in

Regex Processor CPU Profiling per Sourcetype” under "DMC -> Indexing -> Indexing Performance:Instances" is not populating any data.

Regex Processor CPU Profiling per Sourcetype” under "DMC -> Indexing -> Indexing Performance:Instances" is not popula...

by Splunk Employee in

REGEX not being applied even though it is working in REX

Hi all, We have ingested some logs using a heavy forwarder as below in /opt/splunk/etc/apps/test_inputs/local/: ...

by Explorer in

Deployment Server clients have wrong apps

We have a small satellite deployment of 40+ servers, that have a dedicated HF doubling as a Deployment Server running...

by Contributor in

Breaking my 5GB license into 2 smaller licenses

In my air gapped lab, I got 5GB Splunk license but hardly using 1GB. Within the lab, we are working to have a smaller...

by Communicator in

Splunk Search Head physical server migration from old server to new physical server

We have plan to migrate the old physical server to new physical server and the server is a Search Head component ...

by Explorer in

Splunk forwarder is not validating ExtendedKeyUsage for server authentication

We are using Splunk forwarder v9.0.3. One of the X509 validation we would like to have against TLS server certificate...

by Explorer in

How do you schedule a report that needs to run multiple times for different time ranges?

We have a report that generates data with the `outputlookup` command and we are in need to schedule it multiple times...

by Communicator in

Migrating Our Splunk Deployment Master Server From Azure To On-Premises

Hi All, Our current setup involves Splunk Search Heads hosted in Splunk Cloud and managed by Support. The existing ...

by Contributor in

Its Urgent - Request for Dashboard Panel

In Splunk Dashboard: Total request number for security token/priority token filtered by partner nameDuplicate reque...

by New Member in

change for fmc logs

Hello everyone could please help me to edit this app for FMC logs

by New Member in

Unable to configure LDAP authentication

I am getting following error while configuring LDAP on my Splunk instances ( tried it on Splunk deployment server, In...

by Path Finder in

DB connect page not loading

Hi community, I am trying to connect to the DB connect app and i am constantly redirected tohttp://$HOST/en-US...

by Path Finder in

Splunk forwarder is not validating path length basic constraint against TLS server certificate

We are using Splunk forwarder v9.0.3. We would like to have Splunk forwarder to reject the TLS server certificate if ...

by Explorer in

How to resolve disk usage show negative value on monitoring console after adding storage.

Hi, i made changes on my indexer storage but when i see on monitoring console part disk usage, the value is negative....

by Communicator in

indexer not working after changing cluster configuration

Hi, I am trying to change the indexer configuration from one cluster master to another but in the process of this ...

by Contributor in

Custom javascript doesn't work

Hi, i am trying to use custom javascript file to customize some button actions in my dashboard, but it doesn't work...

by Explorer in

anyone have similar error after upgrade 9.3.1 RROR startup:116 - Unable to read in product version information; isSess

2024-11-01 12:25:49,065 +0000 ERROR startup:116 - Unable to read in product version information; isSessionKeyDefined=...

by Communicator in

rex field

Hi everyone, I am using rex field to extract content that containst the following word: full | rex field...

by Loves-to-Learn Lots in

Why do we have warm buckets?

Can't hot bucket just roll directly to cold bucket? Or it's not possible? Does it have anything to do with the fact t...

by Path Finder in

Multivalue fields extraction

Hi,Please help me in extracting multivalue fields from email body logs:LOG:"Computer Name","Patch List Name","Complia...

by Explorer in

Splunk Universal forwarder management port is closed

Hi All,I updated Splunk Universal forwarder from 8.2.6 to 9.1.3 on a Debian host. No specific configuration basically...

by Path Finder in

How to use mvexpand in a table where there are multiple columns with different data count?

1. I need to fetch data based on deviceMac such that row gets corresponding data from each column.2. It should fi...

by Engager in

Get Updates on the Splunk Community!

Splunk Enterprise

Discussions

EXTRACT-field command is not working in Splunk cloud for props.conf file

Spunk logging properties file

Splunk Version upgrade 9.0.3 to 9.1.0

Regex Processor CPU Profiling per Sourcetype” under "DMC -> Indexing -> Indexing Performance:Instances" is not populating any data.

REGEX not being applied even though it is working in REX

Deployment Server clients have wrong apps

Breaking my 5GB license into 2 smaller licenses

Splunk Search Head physical server migration from old server to new physical server

Splunk forwarder is not validating ExtendedKeyUsage for server authentication

How do you schedule a report that needs to run multiple times for different time ranges?

Migrating Our Splunk Deployment Master Server From Azure To On-Premises

Its Urgent - Request for Dashboard Panel

change for fmc logs

Unable to configure LDAP authentication

DB connect page not loading

Splunk forwarder is not validating path length basic constraint against TLS server certificate

How to resolve disk usage show negative value on monitoring console after adding storage.

indexer not working after changing cluster configuration

Custom javascript doesn't work

anyone have similar error after upgrade 9.3.1 RROR startup:116 - Unable to read in product version information; isSess

rex field

Why do we have warm buckets?

Multivalue fields extraction

Splunk Universal forwarder management port is closed

How to use mvexpand in a table where there are multiple columns with different data count?

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

AI toolkit app 2890

Assistance Needed: Pulling Data from Splunk Enterp...

Deployment Manager フォワーダー管理でエージェントが表示されない

otel not pushing data to on-prem splunk

Installing additional software with splunk-ansible...

Splunk Enterprise

Are you a member of the Splunk Community?

Discussions