Splunk Enterprise

Discussions

Thread Info

Group by level of DisplayName and need all calculations for my query

i got results for my search like below. I got all counts by using eventstas. i need to show Total points by DisplayNa...

by Explorer in

Monitor Azure CDN and blob storage

Hi All, Just started working in splunk. We got a request from user that they want to monitor azure CDN and blob sto...

by Observer in

How to combine two search queries where one query has to use a filter option?

I have a search query as sourcetype="file.csv"|eval Created_Date = mvindex(split(Created," "),0)| stats count as Is...

by Path Finder in

How can i assaign sourcetype based on hostname?

Hello Everyone, I have single source that needs to be monitored which existed in 10 different servers. Am planning ...

by Loves-to-Learn Lots in

Splunk 7.2.9.1 Universal forwarder on SUSE Linux12.4 not communicating and forwarding logs to Indexer after certain peri

I have noticed Splunk 7.2.9.1 Universal forwarder on SUSE Linux12.4 is not communicating to deployment server and for...

by New Member in

Prisma Cloud integration

Has anyone integrated Prisma Cloud into Splunk Enterprise on AWS (either via SQS or API Gateway + Lambda + HEC) to vi...

by New Member in

Splunk standalone forward data from 1 index to syslog

I have a single instance small splunk system. I'm receiving data for a handful of apps on this system. I have data ...

by Observer in

DFS manager: Spark node failed to initialize

Hi All, Post deploying DFS manager on search Head(Master), when I am trying to start splunk, I am seeing below err...

by Explorer in

Splunk Web Interface

Hi, I am trying to access Splunk web. Enabled web server. Splunkd & splunk webserver both are running. Configured w...

by Engager in

splunk license master : slaves and pools endpoint difference

I recently installed splunk on a server with license master uri. Now when I check slaves endpoint(servicesNS/nobody...

by Communicator in

PALOALTO

In our infra we collect the logs with paloalto, epo, proxy ..., everything works fine except the log collection of Pa...

by New Member in

KV Store status failed after upgrade to 8.0.4.1

Good afternoon! After upgrade to version 8.0.4.1 from 8.0.1 KV Store status failed. Failed to start KV Store...

by Explorer in

F5 Source Type Indexing

Hi, I have just begun ingesting F5 logs, I am not using the modular inputs component at present and am only seeing AS...

by Engager in

heavy forwarder SSO with Okta

I want to deploy a heavy forwarder onprem. I want to then set it up for SAML authentication with Okta. Okta has bui...

by Engager in

Set token for each box in a grid

Hi,I'm trying to bring a grid layout with multiple columns with nested rows in them.I was able to achieve it through ...

by Loves-to-Learn in

Settings for upgrade ufw app

hi all,Has anyone able to get the upgrade ufw app for windows to work? I get a message in the logs saying it started...

by Observer in

Search History disappeared ( Splunk Enterprise 8.0.1)

Lost my Search History twice: on Jan 02 - but it came back, and on Jan 03, and it was not recovered since. I checked ...

by New Member in

Forwarders version compatibility with Indexer version 8.x

Hi Folks, We are having upgrade planned for our clustered environment where we have 400+ forwarders , 14 Int forwa...

by Explorer in

Splunk logging issues

Solved

by Explorer in

ACI/admin/cisco_aci_server_setup/cisco_aci_server_setup_settings

@Encountered the following error while trying to connect with ACI APIC "update: Error while posting to @url=/serv...

by New Member in

Splunk Enterprise

Discussions

Group by level of DisplayName and need all calculations for my query

Monitor Azure CDN and blob storage

How to combine two search queries where one query has to use a filter option?

How can i assaign sourcetype based on hostname?

Splunk 7.2.9.1 Universal forwarder on SUSE Linux12.4 not communicating and forwarding logs to Indexer after certain peri

Prisma Cloud integration

Splunk standalone forward data from 1 index to syslog

DFS manager: Spark node failed to initialize

Splunk Web Interface

splunk license master : slaves and pools endpoint difference

PALOALTO

KV Store status failed after upgrade to 8.0.4.1

F5 Source Type Indexing

heavy forwarder SSO with Okta

Set token for each box in a grid

Settings for upgrade ufw app

Search History disappeared ( Splunk Enterprise 8.0.1)

Forwarders version compatibility with Indexer version 8.x

Splunk logging issues

ACI/admin/cisco_aci_server_setup/cisco_aci_server_setup_settings

queued streaming error job -- Indexer error

Japanese is not searched.（日本語が検索されません。）

SmartStore with HCP - delete fails

Field Transformation from Host Tags (tag::host)

Windows Event Index redirects