I tried that but I don't have a field name from my command. Do I need to set one or how does this work? Still new to understanding all of this. I got the command running but working in the commands.c...
See more...
I tried that but I don't have a field name from my command. Do I need to set one or how does this work? Still new to understanding all of this. I got the command running but working in the commands.conf and default.meta files by calling the python/powershell files. Is this something I need to set somewhere?
[serversindex] Configuration initialization for /opt/splunk/var/run/searchpeers/serverhead-1721913866 took longer than expected (1002ms) when dispatching a search with search ID remote_serverhead_u...
See more...
[serversindex] Configuration initialization for /opt/splunk/var/run/searchpeers/serverhead-1721913866 took longer than expected (1002ms) when dispatching a search with search ID remote_serverhead_userxx__userxx__search__search1_1723144245.50. This usually indicates problems with underlying storage performance.
Are you running splunk as root or some other user? Use root is against security practices! If you are running it as splunk, you should also check btool with that user. Otherwise there is small possib...
See more...
Are you running splunk as root or some other user? Use root is against security practices! If you are running it as splunk, you should also check btool with that user. Otherwise there is small possibility that those files are owned by root and splunk user haven’t read access to those. Another option is that some options can set only in …/system/local. Unfortunately you cannot use DS to deploy those configuration into it. Maybe it’s best to rise Spunk support case for it!
I have a custom command that calls a script for nslookup and returns the data to splunk. All of it is working but I want to use this custom command in Splunk to return the data to an eval and output ...
See more...
I have a custom command that calls a script for nslookup and returns the data to splunk. All of it is working but I want to use this custom command in Splunk to return the data to an eval and output that into a table. For example, the search string would look something like the following: index="*"
| iplocation src_ip
| eval testdata = | nslookupsearch dest_ip
| table testdata _time
| sort - _time NOTE: This is not the exact search string, this is just a mock string. When I run: | nslookupsearch Record_Here I get the correct output and data that I want to see. But when I run the command to attach the returned value to an eval, it fails. I keep getting errors on doing this but I can't find something that will work like this. The testdata eval keeps failing.
HI All, I am new to using Splunk. I am uploading a CSV to Splunk that has a column called 'Transaction Date' with the entries in DD/MM/YYYY format as shown below. At the Set Source Type step ...
See more...
HI All, I am new to using Splunk. I am uploading a CSV to Splunk that has a column called 'Transaction Date' with the entries in DD/MM/YYYY format as shown below. At the Set Source Type step I have updated the timestamp format to avoid getting the default modtime. I have updated it with %d/%m/%Y as shown below. This partly works as my '_time' field no longer shows the default modtime. However it shows the date in the incorrect format of MM/DD/YYYY instead of DD/MM/YYYY. (also shown below) Everything else I have left as default. These are my advanced settings: Any Ideas how I can fix this to display the correct format? Thank you!
Searching for "W" or "E" will return a lot of noise. That's why my suggested query included spaces around each letter - the goal being to find the isolated severity codes.
Pretty green with SOAR and haven't been able to find an good answer to this. All of our events in SOAR are generated by pulling them in from Splunk ES. This creates one artifact for each event. I'...
See more...
Pretty green with SOAR and haven't been able to find an good answer to this. All of our events in SOAR are generated by pulling them in from Splunk ES. This creates one artifact for each event. I'm looking for a way to extract data from that artifact so we can start using and labeling that data. Am I missing something here? I haven't found much in the way of training on the data extraction part of this, so any tips for that would be great too.
Hello, I have a 4 servers A, B C, & D. These servers points to two different DS. A & B points to US DS server, C & D servers points to UK DS Server. I'm selecting these 4 servers in an multise...
See more...
Hello, I have a 4 servers A, B C, & D. These servers points to two different DS. A & B points to US DS server, C & D servers points to UK DS Server. I'm selecting these 4 servers in an multiselect value and it has to show two different panels. (hide initially) But, If i select only A & B it has show only US DS panel. (I don't want to show the DS values in the input values.
Hello Thank you for your answer. I tried your command and I have got: root@MSVMSLMCLM01:/opt/splunk/bin# ./splunk btool alert_actions list --debug | grep allowed /opt/splunk/etc/apps/setSplunkComm...
See more...
Hello Thank you for your answer. I tried your command and I have got: root@MSVMSLMCLM01:/opt/splunk/bin# ./splunk btool alert_actions list --debug | grep allowed /opt/splunk/etc/apps/setSplunkCommonConfig/default/alert_actions.conf allowedDomainList = domain.sk root@MSVMSLMCLM01:/opt/splunk/bin# ./splunk btool alert_actions list --debug | grep from /opt/splunk/etc/apps/setSplunkCommonConfig/default/alert_actions.conf from = splunk@domain.sk So this looks like settings are used from correct file, file from pushed application. But when I check web on this machine, those values are empty: Any idea?