All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Anyone, any guidance or examples would be greatly appreciated for the above message? Thanks
Hi All,  Is there a way in splunk dashboard studio just I make one column clickable  in table displayed?  I have a table visualisation  in dashboard studio. I want just one column value to be c... See more...
Hi All,  Is there a way in splunk dashboard studio just I make one column clickable  in table displayed?  I have a table visualisation  in dashboard studio. I want just one column value to be clickable. So, that on click of that another table is displayed . ( show / hide).  Please let me know how we can make just value in one column clickable ? Can we ? Regards, PNV
Thanks for your reply. Sorry for the two identical token name, this was a typo and I have corrected it. If there are three or more years, I want to find the earliest year and the latest year, and... See more...
Thanks for your reply. Sorry for the two identical token name, this was a typo and I have corrected it. If there are three or more years, I want to find the earliest year and the latest year, and use the date as tokens. (I just want to find the smallest time range that covers all those years.) And I want to use the tokens for time range of searches in dashboard. Like this: <search> <query>| index=abc</query> <earliest>$timeRangeEarliest$</earliest> <latest>$timeRangeLastet$</latest> </search>
Dear Splunkers, I´m experiencing Splunk AR application network connection issues when trying to add new device. Please see attached print screen.  The error description is following No internet con... See more...
Dear Splunkers, I´m experiencing Splunk AR application network connection issues when trying to add new device. Please see attached print screen.  The error description is following No internet connection - MOB-SSG-6102 and it won´t generate verification code for to register new device. I´ve already tried to re-install the app but it does not help. Can you suggest ? Thank you BR
Your question is a little confusing. You have mentioned the same token twice. Also, please can you clarify what you want if three different years are chosen? Also, how are you going to use the token(... See more...
Your question is a little confusing. You have mentioned the same token twice. Also, please can you clarify what you want if three different years are chosen? Also, how are you going to use the token(s) as this makes a difference to how they might be set up?
This is a bit cryptic! Please explain exactly what the issue is and exactly what you have tried to fix it.
How can I create alerts based on this app data received using API? How this app https://splunkbase.splunk.com/app/6960 alert if my data matches with the intel feeds? Cyble Threat Intel 
The calculation is correct for what it is. However, all this is is the difference between the time the event was indexed by Splunk and the timestamp Splunk has assigned to the event. This is usually ... See more...
The calculation is correct for what it is. However, all this is is the difference between the time the event was indexed by Splunk and the timestamp Splunk has assigned to the event. This is usually based on the data in the event. Whether this represents "latency" is a matter of opinion and whether this is acceptable is also a matter of opinion. It very much depends on the route your data is taking and what the data represents. All of this is not something we can answer for you.
Hi Rich, thank you for your info ill check this and ill be back to you
I have a problem with data it's self and i have 2RF 2SF and they are works fine   i tried to roll buckets multiple times it's works for short time and then get back to the problem again   any one... See more...
I have a problem with data it's self and i have 2RF 2SF and they are works fine   i tried to roll buckets multiple times it's works for short time and then get back to the problem again   any one has idea how can i solve this issue   Thanks
Hi Team, I'm seeing following 22.77 as avg latency for the last 24 hours for one of the sourcetype. What is the normal avg latency that can be accepted since the logs are coming through syslog-> Hea... See more...
Hi Team, I'm seeing following 22.77 as avg latency for the last 24 hours for one of the sourcetype. What is the normal avg latency that can be accepted since the logs are coming through syslog-> Heavy Forwarder->Indexer's and ingesting into splunk.  Please let us know if there is any other alternative approach we can use to calculate the latency if below is incorrect.   Any help would be highly appreciated. Regards VK  
you are right but there are logs which have the instanceid field.
Hello, I am implementing some actions in the S1 app for Splunk SOAR. All actions function independently, such as 'run action', and some work within a playbook. However, one action, when attempted wit... See more...
Hello, I am implementing some actions in the S1 app for Splunk SOAR. All actions function independently, such as 'run action', and some work within a playbook. However, one action, when attempted within a playbook, displays the following error: phantom.act(): action 'get endpoint info by computer name' not supported by any enabled apps
Hello,   We are interested in capturing Microsoft Teams PSTN call records.  There is a Microsoft Graph API  with specific methods to capture this information.   https://learn.microsoft.com/en-us/g... See more...
Hello,   We are interested in capturing Microsoft Teams PSTN call records.  There is a Microsoft Graph API  with specific methods to capture this information.   https://learn.microsoft.com/en-us/graph/api/callrecords-callrecord-getpstncalls?view=graph-rest-1.0&tabs=http   This app in splunkbase looks like it can capture what we want.   (https://splunkbase.splunk.com/app/1546).  The Microsoft Teams  add-on for Splunk is not capturing the PSTN call records and only seems to be capturing Teams to Teams calling.  Any other ideas ?  Thanks.
Hi @mustapha_arakji , I created my custom add-on: eventtypes, tags, field extractions and calculated fields. I did it using the SA-CIM Vladiator app (https://splunkbase.splunk.com/app/2968). Ciao.... See more...
Hi @mustapha_arakji , I created my custom add-on: eventtypes, tags, field extractions and calculated fields. I did it using the SA-CIM Vladiator app (https://splunkbase.splunk.com/app/2968). Ciao. Giuseppe
I have a mutiselect input like this   <input type="multiselect" token="year"> <label>Year</label> <choice value="*">All</choice> <delimiter> OR year=</delimiter> <fieldForLabel>year</fieldForLa... See more...
I have a mutiselect input like this   <input type="multiselect" token="year"> <label>Year</label> <choice value="*">All</choice> <delimiter> OR year=</delimiter> <fieldForLabel>year</fieldForLabel> <fieldForValue>year</fieldForValue> <search> <query>| inputlookup supported_years.csv | dedup year | table year</query> </search> <default>2023</default> <initialValue>2023</initialValue> </input>   I want to set the time range token to the result of the input selection above. If 2023 was chosen, the token value for $timeRangeEarliest$ should be 2023/01/01 and the token value for $timeRangeLastet$ should be 2023/12/31.  If 2021 and 2023 was chosen, the token value for $timeRangeEarliest$ should be 2021/01/01 and the token value for $timeRangeLastet$ should be 2023/12/31. Etc. I want to use this two tokens for time range in search. Don't know how to do it. Please help. Many thanks.
btw, where can i find web.conf in windows? Because i cant find the right one to edit this file
Okey then, i will try to do with this method. Thanks for the respond
Hello I have installed the Splunk add on for AWS on our on perm Splunk instance. Using IAM User is not allowed in our company due to security policy. We can only use IAM role to access the resources... See more...
Hello I have installed the Splunk add on for AWS on our on perm Splunk instance. Using IAM User is not allowed in our company due to security policy. We can only use IAM role to access the resources. In Splunk aws addon page, Under configuration tab, Adding AWS account in Splunk requires KeyID/secret key which I can not create due to my company policy.. Is there a way to connect to the AWS account using IAM role that has the Splunk inline policy attached to it?   Thanks in advance. Siva  
@gcusello, did you get any chance finding an answer for this one? Or you ended up creating your own?