Hi Team, my CSV file contains a field like bellow (1st line in CSV) How can i create transformation for field extraction
"State","Location name","Primary Number"
its retrieving a field state an...
See more...
Hi Team, my CSV file contains a field like bellow (1st line in CSV) How can i create transformation for field extraction
"State","Location name","Primary Number"
its retrieving a field state and Location
Expected Fields: State Location name Primary Number
After Splunk Forwarder installation deployment server is not able to push the configuration to the forwarder or the forwarder is not able to communicate with splunk ...
See more...
After Splunk Forwarder installation deployment server is not able to push the configuration to the forwarder or the forwarder is not able to communicate with splunk
Hello everyone, I want the Kerio Control technical guide that provides details on how to set up and configure a Syslog server to send logs to Splunk log management systems.
Hello,
I have a table in a dashboard like so
User
ID1
ID2
A
ABC
123
B
DEF
456
C
GHJ
789
I have set a dilldown token like so
<set token="id1...
See more...
Hello,
I have a table in a dashboard like so
User
ID1
ID2
A
ABC
123
B
DEF
456
C
GHJ
789
I have set a dilldown token like so
<set token="id1">$row.ID1$</set>
<set token="id1">$row.ID1$</set>
I have a below table that I want to pass these token down. For example, when I click at ABC at ID1, it will pass the token id1 aka value "ABC" to below query, when I click at 456 at ID2 it will pass the token id2 aka value "456" to below query.
The query will be
index=myindex $id1$ (if I click on a value in ID1 column)
or
index=myindex $id2$ (if I click on a value in ID2 column)
I push in the right direction would be very appriciated.
Thank you
Hi All, I recently found out that my Syslog Server is creating duplicates for all log files. I checked the packets ´pcap´ from one host and it contains unique logs but syslog has duplicates. Ho...
See more...
Hi All, I recently found out that my Syslog Server is creating duplicates for all log files. I checked the packets ´pcap´ from one host and it contains unique logs but syslog has duplicates. How do I prevent syslog from creating duplicate logs? Is there a way to prevent Splunk from ingesting duplicate logs? #syslog #linux #duplicates
Hi @seyongkim, Splunk MLTK 5.1.3 is compatible with Splunk Enterprise 8.0.0 or higher, or Splunk Cloud Platform. https://docs.splunk.com/Documentation/MLApp/5.3.1/User/Installandconfigure#Requirem...
See more...
Hi @seyongkim, Splunk MLTK 5.1.3 is compatible with Splunk Enterprise 8.0.0 or higher, or Splunk Cloud Platform. https://docs.splunk.com/Documentation/MLApp/5.3.1/User/Installandconfigure#Requirements
Macro expansion is just textual, there is no context held during expansion, so the expansion doesn't interpret any values passed to the macro, it simply replaces the text of the macro "call" with the...
See more...
Macro expansion is just textual, there is no context held during expansion, so the expansion doesn't interpret any values passed to the macro, it simply replaces the text of the macro "call" with the body of the macro substituting parameters as it goes, then tries to expand any macros which have been added, and so on.
Hello, We attempted to upgrade Splunk OTEL on the cluster using the helm3 upgrade command, but encountered the following error. Error: UPGRADE FAILED: parse error at (splunk-otel-collector...
See more...
Hello, We attempted to upgrade Splunk OTEL on the cluster using the helm3 upgrade command, but encountered the following error. Error: UPGRADE FAILED: parse error at (splunk-otel-collector/templates/operator/_helpers.tpl:8): unclosed action
@anglewwb35- I'm not sure what kind of integration are you trying to do. But here is the references for Splunk API, which I hope will help you build the integration. https://docs.splunk.com/Docum...
See more...
@anglewwb35- I'm not sure what kind of integration are you trying to do. But here is the references for Splunk API, which I hope will help you build the integration. https://docs.splunk.com/Documentation/Splunk/9.2.1/RESTUM/RESTusing https://docs.splunk.com/Documentation/Splunk/9.2.1/RESTREF/RESTprolog
@egt- This is not complete stack-trace to provide the information what is the root cause of this error. Regarding the slowness of the system, it all usually boils down to machines capability. Please...
See more...
@egt- This is not complete stack-trace to provide the information what is the root cause of this error. Regarding the slowness of the system, it all usually boils down to machines capability. Please check the resource availability of the system - CPU, Memory, Network I hope this helps!!!
@umeshchandra- Even though you are using SAML authentication, you can still create a local Splunk service account (with right read-only permissions) for this job. And it should do the job for your us...
See more...
@umeshchandra- Even though you are using SAML authentication, you can still create a local Splunk service account (with right read-only permissions) for this job. And it should do the job for your use-case. I hope this helps!!!
@sputre- The Add-on documentation describes the API - https://docs.splunk.com/Documentation/AddOns/released/NetApp/Lookups (But I personally have no experience with it) I hope this helps!!!
@BisHop1020- Are you talking about this add-on - https://splunkbase.splunk.com/app/6135 This App is archived and I would not recommend using it. If purpose of using this Add-on is to collect dat...
See more...
@BisHop1020- Are you talking about this add-on - https://splunkbase.splunk.com/app/6135 This App is archived and I would not recommend using it. If purpose of using this Add-on is to collect data from Jamf pro? Is so, then you can use - https://splunkbase.splunk.com/app/4729 I hope this helps!!!
@nsxlogging- I know Splunkbase was under maintenance recently. Try again and if the issue persist then you can contact splunkbase-admin@splunk.com. I hope this helps!!!
@n3wbi3- Have you configured DMC (Monitoring Console) roles for all the servers properly? https://docs.splunk.com/Documentation/Splunk/9.2.1/DMC/Configureindistributedmode Try running: | rest s...
See more...
@n3wbi3- Have you configured DMC (Monitoring Console) roles for all the servers properly? https://docs.splunk.com/Documentation/Splunk/9.2.1/DMC/Configureindistributedmode Try running: | rest splunk_server_group=* /services/licenser/pools I hope this helps!!!
@BTrust- I don't see any issues with configuration or search that could be causing this issue. Do you have any sourcetype related configuration on the search head? (ex. rename in props.conf). If no...
See more...
@BTrust- I don't see any issues with configuration or search that could be causing this issue. Do you have any sourcetype related configuration on the search head? (ex. rename in props.conf). If not, then I don't see any other issues with this. You can raise a Support Ticket with Splunk in that case. I hope this helps~!!