All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Hi @IzI , you have to download and install it. Why these questions, what's the issue? Ciao. Giuseppe
ok, but does it require URL approvals? 
Hi @IzI , ES Content Updates App is an app from Splunkbase that you instal on your Search heads, so it doesn't need any additional firewall route. Ciao. Giuseppe
Hi @karthi2809 , Linux servers can easily send syslogs, that you can receive directly in Splunk or passing throgh rsyslog or syslog-ng server. Anyway I continue to hint to try to convince your cust... See more...
Hi @karthi2809 , Linux servers can easily send syslogs, that you can receive directly in Splunk or passing throgh rsyslog or syslog-ng server. Anyway I continue to hint to try to convince your customer about Universal Forwarders: they are more efficient, secure and you can capture more kinds of logs.. Ciao. Giuseppe
Hi @AL3Z , I know these solutions, but I always hint Splunk training. In addition search videos on YouTube Splunk Channel. Ciao. Giuseppe
Hi @gcusello , It looks like some courses are free, while others require payment. Could you suggest if there are better alternatives on platforms like Coursera or Udemy? Thanks
Please provide more information such as the source of your dashboard
Hi @ITWhisperer  That didn't work unfortunately, gave the following error Set token value to render visualization $form.element$  
Assuming you have a way to uniquely identify your events, you could try something like this: Read current data Set a field to 1 Append previous data (setting field to 2) Sum the field by unique ... See more...
Assuming you have a way to uniquely identify your events, you could try something like this: Read current data Set a field to 1 Append previous data (setting field to 2) Sum the field by unique id Where sum is 3, the id exists in both data sets; where it is 2, it exists previous data set, where is 1 it only exists in current data set.
Hi, which URLs have to be opened in the firewall for the ES Contant Update App? What else may need to be opened in the firewall for the app to work properly?   Regards, Alex
Hi @gcusello  I agree that point but our client is not intrested to install agent and as you mentioned the syslog the application team have multiple logs .So is there any ways to monitor the logs .A... See more...
Hi @gcusello  I agree that point but our client is not intrested to install agent and as you mentioned the syslog the application team have multiple logs .So is there any ways to monitor the logs .And how to onboard syslogs any examples.   Thanks, Karthi
Try something like this | eval selected_total = mvcount($form.element$)
With splunk Stopped please give me the output of netstat -aon|grep 8089 if this shows 8089 is established connection then you will need to disconnect what ever it is and start splunk with splunk use... See more...
With splunk Stopped please give me the output of netstat -aon|grep 8089 if this shows 8089 is established connection then you will need to disconnect what ever it is and start splunk with splunk user again shoudl fix the issue.
can you paste the status of this command $SPLUNK_HOME$/bin/splunk show kvstore-status from indexer.
Hi All, Need some help with SPL query to compare the data from same host on 2 different dates and give me a status as "found" or "not found" . Status = Found if it finds the notepad is still install... See more...
Hi All, Need some help with SPL query to compare the data from same host on 2 different dates and give me a status as "found" or "not found" . Status = Found if it finds the notepad is still installed on same Path on the same machine else not found.   so far I have created a kvstore lookup to store the data but cannot come up with logic to compare the data I have added sample data below. All help is appreciated.   HostNameExeVersion Path ProductName RunDate sourcetype xxxxx null C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.19041.3996_none_e397b63725671b86\f\notepad.exe null 2024-06-13 07:41:37 feed xxxxx null C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.19041.3996_none_e397b63725671b86\r\notepad.exe null 2024-06-14 07:41:37 feed
Hi all I'm trying to count the number of selected items in a Multiselect control. I've tried eval and stats but no luck with either   | eval selected_total = count($element$)     | stats cou... See more...
Hi all I'm trying to count the number of selected items in a Multiselect control. I've tried eval and stats but no luck with either   | eval selected_total = count($element$)     | stats count($element$) as selected_total       Thanks
HI @uagraw01  Try this: Data display > Data value display: All.  
I have an integration between Opsgenie and Splunk in order to create Opsgenie alerts whenever some Splunk alerts are created. The thing is I've been having some issues with one of the dynamic proper... See more...
I have an integration between Opsgenie and Splunk in order to create Opsgenie alerts whenever some Splunk alerts are created. The thing is I've been having some issues with one of the dynamic properties available for such integration, the {{results_link}}. This link is such a useful asset since it allows devs to be forwarded to the specific search that raised the alert in Splunk. However, we've been seeing some weird behaviour with these results link. For some reason, they seem to stop working at some point. Here's an example of an alert that was generated in Splunk and hence created an alert in Opsgenie through the integration, which had a field with the {{results_link}} property added. The following screenshots are for the exact same link at different times (yesterday afternoon and this morning) where you can see it was a valid query and then it isn't.        We need help understanding why this link stops working at some point and how could we avoid that behaviour. Thanks
trial
Hi all,, working with the "Crypto and Encoding Add-On" from splunkBase, I can't manage to make it work on my environment.   The "hash" command specifically fails when using the "salt" option, like... See more...
Hi all,, working with the "Crypto and Encoding Add-On" from splunkBase, I can't manage to make it work on my environment.   The "hash" command specifically fails when using the "salt" option, like the following: "| hash algorithm=sha256 salt=test_salt test_field"   When removing the salt option, this works just fine, but I really need to add the salt to it for my use case.   The returned error is the following: ValueError at "/cs/splunk/search/etc/apps/TA-cryptosuite/bin/hash.py", line 122 : Specified salt file "test_salt" does not exist. Please check the spelling of your specified salt name or your configured salts.   I created the entry in the "Key and Salt Management" dashboard, but with no success. I wonder what it could be, since roles and accesses to the app are all open.   Any help here would be really appreciated. Thanks!   @hRun