Hi @tuts , there's something wrong in your proceduree, review it step by step, and follow a Splunk Enterprise Security User / Admin training. Ciao. Giuseppe
Updated query for 2024 looks like this: index=_audit sourcetype=audittrail action=remove_user | stats values(_time) as _time values(user) as removed_by by username
Hi @Jitendra33 , after a stats command, you have only the fields listed in the command, in your case you don't have the _time that is rerquested for the timechart command, so use stats, something li...
See more...
Hi @Jitendra33 , after a stats command, you have only the fields listed in the command, in your case you don't have the _time that is rerquested for the timechart command, so use stats, something like this (to adapt to your real case: | Myquery
| bin span=1d _time
| stats
sum(Attempts) AS TransactionAttempts
sum(Success) AS SuccessfulTransactions
BY _time MerchantName
| eval CR=round(SuccessfulTransactions/TransactionAttempts*100, 2) Why did you used coalesce? Ciao. Giuseppe
@bowesmana Thanks for the solution | rex field=message "ActionName\\\":\\\"(\w+\.)*(?<ActionName>\w+)" this worked tried similar thing to extract name from below url using below reg ex what...
See more...
@bowesmana Thanks for the solution | rex field=message "ActionName\\\":\\\"(\w+\.)*(?<ActionName>\w+)" this worked tried similar thing to extract name from below url using below reg ex what did I miss it didnot work i replaced . to /? If you could ecplain to it will be helpful URL --- /api/v1/Publish value expected ---- Publish | rex field=message "reqPath\\\":\\\"(\w+\/)*(?<reqPath>\w+)" Thanks a ton in advance
I am experiencing the same issue. About 12 hours ago, I recieved a normal notification from the splunk app again. After using the test notification function, I noticed that the notifications are sent...
See more...
I am experiencing the same issue. About 12 hours ago, I recieved a normal notification from the splunk app again. After using the test notification function, I noticed that the notifications are sent but not notification sound is played. All notification related settings on my phone are correct. I'll send another post when I'm able to confirm if the "no notification sound" problem is also affecting real notifications. But I'm fairly certain that it won't work as the notification sound also worked with test notifications before it stopped working completely. a few weeks ago. Does anyone have any information from the splunk team regarding this issue?
Hi Team,
I am trying to put conversion of transaction for all days of the week in a line chart for successful transaction for multiple merchants . Something like this shown below.
My q...
See more...
Hi Team,
I am trying to put conversion of transaction for all days of the week in a line chart for successful transaction for multiple merchants . Something like this shown below.
My query is like this :
| Myquery
| stats sum(Attempts) as TransactionAttempts, sum(Success) as SuccessfulTransactions by MerchantName
| eval CR= round(coalesce( SuccessfulTransactions / TransactionAttempts * 100, 0 ), 2)
| timechart span=1d CR by MerchantName
Which function shall i put in timechart to get desired result
In order for Splunk to present the metrics and data you want; you need to look at how the web tool can output to any logs or does it use API. then you need to look at that data, logs or API data and ...
See more...
In order for Splunk to present the metrics and data you want; you need to look at how the web tool can output to any logs or does it use API. then you need to look at that data, logs or API data and see if it contains the metrics or data you want. You then need a plan of how to ingest that data into Splunk. Splunk has many methods of collecting data, via Splunk HTTP- HEC / API JSON/XML, Agents (Universal forwarder) so it can collect those logs you’re interested in and ingest into a Splunk index for you to search and generate insights and then create the dashboards, alerts, based on your metrics etc. There is a good talk soon - might be worth joining this for you to get some concept knowledge on getting data in https://community.splunk.com/t5/Community-Office-Hours/Getting-Data-In-Splunk-Platform-Wed-9-11-24/ec-p/690523#M105
I am using a web tool, scconverter.net , to download and save SoundCloud tracks for offline listening. I want to ensure that the tool operates efficiently and without errors. How can I set up Splunk ...
See more...
I am using a web tool, scconverter.net , to download and save SoundCloud tracks for offline listening. I want to ensure that the tool operates efficiently and without errors. How can I set up Splunk to track the usage, performance metrics, and any potential issues with this web tool? Specifically, I am interested in: Monitoring the number of downloads per day. Tracking error rates and response times. Setting up alerts for any performance degradation. What data should I collect, and how can I visualize it in Splunk? Any advice on configuring the necessary inputs and dashboards would be appreciated.
Any update? This issue still persists in 9.1.x version (and I assume in 9.2.x also because there is no information in release notes/fixed issues). Now it's very difficult to control the execution of ...
See more...
Any update? This issue still persists in 9.1.x version (and I assume in 9.2.x also because there is no information in release notes/fixed issues). Now it's very difficult to control the execution of scripts. [script://] input has this feature implemented, but [powershell://] don't. * NOTE: when you specify a cron schedule, the input does not run the
script on start-up.
Sound like a case for dedup, based on that you can optionally also place the devices into a lookup file and also use that. (You can then use that SPL in your drop down menu which is what I suspect yo...
See more...
Sound like a case for dedup, based on that you can optionally also place the devices into a lookup file and also use that. (You can then use that SPL in your drop down menu which is what I suspect you want to do) See the examples and if that meets what you want to do. https://docs.splunk.com/Documentation/SplunkCloud/9.1.2312/SearchReference/Dedup#Examples
Lets say I have created two custom metrics i.e Counter and Timer using Micrometer in Spring boot 3. These metrics are exposed via /actuator/metrics and /actuator/prometheus endpoints. I have AppDyna...
See more...
Lets say I have created two custom metrics i.e Counter and Timer using Micrometer in Spring boot 3. These metrics are exposed via /actuator/metrics and /actuator/prometheus endpoints. I have AppDynamics enabled for my application and no where I can see the custom metrics I created. There is a section called Metrics Browser, which does not show or display the custom metrics. How can I view these metric details on AppDynamics for my Spring boot 3 app.
Mixing OS types is not recommended, that said CentOS and RHEL are mostly aligned and it should work, and you want to ensure the kernel level is supported. BUT if you don’t follow best practices, you...
See more...
Mixing OS types is not recommended, that said CentOS and RHEL are mostly aligned and it should work, and you want to ensure the kernel level is supported. BUT if you don’t follow best practices, you then take the risk, in terms of something not working due to OS specific configuration/libraries, package management/file systems/performance etc. Most Enterprise’s standardise, so they have baseline OS config as standard, and ensure that the hardware and software requirements are met for Splunk. There is a table here of the kernels level support https://docs.splunk.com/Documentation/Splunk/9.2.1/Installation/Systemrequirements#Supported_Operating_Systems
Hi,
I want to create alert based on file received. Everyday at randomly we used to receive files.
ex. file name: file_20240613_1222_100.xml
Here I can extract Date:20240613 and CompanyId: 1222 ...
See more...
Hi,
I want to create alert based on file received. Everyday at randomly we used to receive files.
ex. file name: file_20240613_1222_100.xml
Here I can extract Date:20240613 and CompanyId: 1222
I need create alert which should run for every 30 mins to check if any file arrived. If any file detected it should check both 'Date' and 'CompanyId' with last 30 days files received. If suppose there is any filename in last 30 days with same 'Date' and 'CompanyId' in the filename then it should trigger any email alert.
Base search:
index=wealth
| search transform-file
| search ace_message
| rex field=_raw "inputFileName: (?<inputFileName>.*?),"
| rex field=_raw "outputFileName: (?<outputFileName>.*?),"
| rex field=inputFileName "file\_\d+\_(?<CompanyId>\d+)\_"
| rex field=inputFileName "file\_(?<Date>\d+)\_"
| table inputFileName,outputFileName, CompanyId, Date
This will search for last 30 mins and see if any new file arrived , but I am not sure how to check the same fields for last 30 days filename.
Can someone help !
Hello everyone, Due to the high number of identical devices, I would like to be able to select which devices should be displayed via a dropdown. Has anyone done this before and can possibly give me ...
See more...
Hello everyone, Due to the high number of identical devices, I would like to be able to select which devices should be displayed via a dropdown. Has anyone done this before and can possibly give me the procedure and the code? Many thanks and best regards Alex
Hi Naresh
There are 2 possible scenarios here.
1. There is no traffic, meaning no load
2. There might be an issue with the agent itself. Sometimes there are certain limits being reached by the ...
See more...
Hi Naresh
There are 2 possible scenarios here.
1. There is no traffic, meaning no load
2. There might be an issue with the agent itself. Sometimes there are certain limits being reached by the agent which stop monitoring from being tracked. The easiest way to check is to look at the agent logs, to see if specifi limits are being breached.
Noone can tell you what _you_ need to monitor and what to look for - it depends on your environments, your use cases, your users and your work characteristics. You can look for inspiration here http...
See more...
Noone can tell you what _you_ need to monitor and what to look for - it depends on your environments, your use cases, your users and your work characteristics. You can look for inspiration here https://research.splunk.com/