All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Perhaps if you read my suggestion more carefully you would have noticed that I suggested you evaluate a new token and then use that token in the link!
Please I need the method if it is done with you
Ah, very good. Thank you!        
Hello Team, We tried to integrate our Splunk enterprise LB URL using SAML authentication. We gave details such as Entity ID, LB URL, and Reply URL, and they generated metadata (XML), which we then u... See more...
Hello Team, We tried to integrate our Splunk enterprise LB URL using SAML authentication. We gave details such as Entity ID, LB URL, and Reply URL, and they generated metadata (XML), which we then uploaded to Splunk. After configuration, we received the following error. Please find the below SS error FYR. Could you please assist us with the mentioned integration part Please let us know if you need any other information. Regards, Siva.
You have several options 1) The delta command to calculate the difference 2) The autoregress command to copy over value from previous result row and calculate difference manually 3) The streamstat... See more...
You have several options 1) The delta command to calculate the difference 2) The autoregress command to copy over value from previous result row and calculate difference manually 3) The streamstats command to do the same as 2) but in a more complicated way
Hello everyone, can anyone help me with how I can get the difference to the previous value from a device that sends me the total kwh number in order to be able to calculate a consumption per specifi... See more...
Hello everyone, can anyone help me with how I can get the difference to the previous value from a device that sends me the total kwh number in order to be able to calculate a consumption per specified time in the Splunk dashboard? Currently, I am only shown an ever-increasing value. Thank you very much!
Hi @ITWhisperer  This is my code in xml dashboard. In my dashboard some link should be present. So if i click on the link it showing null. So i used below code. Still i am getting null value. ... See more...
Hi @ITWhisperer  This is my code in xml dashboard. In my dashboard some link should be present. So if i click on the link it showing null. So i used below code. Still i am getting null value. <condition field="Link"> <eval token="link">if(isnull($row.URL$),"","https://$row.URL|n$"</eval> <link target="_blank">$row.URL|n$</link> </condition>
Hi, since a couple of days i getting these errors from one of my search heads: "06-05-2024 14:33:35.300 +0200 WARN LineBreakingProcessor [3959599 parsing] - Truncating line because limit of 10000 b... See more...
Hi, since a couple of days i getting these errors from one of my search heads: "06-05-2024 14:33:35.300 +0200 WARN LineBreakingProcessor [3959599 parsing] - Truncating line because limit of 10000 bytes has been exceeded with a line length >= 11513 - data_source="/opt/splunk/var/log/splunk/audit.log", data_host="XXX", data_sourcetype="splunk_audit"" As far as i understood, i can set truncate value within the props.conf to a higher value. I just want to understand, why internal logs exceeds the line length. Can someone point me in the right direction why the audit logs exceeds this limit? thanks
hello, I have a problem that I'm not receiving data to some of my indexes when it is related to monitoring.  for the monitor I created an app in the server I pull the data from, it worked for a w... See more...
hello, I have a problem that I'm not receiving data to some of my indexes when it is related to monitoring.  for the monitor I created an app in the server I pull the data from, it worked for a while and now it stopped. the stanza of the inputs.conf looks like that: [monitor://\\<my_server_ip>\<folder>\*.csv] index=<my_index> disabled = 0 ignoreOlderThan = 2d sourcetype = csv source=<source_name>   it happens in 2 indexes of mine that have the same stanza structure. I checked the connection from my server to the monitor path and it was ok. I checked the _internal index for errors with no results. I opened wireshark no see any connections error which i didn't found any errors.   any ideas?
Generally speaking, yes, you can use a single HF for all of your input scripts.  If you will be processing a lot of data then you may need an additional HF.
If you know when you injected it, can you find the raw event in the logs that Splunk has to see how it has been logged (then you'll know what to search for)?
Hi @R4M4L3, if you're speaking of a lab or a Stand_Alone instalation, you can use the same Spunk Enterprise IP address or hostname. If you have to manage more than 50 clients, you must use a dedica... See more...
Hi @R4M4L3, if you're speaking of a lab or a Stand_Alone instalation, you can use the same Spunk Enterprise IP address or hostname. If you have to manage more than 50 clients, you must use a dedicated server for this role. For more infos see at https://docs.splunk.com/Documentation/Splunk/9.2.1/Updating/Aboutdeploymentserver Ciao. Giuseppe
Hello. I want to deploy Splunk Enterprise on my machine. and I am installing Universal Forwarder and I can't figure out what the Deployment Server IP could be. should I make it the IP address of t... See more...
Hello. I want to deploy Splunk Enterprise on my machine. and I am installing Universal Forwarder and I can't figure out what the Deployment Server IP could be. should I make it the IP address of the Host Machine? need help.!!    
the following code 1' OR '1'='1'# these are the malicious code to get admin data and password. i want to find the anomaly that it causes the log through Splunk search sample attack
Hi @Rupert.Broad , Do you perhaps have some steps i could follow to install the .Net and Machine agents on fargate containers? Im having a tough time finding the correct steps to follow and I nee... See more...
Hi @Rupert.Broad , Do you perhaps have some steps i could follow to install the .Net and Machine agents on fargate containers? Im having a tough time finding the correct steps to follow and I need to get this done. Thanks in advance. Shane. 
i have installed a vulnerable web application in my win 10 OS through xampp. now i have setup my splunk enterprise to test the effect of various attack on the target DVWA web application .  or 1=1; -... See more...
i have installed a vulnerable web application in my win 10 OS through xampp. now i have setup my splunk enterprise to test the effect of various attack on the target DVWA web application .  or 1=1; -- this is a  Sql injection attack
@Venkata.Vadlamani , Hope you well, have you managed to get this right for fargate containers? regards. Shane. 
As this relates to licensing and expansion  - this is best discussed with your Splunk Sales Representative - you should have the Splunk  contacts within your organisation. 
I have installed splunk es app and uploaded botsv1.stream_http.json (https://github.com/splunk/attack_data) but incident_review and ess_security_posture is not hitting any event how do I ma... See more...
I have installed splunk es app and uploaded botsv1.stream_http.json (https://github.com/splunk/attack_data) but incident_review and ess_security_posture is not hitting any event how do I make splunk es to check my uploaded logs and generate a list of alerts like below. Please note that I am not checking the logs forwarded by agent, but the log files uploaded on the browser side thank you