All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Generally speaking, yes, you can use a single HF for all of your input scripts.  If you will be processing a lot of data then you may need an additional HF.
If you know when you injected it, can you find the raw event in the logs that Splunk has to see how it has been logged (then you'll know what to search for)?
Hi @R4M4L3, if you're speaking of a lab or a Stand_Alone instalation, you can use the same Spunk Enterprise IP address or hostname. If you have to manage more than 50 clients, you must use a dedica... See more...
Hi @R4M4L3, if you're speaking of a lab or a Stand_Alone instalation, you can use the same Spunk Enterprise IP address or hostname. If you have to manage more than 50 clients, you must use a dedicated server for this role. For more infos see at https://docs.splunk.com/Documentation/Splunk/9.2.1/Updating/Aboutdeploymentserver Ciao. Giuseppe
Hello. I want to deploy Splunk Enterprise on my machine. and I am installing Universal Forwarder and I can't figure out what the Deployment Server IP could be. should I make it the IP address of t... See more...
Hello. I want to deploy Splunk Enterprise on my machine. and I am installing Universal Forwarder and I can't figure out what the Deployment Server IP could be. should I make it the IP address of the Host Machine? need help.!!    
the following code 1' OR '1'='1'# these are the malicious code to get admin data and password. i want to find the anomaly that it causes the log through Splunk search sample attack
Hi @Rupert.Broad , Do you perhaps have some steps i could follow to install the .Net and Machine agents on fargate containers? Im having a tough time finding the correct steps to follow and I nee... See more...
Hi @Rupert.Broad , Do you perhaps have some steps i could follow to install the .Net and Machine agents on fargate containers? Im having a tough time finding the correct steps to follow and I need to get this done. Thanks in advance. Shane. 
i have installed a vulnerable web application in my win 10 OS through xampp. now i have setup my splunk enterprise to test the effect of various attack on the target DVWA web application .  or 1=1; -... See more...
i have installed a vulnerable web application in my win 10 OS through xampp. now i have setup my splunk enterprise to test the effect of various attack on the target DVWA web application .  or 1=1; -- this is a  Sql injection attack
@Venkata.Vadlamani , Hope you well, have you managed to get this right for fargate containers? regards. Shane. 
As this relates to licensing and expansion  - this is best discussed with your Splunk Sales Representative - you should have the Splunk  contacts within your organisation. 
I have installed splunk es app and uploaded botsv1.stream_http.json (https://github.com/splunk/attack_data) but incident_review and ess_security_posture is not hitting any event how do I ma... See more...
I have installed splunk es app and uploaded botsv1.stream_http.json (https://github.com/splunk/attack_data) but incident_review and ess_security_posture is not hitting any event how do I make splunk es to check my uploaded logs and generate a list of alerts like below. Please note that I am not checking the logs forwarded by agent, but the log files uploaded on the browser side thank you
Good day @Venkata.Vadlamani hope you well, Did you ever manage to get the monitoring right with Fargate? I need to install the same on containers and also have a java and .net agents. Please adv... See more...
Good day @Venkata.Vadlamani hope you well, Did you ever manage to get the monitoring right with Fargate? I need to install the same on containers and also have a java and .net agents. Please adviae? regards. Shane. 
Hi,  Our Company is using Splunk Enterprise with 600GB/day for out SOC, and now we would lịke to use this license to extend for our new Private Cloud Managed SOC. Is it possible and legal with Splun... See more...
Hi,  Our Company is using Splunk Enterprise with 600GB/day for out SOC, and now we would lịke to use this license to extend for our new Private Cloud Managed SOC. Is it possible and legal with Splunk license term?
Try something along these lines: Have the "button" set a token, e.g. "add_comment" Have a (hidden) search which is dependent on the token e.g. "| eval _active="$add_comment$" Update the lookup in... See more...
Try something along these lines: Have the "button" set a token, e.g. "add_comment" Have a (hidden) search which is dependent on the token e.g. "| eval _active="$add_comment$" Update the lookup in the (hidden) search (using the text box token) In the <done> handler of the search, unset the "add_comment" token The idea is that the (hidden) search is executed whenever the add_comment token is not null, and it resets the token to null when the search is complete (ready for the next time).
Hi @hohyuon , good for you, see next time! let us know if we can help you more, or, please, accept one answer for the other people of Community. Ciao and happy splunking Giuseppe P.S.: Karma Poi... See more...
Hi @hohyuon , good for you, see next time! let us know if we can help you more, or, please, accept one answer for the other people of Community. Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated by all the contributors
Hi @P47R14RCH  even i'm facing the same issue, did you find any solution?
Hi all I am trying to add a text box and a button to a visualisation as a way a adding a 'commentary' on the chart. For example, if the chart shows something unusual, I'd like to be able to enter a ... See more...
Hi all I am trying to add a text box and a button to a visualisation as a way a adding a 'commentary' on the chart. For example, if the chart shows something unusual, I'd like to be able to enter a reason in the text box e.g. 'Some figures for this month are missing', then click the button and the current date and that comment from the box would be added to the lookup. I do currently have a solution of sorts but it's very clunky as it involves setting a token in a text box and then a html button which opens a URL but the URL is actually the search (search?q=%7Cmakresults%0A%7Ceval%20Date%3D...). This results in a new tab being opened and the
What is it you are trying to do? What is the "' or 1=1; --" supposed to be doing? Please share some anonymised representative events so we can see what you are dealing with (amazingly, we don't have ... See more...
What is it you are trying to do? What is the "' or 1=1; --" supposed to be doing? Please share some anonymised representative events so we can see what you are dealing with (amazingly, we don't have access to your systems or your data!)
OK That's funny! ChatGPT! No wonder you still have issues! 
Do you mean something like this: <row> <panel depends="$stayhidden$"> <html> <style> div[id="states"] tr[data-view$="ResultsTableRow"] td:nth-child(2) { ... See more...
Do you mean something like this: <row> <panel depends="$stayhidden$"> <html> <style> div[id="states"] tr[data-view$="ResultsTableRow"] td:nth-child(2) { display: flex !important; } div[id="states"] tr[data-view$="ResultsTableRow"] td:nth-child(2) .multivalue-subcell { padding-left: 4px; padding-right: 4px; margin-left: 4px; margin-right: 4px; border: 2px solid white !important; border-radius: 8px !important; color: white !important; box-shadow: inset 0 0 3px 0 rgba(0,0,0,.4), inset 0 0 3px 5px rgba(0,0,0,.05), inset 2px 3px 4px 0 rgba(255,255,255,.6), 2px 2px 4px 0 rgba(0,0,0,.25) !important; } div[id="states"] tr[data-view$="ResultsTableRow"] td:nth-child(2) .multivalue-subcell:hover { box-shadow: inset 0 0 3px 0 rgba(0,0,0,.4), inset 0 0 3px 5px rgba(0,0,0,.05), inset 2px 3px 4px 0 rgba(255,255,255,.6), 0 12px 16px 0 rgba(0,0,0,0.24), 0 17px 50px 0 rgba(0,0,0,0.19) !important; transform: translateY(-1px) !important; } div[id="states"] tr[data-view$="ResultsTableRow"] td:nth-child(2) .multivalue-subcell:active { box-shadow: inset 0 0 3px 0 rgba(0,0,0,.4), inset 0 0 3px 5px rgba(0,0,0,.05), inset 2px 3px 4px 0 rgba(255,255,255,.6), 0 8px 16px 0 rgba(0,0,0,0.24), 0 13px 50px 0 rgba(0,0,0,0.19) !important; transform: translateY(2px) !important; } div[id="states"] tr[data-view$="ResultsTableRow"] td:nth-child(2) .multivalue-subcell { background-color: yellow !important; color: black !important; } div[id="states"] tr[data-view$="ResultsTableRow"] td:nth-child(2) .multivalue-subcell[data-mv-index="0"] { display: none !important; } </style> </html> </panel> <panel> <table id="states"> <title>States $state$</title> <search> <query>| makeresults count=10 | eval event=random() % 3 | eval state=mvindex(split("ACTIVE,SLEEP,DEAD",","),random() % 3) | stats values(state) as state by event | eval state=mvappend("extra",state)</query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <option name="drilldown">row</option> <drilldown> <eval token="state">$click.value2$</eval> </drilldown> </table> </panel> </row>