All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Does anyone know how this will integrate with "Private" channels in Slack? https://splunkbase.splunk.com/app/5846
In that case, you can download the app from Splunkbase and run the python script on a test server and update the csv file on the production server in the above mentioned location.    Otherwise as m... See more...
In that case, you can download the app from Splunkbase and run the python script on a test server and update the csv file on the production server in the above mentioned location.    Otherwise as mentioned in the following document, the scan will run only with the packages shipped - https://docs.splunk.com/Documentation/Splunk/9.2.1/UpgradeReadiness/Scan#Disable_app_list_updates   Thanks, Tejas.
Its working giving proper results only red color is coming on every time
Thank you!  This was exactly what I was looking for.  Much easier than trying to use eventstats
Yes, it is! Thank you so much! I truly appreciate this! 
I found an answer for this. If you check out openssl.org, the version is not actually EOL for PREMIUM customers, which Splunk is. An annotation in the findings checklist should suffice. Hope that he... See more...
I found an answer for this. If you check out openssl.org, the version is not actually EOL for PREMIUM customers, which Splunk is. An annotation in the findings checklist should suffice. Hope that helps.
Thank you for the reply ! Unfortunately, app upgrade did not help and the deployment does not have an internet connection. Is there a way to fabricate the .csv ?
Yeah, the scanner is now primarily complaining about OpenSSL 1.0.2 being EOL (OpenSSL SEoL (1.0.2.x)), which also then means there are associated CVEs. $ /opt/splunk/bin/splunk cmd openssl version ... See more...
Yeah, the scanner is now primarily complaining about OpenSSL 1.0.2 being EOL (OpenSSL SEoL (1.0.2.x)), which also then means there are associated CVEs. $ /opt/splunk/bin/splunk cmd openssl version OpenSSL 1.0.2zi-fips 1 Aug 2023 So this is clearly an outdated version of OpenSSL being shipped with Splunk Enterprise 9.2.0.1 So the question is still valid, why ship splunk with an EOL version of OpenSSL?    
Your email address is your primary identifier for splunk.com account so technically there is no way to change it. That's why - if you have registered with a company address and then change jobs - you... See more...
Your email address is your primary identifier for splunk.com account so technically there is no way to change it. That's why - if you have registered with a company address and then change jobs - you  have to create a new account and contact Splunk to transfer your certifications between accounts. There might be a possibility of transfering other content between accounts but it's a relatively unlikely case.
Hi @karthi2809, Yes, you can pass a token to a search based on DataModels or Summary Indexes. Both of them don't consume license. Ciao. Giuseppe
I don't have an account on the partner portal. I will try support@splunk.com again. I will keep this post updated if I hear anything back.
Hi @gcusello  Thanks for the reply. Actually i want to improve my dashboard performance. So i try to convert as report. But as you said its static. So if i use summary index or data model we can p... See more...
Hi @gcusello  Thanks for the reply. Actually i want to improve my dashboard performance. So i try to convert as report. But as you said its static. So if i use summary index or data model we can pass token ?any sample data model .And both will consume license right?
Hi @whrg , we are a Splunk Partner and I have an account on Partner Portal. Otherwise, you can send an email to support@splunk.com. Ciao. Giuseppe
Hello @gcusello, How exactly did you open this case with Support?
Hi @karthi2809, for my knowledge, reports are static objects and you cannot pass a token to a report. Why do you want to do this? if it's to accelerate searches, use other methods as Data_nodels o... See more...
Hi @karthi2809, for my knowledge, reports are static objects and you cannot pass a token to a report. Why do you want to do this? if it's to accelerate searches, use other methods as Data_nodels or Summary indexes. Ciao. giuseppe
Hi @whrg, probably you saw my answer because I opened a non technical case to Splunk Support and they solved my issue. Try again with Support. Ciao. Giuseppe
Try something like this <colorPalette type="expression">if(tonumber(strftime(value,"%H")) == 6 OR tonumber(strftime(value,"%H")) == 11 OR tonumber(strftime(value,"%H")) == 18 OR (tonumber(strftime(... See more...
Try something like this <colorPalette type="expression">if(tonumber(strftime(value,"%H")) == 6 OR tonumber(strftime(value,"%H")) == 11 OR tonumber(strftime(value,"%H")) == 18 OR (tonumber(strftime(value,"%H")) == 21 AND tonumber(strftime(value,"%M")) < 35), "#A2CC3E", "#F58F39")</colorPalette>
Like the title says, I want to change the email address of my splunk.com account. Logging into splunk.com and navigating to My Dashboard, it is only possible to change the password but not the email ... See more...
Like the title says, I want to change the email address of my splunk.com account. Logging into splunk.com and navigating to My Dashboard, it is only possible to change the password but not the email address. There are older forum posts which suggest to contact Splunk support. I wrote several emails but received no help. For any other website, changing the email address is a matter of seconds. Why is there no such option for splunk.com?
Hi All, I have a Splunk dashboard with dynamic token, Here a simplified example of my setup. In the dashboard $new_value$ and $env$  are dynamic token that user can select. I want to convert this pa... See more...
Hi All, I have a Splunk dashboard with dynamic token, Here a simplified example of my setup. In the dashboard $new_value$ and $env$  are dynamic token that user can select. I want to convert this panel into report that can accommodate these dynamic values. Could you guide me how to achieve this ?.I need to understand. Any details steps or examples would be greatly appreciated. Base Query: index=Test environment=$env$ applicationName=$new_value$ | stats values(content.InterfaceName) as InterfaceName values(content.payload) as payloadFile values(content.ErrorMsg) as errormsg values(content.Error) as error BY applicationName,correlationId | table Status Timestamp InterfaceName ApplicationName CorrelationId | search interfaceName=$new_interface$ Panel Query with dynamic tokens: <search base="BankSearch"> <query>| where Status LIKE ("$countStatus$")|sort -Timestamp</query></search>  
Thank you so much! this is actually solve the issue, i though it could be permissions issue with the virtual account and tried even domain admin but nothing was change. with local admin user running ... See more...
Thank you so much! this is actually solve the issue, i though it could be permissions issue with the virtual account and tried even domain admin but nothing was change. with local admin user running the service it's start working. Edit: it is actually work but not through the sysmon app so i am getting pretty ugly format of sysmon. will keep investigate it. thank you again