All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

How is the data being onboarded?  IOW, what is the method for getting the events to Splunk? -- Have installed the universal forwarder and added monitor stanza in it. and then uf will send the logs t... See more...
How is the data being onboarded?  IOW, what is the method for getting the events to Splunk? -- Have installed the universal forwarder and added monitor stanza in it. and then uf will send the logs to intermediate fwd and then to indexer Are there any errors in the logs? There is no error even in debug mode How have you determined the events are not indexed? The index newly created and there is no events found in it.  Have verified the log event timestamp and searched the events in search head at same time
We have installed the universal forwarder and the events are forwarded to intermediate forwarder from the splunk uf and then it sent to indexer. But i could the host internal logs are being ingested... See more...
We have installed the universal forwarder and the events are forwarded to intermediate forwarder from the splunk uf and then it sent to indexer. But i could the host internal logs are being ingested into splunk. Only the file is not getting monitored
Hi, I'm looking for my next role and wanted to reach out to the community for guidance on where to look for roles that use AppDynamics as I would love to continue working with this amazing technology... See more...
Hi, I'm looking for my next role and wanted to reach out to the community for guidance on where to look for roles that use AppDynamics as I would love to continue working with this amazing technology and helping improve online experiences Thanks Sunil
Hi @gcusello  Thanks, however actual issue is fields duplication. Please find the attached screenshot and you will see some fields contains duplicate values (cid, cluster, container_id, container_na... See more...
Hi @gcusello  Thanks, however actual issue is fields duplication. Please find the attached screenshot and you will see some fields contains duplicate values (cid, cluster, container_id, container_name etc).  I'd like to understand why they are showing 2 values instead of one. 
In a Dashboard Studio: I applied drilldown to one of the standard icons and linked to another dashboard. The goal is to view the linked dashboard upon clicking on the icon, and it works. However, p... See more...
In a Dashboard Studio: I applied drilldown to one of the standard icons and linked to another dashboard. The goal is to view the linked dashboard upon clicking on the icon, and it works. However, people get distracted when they place mouse upon the icon and the export and Full screen icons pump up. Is there a way to disable this default unneeded functionality so nothings pumps up on mouse hovering over an icon ?   @elizabethl_splu 
Hi @Kaushaas, clicking on the Edit option for your dashboard, you can choose the "Edit Permissions" choice to edit the permissions to access your dashboard and all your Knowledge Objects. Ciao. Gi... See more...
Hi @Kaushaas, clicking on the Edit option for your dashboard, you can choose the "Edit Permissions" choice to edit the permissions to access your dashboard and all your Knowledge Objects. Ciao. Giuseppe
I am not seeing option to make my dashboard public or shared please guide 
Interesting that you didn't do exactly as I suggested, but this should also work. What exactly is not working?
Hi @venkatasri    Do you have query for to check health alerts using Splunk App for SOAR. Kindly help me on this   Regards, Harisha
Hey @tejasode , To check why the app console is currently not opening, it should be better to check splunkd.log and web_service.log. Apart from that for alternative solution, as I mentioned #3757 (S... See more...
Hey @tejasode , To check why the app console is currently not opening, it should be better to check splunkd.log and web_service.log. Apart from that for alternative solution, as I mentioned #3757 (Splunk Add-on for Microsoft Azure) has inputs to collect data from Azure Security Center.  Additionally, if you're able to stream the CAS logs to eventhub, you can also go for configuring #3110 (Splunk Add-on for Microsoft Cloudservices) inputs. It is also a supported add-on and is CIM compliant as well.  Thanks, Tejas.
Hello @Santosh2 , There's a bit of typo in the search command for using the selected site token. You've typed seach instead of search. Also, if you're using search command, you need to filter it on ... See more...
Hello @Santosh2 , There's a bit of typo in the search command for using the selected site token. You've typed seach instead of search. Also, if you're using search command, you need to filter it on the basis of key value search. Host specific dropdown should look like this: | makeresults | eval site="BDC", host="jboss.cloud.com" | fields site host | append [| makeresults | eval site="BDC", host="ulkoy.cloud.com" | fields site host] | append [| makeresults | eval site="BDC", host="ualki.cloud.com" | fields site host] | append [| makeresults | eval site="BDC", host="hyjki.cloud.com" | fields site host] | append [| makeresults | eval site="SOC", host="uiy67.cloud.com" | fields site host] | append [| makeresults | eval site="SOC", host="7hy56.cloud.com" | fields site host] | append [| makeresults | eval site="SOC", host="ju5e.cloud.com" | fields site host] | append [| makeresults | eval site="SOC", host="mjut.cloud.com" | fields site host] | search site="$site$" | dedup host | sort host | table host   Thanks, Tejas.   --- If the above solution helps an upvote is appreciated.
Hi @splunky_diamond , good for you, see next time! Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated
Hi @yoongchean It might be because makeresults generates the _time field, which Splunk automatically puts on the x axis when no chart options are specified. Try simply removing the _time field with  ... See more...
Hi @yoongchean It might be because makeresults generates the _time field, which Splunk automatically puts on the x axis when no chart options are specified. Try simply removing the _time field with  | fields - _time
Hello @gcusello  Update: it actually did work! I just got new notable generated and the field value passed successfully! Thank you very much! 
Hi @KendallW  yes, that's exactly right. _time is one of the columns in a lookup file. And I want to choose the _time range from Lookup file using the time picker in Splunk dashboard. 
Hi @PB Could you please share your dashboard's XML? If I understand correctly, you want to pick a time range using Splunk's time picker on the dashboard, then have data from the CSV (lookup?) file... See more...
Hi @PB Could you please share your dashboard's XML? If I understand correctly, you want to pick a time range using Splunk's time picker on the dashboard, then have data from the CSV (lookup?) file returned by a search where the _time column in the CSV falls within the range specified in the time picker?
Hi @Yashvik , events are the ones you have, if you don't want duplicated events also in the Events tab use the dedup command (https://docs.splunk.com/Documentation/SCS/current/SearchReference/DedupC... See more...
Hi @Yashvik , events are the ones you have, if you don't want duplicated events also in the Events tab use the dedup command (https://docs.splunk.com/Documentation/SCS/current/SearchReference/DedupCommandOverview) to remome the duplicated ones. Ciao. Giuseppe
Hi @dallison , as @richgalloway said, Splunk License Master doesn't distribute licenses, but the other server connect to it to use the license. About your error: did you opened the port 8089 routes... See more...
Hi @dallison , as @richgalloway said, Splunk License Master doesn't distribute licenses, but the other server connect to it to use the license. About your error: did you opened the port 8089 routes between the License Master and the other servers? You can check this using telnet. Ciao. Giuseppe
Hi @gcusello  Thanks for the reply. using stats helps in removing the duplicate values in "statistics" tab.  However, the duplicate fields are still appearing in "Events" tab.  I don't understand ho... See more...
Hi @gcusello  Thanks for the reply. using stats helps in removing the duplicate values in "statistics" tab.  However, the duplicate fields are still appearing in "Events" tab.  I don't understand how it's happening. Ps. Due to unknown reasons I can't attach images.
Hi @jkamdar , as described in the url youshared, there are some infrastructura requirements (OS) and configuration requirement (described in the page). What is unclear? I think that it's fully des... See more...
Hi @jkamdar , as described in the url youshared, there are some infrastructura requirements (OS) and configuration requirement (described in the page). What is unclear? I think that it's fully described. Ciao. Giuseppe