All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

I have requirement and am not sure if i can achieve this through this method. For example if i create an Search whihc is not logging or down, and can i create a run a custom script to check by telnet... See more...
I have requirement and am not sure if i can achieve this through this method. For example if i create an Search whihc is not logging or down, and can i create a run a custom script to check by telnetting or ping for the results came from search? Is this possible? How i can pass the values of the hostnames to the script?
The main question is whether you don't know how to use API to perform searches in which case you should star with https://docs.splunk.com/Documentation/Splunk/9.2.1/RESTREF/RESTprolog or whether you ... See more...
The main question is whether you don't know how to use API to perform searches in which case you should star with https://docs.splunk.com/Documentation/Splunk/9.2.1/RESTREF/RESTprolog or whether you don't know how to use podman correctly - this is out of scope of this forum but maybe someone with experience with this tool can give a hint or two.
Hi, my issue got resolved. It's weird but I have tried changing different "Visualization Type" and to my surprise Line chart suddenly started populating graphs for all the options I have selected in ... See more...
Hi, my issue got resolved. It's weird but I have tried changing different "Visualization Type" and to my surprise Line chart suddenly started populating graphs for all the options I have selected in the dropdown.  
We have done the all configuration agent is up but after Dr drill activity agent is not starting facing above issue agent jar loaded but fail to intialize
There are different REST endpoints for Splunk to start or retrieve searches. Some will start a search and return a search ID, others will retrieve results from a previous search job. Probably the mo... See more...
There are different REST endpoints for Splunk to start or retrieve searches. Some will start a search and return a search ID, others will retrieve results from a previous search job. Probably the most straightforward is the /jobs/export one, which starts a job and returns results, though this will take time for the started search to complete. An example request for this endpoint would be: curl -k -u <user_in_splunk> https://<yoursplunkhost>:8089/services/search/v2/jobs/export -d search="<yoursplsearch>" E.g. curl -k -u svc_aas -d search="search index=aas sourcetype=syslog" https://splunk-prod-api.internal.xxxx.com:8089/services/search/v2/jobs/export Note that this curl request will request a password for the splunk user. There may be functionality in postman to supply this password.
@aiguofer can you share the complete script and all the required libraries to successfully execute this script. Any help is greatly appreciated. 
Change the definition of the macro to not be an eval macro by unchecking the "Use eval-based definition" box.  Eval-based definitions are for macros that return a string value.  The fileinfo macro re... See more...
Change the definition of the macro to not be an eval macro by unchecking the "Use eval-based definition" box.  Eval-based definitions are for macros that return a string value.  The fileinfo macro returns a result set so is not an eval.
If you are trying to find the alerts coming from Microsoft Defender for Identity, you can gather the alerts via the MS Graph Plugin found here: https://splunkbase.splunk.com/app/4564#Configuring-Mic... See more...
If you are trying to find the alerts coming from Microsoft Defender for Identity, you can gather the alerts via the MS Graph Plugin found here: https://splunkbase.splunk.com/app/4564#Configuring-Microsoft-Graph-Security-data-inputs    
Your initial search (as it stands) doesn't appear to be able to pick up these events. Please can you clarify your events and search
Taking a Udemy Splunk introductory course module about macros. The string works fine in Search, but not as a macro named fileinfo - get the above error.  index=web | eval megabytes=bytes/1024/10... See more...
Taking a Udemy Splunk introductory course module about macros. The string works fine in Search, but not as a macro named fileinfo - get the above error.  index=web | eval megabytes=bytes/1024/1024 | stats sum(megabytes) as "Megs" by file | sort – Megs  
Hi! I know I'm late but I've always wondered this as well... From the Components and their relationship with the network section of the Inherit a Splunk Enterprise Deployment documentation, this is l... See more...
Hi! I know I'm late but I've always wondered this as well... From the Components and their relationship with the network section of the Inherit a Splunk Enterprise Deployment documentation, this is loopback communication, meaning you won't need to open any ports. Splunk is talking to the local KV Store database (mongod). If I run an lsof for open ports, I see the following all occurring over the loopback interface (8065 shows a similar result, only showing Python as the listening service):  
Attempting to address an issue where some of my org's larger playbooks refuse to load in the SOAR playbook editor . Support as usual disappoints by throwing their hands up in the air referencing "Bes... See more...
Attempting to address an issue where some of my org's larger playbooks refuse to load in the SOAR playbook editor . Support as usual disappoints by throwing their hands up in the air referencing "Best Practices" and demanding we reduce the size of our playbooks. When I ask them to back their position by asking for documentation there is none. We're finding ourselves having to disable automations and workflows simply because we can't even load these workflows in the editor to perform routine fixes. Even after escalating to our account team, we're still getting the "reduce the size of your playbooks answer". Their workaround for not being able to load the playbook in the current version to rewrite them is to to rebuild a SOAR enviornment in 5.x so we can make these edits 🤬. Has anyone else experienced this? Is the only resolution rewriting playbooks to break them up? Version 6.1 Attempted the newest release, in a lab, no improvement.
Thanks..... Worked like a charm.
So we have to create two different drop down list for each path and show/hide can be used?
I already have the Salesforce add-on for Splunk. Does Salesforce have an email source that I can tap on to get those emails? Has anyone done it successfully?
Hi @Sagar.Nalawade, Please have a read of these AppD Docs pages https://docs.appdynamics.com/appd/onprem/24.x/24.3/en/events-service-deployment/events-service-requirements https://docs.appdyn... See more...
Hi @Sagar.Nalawade, Please have a read of these AppD Docs pages https://docs.appdynamics.com/appd/onprem/24.x/24.3/en/events-service-deployment/events-service-requirements https://docs.appdynamics.com/appd/onprem/24.x/24.3/en/events-service-deployment Let me know if these help you out.
Multiple events i sent for three correlationId 43b856a1,19554d60,9a1219f2
Tried changing to different base search and it did not work.  My dashboard has other graphs too so changing to classic is big task, but will sure give a try, Thank you!
Hi @sajo.sam, I found this TKB article. Please check it out and see if it helps. https://community.appdynamics.com/t5/Knowledge-Base/How-do-I-debug-common-Linux-Private-Synthetic-Agent-issues/ta-p... See more...
Hi @sajo.sam, I found this TKB article. Please check it out and see if it helps. https://community.appdynamics.com/t5/Knowledge-Base/How-do-I-debug-common-Linux-Private-Synthetic-Agent-issues/ta-p/51547
Hi @Jerg.Weick, I've shared this with the PM, and it's being investigated whether it's a bug. I will report back here when I have any new information. ^ Posted was edited by @Ryan.Paredez to corr... See more...
Hi @Jerg.Weick, I've shared this with the PM, and it's being investigated whether it's a bug. I will report back here when I have any new information. ^ Posted was edited by @Ryan.Paredez to correct my initial reply.