All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Hello @dood9999, Would you be able to elaborate the question in detail along with few screenshots?
This is a pretty old post but were you ever able to figure out a solution to this? I am currently exploring these options with a custom adaptive response.   Thanks!
Hi Guys, Thanks in Advance, I have a task that  I need to pass parameter to splunk  from external website. And i already have dashboard .So based on correlationId we need to populate the result in ... See more...
Hi Guys, Thanks in Advance, I have a task that  I need to pass parameter to splunk  from external website. And i already have dashboard .So based on correlationId we need to populate the result in splunk.How to pass parameters from external website to splunk 
Hello @Patrycja_K_ typically, server.conf and web.conf file is for below -  server.conf: This file contains configurations related to the Splunk server, such as network settings, authentication ... See more...
Hello @Patrycja_K_ typically, server.conf and web.conf file is for below -  server.conf: This file contains configurations related to the Splunk server, such as network settings, authentication settings etc. You typically only need to manage this file on the cluster master. web.conf: This file contains configurations for the Splunk Web interface, such as UI settings, SSL settings, and HTTP server settings. Similarly, you typically manage this file on the cluster master. Can you please share if you have any specific question about server.conf and web.conf files?
Hello @sushraw, Can you please share sample events in order to create the regex? Sample event along with the field value that you want to extract.
Yes, this was it.  The filter wasn't able to deal with the multiple levels in my data. I ended up replacing the filter with a code block that ran the same conditional statement and saved the positiv... See more...
Yes, this was it.  The filter wasn't able to deal with the multiple levels in my data. I ended up replacing the filter with a code block that ran the same conditional statement and saved the positive matches to a new list (or, in my case, 5 lists for the 5 fields I needed).  Then I fed those lists into the format block instead. Thanks for the help!
Just to clarify, the depends attribute works on the presence / absence of a token having a non-null value, not on a specific value of the token. Without the rest of the dashboard, it is not clear whe... See more...
Just to clarify, the depends attribute works on the presence / absence of a token having a non-null value, not on a specific value of the token. Without the rest of the dashboard, it is not clear whether you are using tokens in this way.
Hello all, can someone help me to to extract field 'CmdSet' from cisco ISE accouting logs. string : '[ CmdAV=show CmdArgAV=license CmdArgAV=usage CmdArgAV=<cr> ]'
Hi @sajo.sam, Can you check out the replies to this post and see if this helps: https://community.appdynamics.com/t5/Infrastructure-Server-Network/Kubernetes-cluster-agent-can-not-connect-404/m-p/4... See more...
Hi @sajo.sam, Can you check out the replies to this post and see if this helps: https://community.appdynamics.com/t5/Infrastructure-Server-Network/Kubernetes-cluster-agent-can-not-connect-404/m-p/43062
i have a file with CRT extension from the third party. I am trying to convert the file into PEM but unable to get it done. there were various steps we performed but unable to get it converted. Please... See more...
i have a file with CRT extension from the third party. I am trying to convert the file into PEM but unable to get it done. there were various steps we performed but unable to get it converted. Please suggest.
we are using 9.0.4
Hi Everyone I have had confirmation back from Splunk: Dashboards team have confirmed that this is an expected behavior and it's a known limitation. I've added as a Feature Request
Hi @Felipe.Windmoller, It seems the community was not able to jump in and help. Did you happen to find a solution or workaround you can share? 
Hi @Osama.Abbas, Thanks for letting me know. I'm still working with the Docs team to see if we can get any information on that Docs page clarified. 
Hola gracias por la respuesta, son eventos de seguridad como eventos de Windows y eventos de equipos perimetrales, ¿necesitamos pasar de elastic para obtener los datos a splunk o reenviar los datos ... See more...
Hola gracias por la respuesta, son eventos de seguridad como eventos de Windows y eventos de equipos perimetrales, ¿necesitamos pasar de elastic para obtener los datos a splunk o reenviar los datos de splunk a elastic, es posible visualizar más datos que el que está indexado? Y si no es posible sería ver mis eventos que se muestran en splunk para verlos en elástico.
I would like to ask about the server.conf and web.conf configuration files. how to place them in a clustered environment where there are 3 indexers and the cluster master stands alone? thanks for th... See more...
I would like to ask about the server.conf and web.conf configuration files. how to place them in a clustered environment where there are 3 indexers and the cluster master stands alone? thanks for the answers.
Assuming you have CLI access, it's easy to do by editing .conf files. Create the new app directory $SPLUNK_HOME/etc/apps/<new app>/default Edit $SPLUNK_HOME/etc/apps/search/local/*.conf Move your... See more...
Assuming you have CLI access, it's easy to do by editing .conf files. Create the new app directory $SPLUNK_HOME/etc/apps/<new app>/default Edit $SPLUNK_HOME/etc/apps/search/local/*.conf Move your custom stanzas from the search app to the corresponding file in the new app. Create the new app directory $SPLUNK_HOME/etc/apps/<new app>/metadata Edit $SPLUNK_HOME/etc/apps/search/metadata/local.meta Move your custom stanzas from the search app to the default.meta file in the new app. Restart the SH and test your KOs. Package the new app and upload it to Splunk Cloud.
You can get cleaner results by adding a table. |rest /services/search/jobs | search eventSorting=realtime | table label, author, dispatchState, eai:acl.owner, label, isRealTimeSearch, perf... See more...
You can get cleaner results by adding a table. |rest /services/search/jobs | search eventSorting=realtime | table label, author, dispatchState, eai:acl.owner, label, isRealTimeSearch, performance.dispatch.stream.local.duration_secs, runDuration, splunk_server, title
| streamstats count as row | eval group=floor((row - 1) / 6) | sort 0 group S_no | fields - group row
Done, Can you please below search in Splunk and confirm if this is something you want -  | makeresults | eval data="aaa,1 ccc,3 bbb,2 ddd,4 eee,5 fff,6 ggg,1 iii,3 hhh,2 jjj,4 kkk,5 lll,6 mmm,1 ooo... See more...
Done, Can you please below search in Splunk and confirm if this is something you want -  | makeresults | eval data="aaa,1 ccc,3 bbb,2 ddd,4 eee,5 fff,6 ggg,1 iii,3 hhh,2 jjj,4 kkk,5 lll,6 mmm,1 ooo,3 nnn,2 ppp,4 qqq,5 rrr,6" | makemv data delim=" " | mvexpand data | rex field=data "(?<Name>\w+),(?<S_no>\d+)" | streamstats count as row_num | eval GroupNum = floor((row_num - 1) / 6) | sort GroupNum S_no | fields - _time data row_num GroupNum Output -      Please accept the solution and hit Karma, if this helps!