Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
All Posts
Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- All Posts
All Posts
12-11-2023
07:15 AM
Thanks a lot
12-11-2023
07:11 AM
HI, (excuse me, my english is not so good) i'm trying use curl on Splunkcloud but doesnt work, i'm receiving timeout. If i try curl via cmd on my computer or splunk forwader using the same command i ...
See more...
HI, (excuse me, my english is not so good) i'm trying use curl on Splunkcloud but doesnt work, i'm receiving timeout. If i try curl via cmd on my computer or splunk forwader using the same command i have success but splunk Cloud i doesnt have success. Command (App webtools):
| curl uri=https://f*****r:7443/api/v2/monitor/system/ha-statistics?access_token=g4****
Error: HTTPSConnectionPool(host='f*****r', port=7443): Max retries exceeded with url: /api/v2/monitor/system/ha-statistics?access_token=g4******* (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f22bfa13210>, 'Connection to fort-01.blu.com.br timed out. (connect timeout=60)'))
Labels
- Labels:
-
search
12-11-2023
07:07 AM
Hi @unionub, in this case, you have to understand who is (in your organization9 the reference for the license, in other word, who received the license. Then, this person, can ask to Splunk to add y...
See more...
Hi @unionub, in this case, you have to understand who is (in your organization9 the reference for the license, in other word, who received the license. Then, this person, can ask to Splunk to add you to the Entitlement, you can have until three emails for this. In the same time, ask to Splunk (or to the reference partner) to check the company registration, because all of your should be associated to the license. Ciao. Giuseppe
12-11-2023
06:58 AM
Thank you. But I think this causes the index go out of the cluster so that we can use clustering features with it. doesn't it?
- Tags:
- .
12-11-2023
06:57 AM
Hello @richgalloway thanks for your quick response, could you upvote this idea then : https://ideas.splunk.com/ideas/EID-I-2153 Best regards.
12-11-2023
06:54 AM
See my updated reply. The last clause of this case function handles non-matches.
12-11-2023
06:46 AM
Hi @gcusello , and thank you for the reply I am the Customer. This (unionub) is the account of Union Bank, Albania, at which I work, and have used it before to create tickets. We have paid reg...
See more...
Hi @gcusello , and thank you for the reply I am the Customer. This (unionub) is the account of Union Bank, Albania, at which I work, and have used it before to create tickets. We have paid regularly. Our local support company is INFIGO at Croatia
12-11-2023
06:32 AM
That log message is informational, not an error, and can be ignored safely. Please post a new question with specifics about your nmon problem.
12-11-2023
06:25 AM
Excellent! Many thanks. is it possible if we make the non-matching of the below files to map "Others". for example, other than file name starts with xyz, ABC, MNP as Others.
12-11-2023
06:08 AM
1 Karma
For each Splunk instance you have, change the manager_uri setting in the [license] stanza of server.conf and restart the instance. For a SHC, this is done via the SHC Deployer. For an indexer clust...
See more...
For each Splunk instance you have, change the manager_uri setting in the [license] stanza of server.conf and restart the instance. For a SHC, this is done via the SHC Deployer. For an indexer cluster, use the Cluster Manager.
12-11-2023
06:00 AM
Hi @unionub, if you want to open a case for a customer you have to be enabled by the customer itself and associated to its Entitlement. If you want to open a case for your Company, you need a NFR l...
See more...
Hi @unionub, if you want to open a case for a customer you have to be enabled by the customer itself and associated to its Entitlement. If you want to open a case for your Company, you need a NFR license. If you haven't any Entitlement means that you haven't none of them and you cannot open a case to Splunk Support. My hint is to ask to the customer to enable you to do this. Ciao. Giuseppe
12-11-2023
05:57 AM
1 Karma
Set repFactor=0 in the indexes.conf stanza of each index you don't want replicated.
12-11-2023
05:54 AM
Hi Cannot create a ticket in official support. Required combo "Select Entitlement" is empty, cannot choose anything, so I cannot continue completing and posting my case. See attached image spl...
See more...
Hi Cannot create a ticket in official support. Required combo "Select Entitlement" is empty, cannot choose anything, so I cannot continue completing and posting my case. See attached image splunk_combo.png This happens with both Mozilla Firefox and Google Chrome - both up to date. Please advise Altin Karaulli UnionBank Albania
12-11-2023
05:52 AM
That won't work as expected. If File is "XYZ_*" then Consumer will be set to "" because of the last eval statement. For instances like this, use the case function. base search
| rex field User...
See more...
That won't work as expected. If File is "XYZ_*" then Consumer will be set to "" because of the last eval statement. For instances like this, use the case function. base search
| rex field User | rex field Folder | rex field File
| eval Consumer = case(match(File, "^xyz"), "Core",
match(File,"^ABC"),"Core",
match(File,"^MNP"),"Non-Core",
1==1,"Others")
| table File Consumer
12-11-2023
04:57 AM
You could do something like this (this assumes you have at least two fields in your lookup, one called eventlevel (to match your event field) and the other call english_eventlevel) | lookup translat...
See more...
You could do something like this (this assumes you have at least two fields in your lookup, one called eventlevel (to match your event field) and the other call english_eventlevel) | lookup translator.csv eventlevel OUTPUT english_eventlevel
| eval eventlevel = coalesce(english_eventlevel, eventlevel) The coalesce ensures that if there isn't a translation, you keep the original eventlevel
12-11-2023
04:52 AM
You could do something like this | inputlookup knownusers.csv
| where NOT user IN ("root", "mail", "apache") Although this might not be classed a filtering using a lookup. Assuming you have a user...
See more...
You could do something like this | inputlookup knownusers.csv
| where NOT user IN ("root", "mail", "apache") Although this might not be classed a filtering using a lookup. Assuming you have a user field in your events, you could filter them like this | lookup knownusers.csv user OUTPUT user AS found_user
| where isnull(found_user)
12-11-2023
04:38 AM
We are testing the log collection from our paloalto firewalls and seem to have come across a snag when trying to monitor the traffic and threat events. We have the PaloAlto addon and app installed an...
See more...
We are testing the log collection from our paloalto firewalls and seem to have come across a snag when trying to monitor the traffic and threat events. We have the PaloAlto addon and app installed and it is working fine as the config and system logs are being processed and added to the dashboard. The datamodel accelaration is on but there is still no data. When using the search bar i have been looking for all logs coming in through port 514 as the logs are being send through udp. (source=udp:514) and i can see the system and config logs there too but no other types. I am starting to feel like the issue is with the palo side but i want to make sure that i am not missing something on the splunk side to. Ive gone through the log forwarding form the palo side several times and if its sending the system and config fine, why not the rest? KR
Labels
- Labels:
-
data
-
modular input
-
source
-
sourcetype
-
syslog
-
Windows
12-11-2023
04:21 AM
From AppDynamics API, do we have any way to associate the process running on the node to the running application? The API sim/v2/user/machines/<server_id>/processes lists all the process running on t...
See more...
From AppDynamics API, do we have any way to associate the process running on the node to the running application? The API sim/v2/user/machines/<server_id>/processes lists all the process running on the node but doesn't expose any relationship with the running application.
12-11-2023
04:06 AM
Hi, I am new at Splunk and I'm following the lab in Enriching Data with Lookups, where I'm requested to exclude a value using the Flter Lookup. I have a Lookup definition based on knonwusers.csv In ...
See more...
Hi, I am new at Splunk and I'm following the lab in Enriching Data with Lookups, where I'm requested to exclude a value using the Flter Lookup. I have a Lookup definition based on knonwusers.csv In the video it doesn't explain or show any example for this specific field. I have tried the following: user NOT (root OR mail OR apache) user <> (root OR mail OR apache) |inputlookup knownusers.csv |eval user NOT (root OR mail OR apache) And nothing is working. Could you please tell me what am I doing wrong?
Labels
- Labels:
-
lookup
