Hi, I have a problem excluding or including only entries that contain specific String values in the msg field. For example, there are two (maybe more) definite String values contained in the msg fie...
See more...
Hi, I have a problem excluding or including only entries that contain specific String values in the msg field. For example, there are two (maybe more) definite String values contained in the msg field: 1. "GET /ecc/v1/content/preLoginBanners HTTP/1.0" 2. "GET /ecc/v1/content/category/LegalTerms HTTP/1.0" I need 3 statements like the following: 1. Include ONLY 1 above in the msg field. 2. Include ONLY 2 above in the msg field. 3. Exclude 1 and 2 above to determine if there are more unknown values in the msg field. I imagine I will be using thistype of logic more on other output fields as time goes on. I am new to this and I am using the XML-based AdHoc Search input/output form. Any help is greatly appreciated!
Hello, I am trying to find a command that will allow me to create a table and only display values. when using the user agent field in my table, there are some values that are null. I only want value...
See more...
Hello, I am trying to find a command that will allow me to create a table and only display values. when using the user agent field in my table, there are some values that are null. I only want values to display.
The datetime_udp.xml file doesn't exist on the indexer(s). Double-check the add-on. Consider re-installing it. If it's still a problem, contact Splunk Cloud support or the add-on vendor.
Hi @isoutamo and others, There is some additional information about the vulnerabilities posted above. We are utilizing docker splunk for our docker http event collector, so that we can send logs fro...
See more...
Hi @isoutamo and others, There is some additional information about the vulnerabilities posted above. We are utilizing docker splunk for our docker http event collector, so that we can send logs from our Kubernetes clusters to splunk Within that docker image, we are pulling in [1] 8.2.5 or [2] 9.0.5. We use twistlock to report vulnerabilities from our image and all of those vulnerabilities are being pulled from the docker splunk image tags mentioned below. We were wondering is there a process for Splunk to fix those vulnerabilities that were mentioned? If there is a process, can you take us through how that process works? Thanks and we look forward to talking with you. [1] https://github.com/splunk/docker-splunk/tree/8.2.5 [2] https://github.com/splunk/docker-splunk/tree/9.0.5
Hello @hyeji , have you been able to evolve this issue? I'm also having the same problem, obviously, I'm trying to run this add-on on version 9.2 of Splunk, I applied python future to the code and m...
See more...
Hello @hyeji , have you been able to evolve this issue? I'm also having the same problem, obviously, I'm trying to run this add-on on version 9.2 of Splunk, I applied python future to the code and managed to overcome several compatibility issues between python 2 and 3, but I still couldn't run the add-on. If you have any status of this you will be very welcome.
Hi, I have seen a aggregration issue for one of my source type cisco, how can I fix this issue in my splunk cloud ? 12-06-2023 17:42:27.004 +0000 ERROR AggregatorMiningProcessor [82698 merging_0...
See more...
Hi, I have seen a aggregration issue for one of my source type cisco, how can I fix this issue in my splunk cloud ? 12-06-2023 17:42:27.004 +0000 ERROR AggregatorMiningProcessor [82698 merging_0] - Uncaught exception in Aggregator, skipping an event: Can't open DateParser XML configuration file "/opt/splunk/etc/peer-apps/Splunk_TA_cisco-ise/default/datetime_udp.xml": No such file or directory - data_source="/syslog/nac/ise.log", data_host="ise-xx", data_sourcetype="cisco:ise:syslog" Thanks...
I think you may have been told this before but if you want a time element in your visualisation, it needs to be in your results table. Your search is removing the _time field (or not including it). Y...
See more...
I think you may have been told this before but if you want a time element in your visualisation, it needs to be in your results table. Your search is removing the _time field (or not including it). You need to rework your search accordingly.
Is there any mechanism to monitor a salesforce URL beyond single sign on. We try to setup using Splunk website monitoring. this app directly monitoring single sign on page and not actual page. Please...
See more...
Is there any mechanism to monitor a salesforce URL beyond single sign on. We try to setup using Splunk website monitoring. this app directly monitoring single sign on page and not actual page. Please suggest a method to monitor an URL beyond single sign on. Thanks.
For example: If "fieldX" has many possible values(ex. 1 2 3 4 a b c d ...) we want to have Splunk send an alert email whenever any of these values are seen more than 10 times in 60mins. Does anyo...
See more...
For example: If "fieldX" has many possible values(ex. 1 2 3 4 a b c d ...) we want to have Splunk send an alert email whenever any of these values are seen more than 10 times in 60mins. Does anyone know a search that will work for this? Thanks in advance!
Do you need to return output from one section of a chain search to another, like when writing a function in a programming language I've assumed that a chained search would, as a user, act in a simil...
See more...
Do you need to return output from one section of a chain search to another, like when writing a function in a programming language I've assumed that a chained search would, as a user, act in a similar fashion to concatenating both searches, but with a really DRY efficiency - so superb use for dashboarding as often the material being presented shared a common subject. There are certain queries I am running that break when used in a chained order - am I missing some kind of return function needed?