All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

hi @LearningGuy, 1) sorry there was a mistyping ! I wanted to say that the can_delete role isn't usually enabled on production systems, so you have to enable it for your user and disable after del... See more...
hi @LearningGuy, 1) sorry there was a mistyping ! I wanted to say that the can_delete role isn't usually enabled on production systems, so you have to enable it for your user and disable after deleting, dor leave it associated to your role! 2) you generated many events  with your scheduled search: someone to dlete and someother to maintain (I suppose). so, be sure (testing your search) that the results of your search will be only the events to delete then you can run the delete command after your search. can_delete is a stadard Splunk role, that you should be able to associate to your user in [Settings > Users > your_user]. Ciao. Giuseppe
Please provide more information.  Which parts of HIPAA concern you when it comes to integrating Splunk and AWS?  Which AWS services are you integrating with Splunk?  How are you integrating them?
Hello Splunkers   I use the deployer to deploy config apps or add_ons on a search head cluster. This works when I want to deploy a new app or delete an app. I see that the search head cluster initi... See more...
Hello Splunkers   I use the deployer to deploy config apps or add_ons on a search head cluster. This works when I want to deploy a new app or delete an app. I see that the search head cluster initiates a rolling restart after each apply-bundle command on the deployer. But when I modify a file in an app (etc/shcluster/app) and run the apply-bundle command, the modification is not propagated to the cluster. What's wrong?
I don't have access to this app.  I will ask an admin though.
Thanks   yes the search looks strange, but it's the only way out of my problems. If dest_interface=outside the cable to outside interface is connected.  Not sure why, but it's perfect. I have also ... See more...
Thanks   yes the search looks strange, but it's the only way out of my problems. If dest_interface=outside the cable to outside interface is connected.  Not sure why, but it's perfect. I have also tried to use appendcols to combine both graphs without success.  I think I must do more investigation to find out why. Geir
Hi @gcusello, I have not tried delete command   1) Could you please explain what you meant by this command you said previously and provide an example?  "ta the rend disable the can_delete role"... See more...
Hi @gcusello, I have not tried delete command   1) Could you please explain what you meant by this command you said previously and provide an example?  "ta the rend disable the can_delete role" 2) How do create a search to identify the event?  I tried to filter the event generated on a specific hour  based on "_time" field, but it didn't give me result.  3) How do I know if I have can_delete role?   How do I enable it? Thank you so much for your help
Hello.   Not sure if you figured out this issue yet. What I found was that a recent Splunk update moved some js libraries into the quarantined folder due to incompatibility with jQuery 3.5. So far I... See more...
Hello.   Not sure if you figured out this issue yet. What I found was that a recent Splunk update moved some js libraries into the quarantined folder due to incompatibility with jQuery 3.5. So far I haven't seen any other solutions. We actually moved the js and css files into our APPLICATIONS with modifications to the js to adhere to jQuery 3.5.
As I said, the proper way to get rid of old files would be to reduce the limits for the indexes you want to trim and let Splunk roll the buckets to frozen on its own.
You can try appending the second search to the first search Having said that using dc by the same field is only every going to give counts of 1 so your searches seem a little strange.
Anyone can help me to onboard data and metrics from openshift to Splunk Cloud. Forwarding Logs to Splunk Using the OpenShift was not enough to get all the data we need i.e cpu and memory utilization.
I am looking for solution to integrate Splunk with AWS having HIPAA compliance.
Amazing, thanks a lot for your help!
@PickleRick this is our license master and i understand that it supposed to be not indexer any data. So we have some files of 2022 and 2023 so . can we remove these files of 2022?
Hi, I  need an spl to find the threshold for the respective domains. index=ss group="Threat Intelligence" | stats values(attacker_score) as attacker_score by domain eg. admin.com 110 120 ... See more...
Hi, I  need an spl to find the threshold for the respective domains. index=ss group="Threat Intelligence" | stats values(attacker_score) as attacker_score by domain eg. admin.com 110 120 135 145 160 170 185 195 210 220 235 245 270 345 360 370 395 410 420 435 445 45 470 495 520 570 60 645 70 85 920 95 Thanks..
Hi Deepak, You can reach me whenever you need, I don't know if I can share my mail here or not. But you can easily reach me over LinkedIn message further communication. Thanks Cansel
Hi, I have create two different timechart like: Timechart1(cable connection on/off): index=cisco_asa dest_interface=outside | timechart span=10m dc(count) by count   Timechart2(login user listed... See more...
Hi, I have create two different timechart like: Timechart1(cable connection on/off): index=cisco_asa dest_interface=outside | timechart span=10m dc(count) by count   Timechart2(login user listed): host=10.1.1.1 src_sg_info=* | timechart span=10m dc(src_sg_info) by src_sg_info   Individually the display is perfect, but it would be even better if we could combined into one graph with common timestamps.    I search through splunk documents, also tried different setup without success. Hope someone could help me with it  
Hi Ryan, Cansel, Can I please a setup a call to discuss this further? I can't explain without images and sharing screen and its better if we talk in Teams call? Thanks & Regards, Deepak Paste
index=notable| top limit=15 app | fields - percent Use chart overlay to have a second y-axis  
Hello, I have one more begginers question regarding reports and dashboards I am trying to do overview of most used services, I am using this query:   index=notable| top limit=15 app   When I... See more...
Hello, I have one more begginers question regarding reports and dashboards I am trying to do overview of most used services, I am using this query:   index=notable| top limit=15 app   When I put this report into dashboard studio, there are appearing count as well as percentage: I would like to remove percentages completely from the chart. Can you tell me how to do it, please? And one more option just coming to my mind - if I would like to use both - count and percentages, is it possible to adapt x axis in the way that it would use separate scale like 0-100 percent for percentages?
What is your question?  What problem are you trying to solve?  How have you tried to solve it so far?