Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
All Posts
Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- All Posts
All Posts
10-27-2023
06:45 AM
Hi @waJesu, which version have you? I have 3.6.0, it isn't the last one, and I have Ciao. Giuseppe
10-27-2023
06:42 AM
Thanks for your answer with details. This makes sense to me now.
10-27-2023
06:41 AM
1) I found out how to filter events based on _time and put a delete command. Please let me know if this is a correct approach
index=summary report=report=group_ip
| eval epoch1 = _time | search ...
See more...
1) I found out how to filter events based on _time and put a delete command. Please let me know if this is a correct approach
index=summary report=report=group_ip
| eval epoch1 = _time | search epoch1="[number]"
| delete
2) The command above didn't work because I don't have permission to delete. I went to "[Settings > Users > your_user]", I was unable to find "Users" Please suggest. Thanks
10-27-2023
06:39 AM
@anatolvd This gets the job done, I didn't think of that! Thank you!
10-27-2023
06:35 AM
I am not sure why I don't have the import button on my instance.
10-27-2023
06:28 AM
1 Karma
hi @LearningGuy, 1) sorry there was a mistyping ! I wanted to say that the can_delete role isn't usually enabled on production systems, so you have to enable it for your user and disable after del...
See more...
hi @LearningGuy, 1) sorry there was a mistyping ! I wanted to say that the can_delete role isn't usually enabled on production systems, so you have to enable it for your user and disable after deleting, dor leave it associated to your role! 2) you generated many events with your scheduled search: someone to dlete and someother to maintain (I suppose). so, be sure (testing your search) that the results of your search will be only the events to delete then you can run the delete command after your search. can_delete is a stadard Splunk role, that you should be able to associate to your user in [Settings > Users > your_user]. Ciao. Giuseppe
10-27-2023
06:19 AM
Please provide more information. Which parts of HIPAA concern you when it comes to integrating Splunk and AWS? Which AWS services are you integrating with Splunk? How are you integrating them?
10-27-2023
06:00 AM
Hello Splunkers I use the deployer to deploy config apps or add_ons on a search head cluster. This works when I want to deploy a new app or delete an app. I see that the search head cluster initi...
See more...
Hello Splunkers I use the deployer to deploy config apps or add_ons on a search head cluster. This works when I want to deploy a new app or delete an app. I see that the search head cluster initiates a rolling restart after each apply-bundle command on the deployer. But when I modify a file in an app (etc/shcluster/app) and run the apply-bundle command, the modification is not propagated to the cluster. What's wrong?
Labels
- Labels:
-
deployer
-
search head clustering
10-27-2023
05:59 AM
I don't have access to this app. I will ask an admin though.
- Tags:
- don't have
10-27-2023
05:51 AM
Thanks yes the search looks strange, but it's the only way out of my problems. If dest_interface=outside the cable to outside interface is connected. Not sure why, but it's perfect. I have also ...
See more...
Thanks yes the search looks strange, but it's the only way out of my problems. If dest_interface=outside the cable to outside interface is connected. Not sure why, but it's perfect. I have also tried to use appendcols to combine both graphs without success. I think I must do more investigation to find out why. Geir
10-27-2023
05:47 AM
Hi @gcusello, I have not tried delete command 1) Could you please explain what you meant by this command you said previously and provide an example? "ta the rend disable the can_delete role"...
See more...
Hi @gcusello, I have not tried delete command 1) Could you please explain what you meant by this command you said previously and provide an example? "ta the rend disable the can_delete role" 2) How do create a search to identify the event? I tried to filter the event generated on a specific hour based on "_time" field, but it didn't give me result. 3) How do I know if I have can_delete role? How do I enable it? Thank you so much for your help
10-27-2023
05:47 AM
Hello. Not sure if you figured out this issue yet. What I found was that a recent Splunk update moved some js libraries into the quarantined folder due to incompatibility with jQuery 3.5. So far I...
See more...
Hello. Not sure if you figured out this issue yet. What I found was that a recent Splunk update moved some js libraries into the quarantined folder due to incompatibility with jQuery 3.5. So far I haven't seen any other solutions. We actually moved the js and css files into our APPLICATIONS with modifications to the js to adhere to jQuery 3.5.
10-27-2023
05:38 AM
As I said, the proper way to get rid of old files would be to reduce the limits for the indexes you want to trim and let Splunk roll the buckets to frozen on its own.
10-27-2023
05:35 AM
You can try appending the second search to the first search Having said that using dc by the same field is only every going to give counts of 1 so your searches seem a little strange.
10-27-2023
05:32 AM
Anyone can help me to onboard data and metrics from openshift to Splunk Cloud. Forwarding Logs to Splunk Using the OpenShift was not enough to get all the data we need i.e cpu and memory utilization.
Labels
10-27-2023
05:05 AM
I am looking for solution to integrate Splunk with AWS having HIPAA compliance.
10-27-2023
05:03 AM
Amazing, thanks a lot for your help!
10-27-2023
04:59 AM
@PickleRick this is our license master and i understand that it supposed to be not indexer any data. So we have some files of 2022 and 2023 so . can we remove these files of 2022?
10-27-2023
04:54 AM
Hi, I need an spl to find the threshold for the respective domains. index=ss group="Threat Intelligence" | stats values(attacker_score) as attacker_score by domain eg. admin.com 110 120 ...
See more...
Hi, I need an spl to find the threshold for the respective domains. index=ss group="Threat Intelligence" | stats values(attacker_score) as attacker_score by domain eg. admin.com 110 120 135 145 160 170 185 195 210 220 235 245 270 345 360 370 395 410 420 435 445 45 470 495 520 570 60 645 70 85 920 95 Thanks..
Labels
- Labels:
-
stats
10-27-2023
04:50 AM
1 Karma
Hi Deepak, You can reach me whenever you need, I don't know if I can share my mail here or not. But you can easily reach me over LinkedIn message further communication. Thanks Cansel
