All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Hi @deephi , good for you, see next time! Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated by all the contributors
Thanks for the help. This is noted.
Hi @secneer , as @richgalloway said, the SEDCMD command on props.conf works at index time on the new arriving data. this means that you are masking your data from the moment in which you restarted ... See more...
Hi @secneer , as @richgalloway said, the SEDCMD command on props.conf works at index time on the new arriving data. this means that you are masking your data from the moment in which you restarted Splunk after the SEDCMD insertion. The masking will work on the new data, not on the old ones. The old data (already indexed) cannot be modified until their deletion when the bucket will exceed the retention time. Ciao. Giuseppe
Hi @dgwann, if you run a search using dbquery, you should have as result a table that you can display as you like, as every other kind of Splunk panel. it isn't relevant (for the display) where the... See more...
Hi @dgwann, if you run a search using dbquery, you should have as result a table that you can display as you like, as every other kind of Splunk panel. it isn't relevant (for the display) where the data come from. Ciao. Giuseppe
Hi @deephi , as @inventsekar said and as you can read at https://docs.splunk.com/Documentation/Splunk/9.1.1/Installation/Systemrequirements#Unix_operating_systems Splunk UF is compatible with every ... See more...
Hi @deephi , as @inventsekar said and as you can read at https://docs.splunk.com/Documentation/Splunk/9.1.1/Installation/Systemrequirements#Unix_operating_systems Splunk UF is compatible with every Linux having kernel 3.x or higher. As you can read in an answer of few days ago, the issue could be that AWS Linux has kernel 6.x that isn't clearly declared compatible in the above link even if it's written "Kernel 5.4 or higher". I am confident that it's fully compatible also with kernel 6.x. Ciao. Giuseppe
The ERR_CONNECTION_TIMED_OUT error is a common issue in web browsing, signifying that your browser couldn't establish a connection to the target website within a specified time frame. To address this... See more...
The ERR_CONNECTION_TIMED_OUT error is a common issue in web browsing, signifying that your browser couldn't establish a connection to the target website within a specified time frame. To address this, first, check your internet connection and ensure it's stable. Try loading other websites to confirm if the problem is site-specific. If it persists, clear your browser cache and cookies, as these may be causing conflicts. Temporarily disable your firewall or antivirus software to see if they're blocking the connection. Alternatively, reboot your router and modem, and ensure that your DNS settings are configured correctly. If none of these solutions work, contact your ISP or the website administrator to troubleshoot potential network issues on their end.
Hello, Just checking through if the issue was resolved or you have any further questions?
Hello @mjuestel2, The annotations Dashboard would be based on the MITRE Technique value we provide in the correlation searches. Also, it's not savedsearches based on which panels work upon - it's th... See more...
Hello @mjuestel2, The annotations Dashboard would be based on the MITRE Technique value we provide in the correlation searches. Also, it's not savedsearches based on which panels work upon - it's the Risk Data Model -    Please let me know if you have any questions about the same. Also, please accept the solution and hit Karma, if this helps!
And are you sure the data isn't being indexed with wrong timestamp? Did you check the index contents outside of the supposed time ranges.
You need to extract special capture groups from each match called _KEY_1 and _VAL_1  
Hi Team, I am trying to create a topic manually using Confluent Control Center (localhost:9021) and then using Connect-->connect-default-->Connector-->Upload connector config file I am uploading the... See more...
Hi Team, I am trying to create a topic manually using Confluent Control Center (localhost:9021) and then using Connect-->connect-default-->Connector-->Upload connector config file I am uploading the splunk sink properties which already have splunk.hec.token. But still I am getting this error "splun.hec.token" is invalid in Confluent UI(@nd screenshot) in browser. Appreciate If anybody can help here? Please note we are tryinf in Ubuntu OS and Splunk, Confluent, Kafka Connect all the components are in same network in same server.   Splunk Sink properties: name=TestConnector topics=mytopic tasks.max=1 connector.class=com.splunk.kafka.connect.SplunkSinkConnector splunk.hec.token=453a412d-029f-4fcf-a896-8c388241add0 splunk.indexes=Attest splunk.hec.uri=https://localhost:8889 splunk.hec.raw=true splunk.hec.ack.enabled=true splunk.hec.ssl.validate.cert=false splunk.hec.ack.poll.interval=20 splunk.hec.ack.poll.threads=2 splunk.hec.event.timeout=300 splunk.hec.ssl.validate.certs=false    
Hello I monitor metrics and limits for multiple AppDynamics controllers in a common dashboard: Use the AppDynamics REST API to gather data. Create a dashboard with tools like Grafana or Table... See more...
Hello I monitor metrics and limits for multiple AppDynamics controllers in a common dashboard: Use the AppDynamics REST API to gather data. Create a dashboard with tools like Grafana or Tableau. Store data centrally for historical analysis. Automate data collection and scheduling. Set up alerts for thresholds and limits. Go through: https://docs.appdynamics.com/appd/22.x/22.2/en/extend-appdynamics/appdynamics-apis-Salesforce Marketing Cloud Certification Thank you.
To automate the monthly restart and failover processes for your AppDynamics servers, you can use Ansible playbooks or workflows in vRealize Orchestrator (vRO) or ServiceNow. These automation scripts ... See more...
To automate the monthly restart and failover processes for your AppDynamics servers, you can use Ansible playbooks or workflows in vRealize Orchestrator (vRO) or ServiceNow. These automation scripts should include the steps to patch, restart, and, if applicable, perform failover for your servers. Set up scheduling, logging, and notifications for monitoring and alerting, and thoroughly test the automation in a non-production environment before deploying it in your production environment.
Thanks for sharing. Very helpful.
@ITWhispererhello mister, please help or can you tag some guys, who can help us please.  thank you! 
For Ubuntu: I used the command  [sudo] $SPLUNK_HOME/bin/splunk enable boot-start But when i rebooted the machine, I check the status of splunk forwader by using command ./splunk status. It return... See more...
For Ubuntu: I used the command  [sudo] $SPLUNK_HOME/bin/splunk enable boot-start But when i rebooted the machine, I check the status of splunk forwader by using command ./splunk status. It returned "splunkd is not running".   For Windows: according to Splunk document, Splunk will run automatically after startup. But after restarting the machine, i checked in the Task Manager, the SplunkForwarder was not running.  
Hi @deephi .. Splunk UF is compatible with most of the linux available in the market. Pls check the documentations. if you hvae very old linux versions (or very latest linux with very advanced featur... See more...
Hi @deephi .. Splunk UF is compatible with most of the linux available in the market. Pls check the documentations. if you hvae very old linux versions (or very latest linux with very advanced features.. even 90% of the times, this we can neglect)
Is Splunk Universal Forwarder compatible with Amazon Linux?  
How can I remove the "Open in Search" (search magnifying glass) icon/option from a panel in a Dashboard Studio dashboard? I know how it's done in the Classic dashboard, but cannot work out how to do... See more...
How can I remove the "Open in Search" (search magnifying glass) icon/option from a panel in a Dashboard Studio dashboard? I know how it's done in the Classic dashboard, but cannot work out how to do it in Dashboard Studio. Thanks
It's possible Splunk's regex library doesn't handle \b well.  Is there something else that indicates the start and end of the desired string?  Perhaps \Wauthentication\sfailure\W?