And what is it that you did? Because "all required integration steps" doesn't say anything. Are you writing your logs to files and ingesting events from those files? Are you sending directly to splu...
See more...
And what is it that you did? Because "all required integration steps" doesn't say anything. Are you writing your logs to files and ingesting events from those files? Are you sending directly to splunk from your app? If so - how and to which component? If you configured the process with a specific destination index - are you sure that the user you're checking it with has proper permissions to access that index? Just a few questions to start.
Hi, I'm trying to integrate splunk to our springboot java application, I believe that I have made all the required integration steps but the logs are not showing up in our splunk account. Thank...
See more...
Hi, I'm trying to integrate splunk to our springboot java application, I believe that I have made all the required integration steps but the logs are not showing up in our splunk account. Thanks, Jerome
10 years ago there was a module called of all things "splunk" that you could use to connect to an instance and pull data out. The connect cmdlet was called Connect-Splunk and was part of the module ...
See more...
10 years ago there was a module called of all things "splunk" that you could use to connect to an instance and pull data out. The connect cmdlet was called Connect-Splunk and was part of the module set.
I couldn't find those details, either. I think they're one of those companies that hide their documentation so you may need to sign in to their customer portal (there's a link at the bottom of the p...
See more...
I couldn't find those details, either. I think they're one of those companies that hide their documentation so you may need to sign in to their customer portal (there's a link at the bottom of the page).
Hey guys I keep getting this privacy error every time i attempt to download Splunk Enterprise on Mac, i read somewhere that removing the s behind http should fix and resolve the issue but i still kee...
See more...
Hey guys I keep getting this privacy error every time i attempt to download Splunk Enterprise on Mac, i read somewhere that removing the s behind http should fix and resolve the issue but i still keep getting an error. Thanks for any help https://download.splunk.com/products/splunk/releases/9.1.1/osx/splunk-9.1.1-64e843ea36b1-darwin-64.tgz "download.splunk.com normally uses encryption to protect your information. When Chrome tried to connect to download.splunk.com this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be download.splunk.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged."
I haven't used the importtool myself but the logical thing to do is to run it on an indexer. If you run it on the master, it has no way of replicating the data to indexers because master is not a pa...
See more...
I haven't used the importtool myself but the logical thing to do is to run it on an indexer. If you run it on the master, it has no way of replicating the data to indexers because master is not a part of the "replication group"
Hi @sigma, did you tried from Search Heads using the collect command (https://docs.splunk.com/Documentation/Splunk/9.1.1/SearchReference/Collect)? In other words: you run a search on one index and ...
See more...
Hi @sigma, did you tried from Search Heads using the collect command (https://docs.splunk.com/Documentation/Splunk/9.1.1/SearchReference/Collect)? In other words: you run a search on one index and then you use the collect command: index=old_index
| collect index=new_index Obviously you can define the time period to export. Ciao. Giuseppe
Hi all,
I deployed Splunk and enabled indexer clustering. Then I created an index in master-apps and it has been replicated to peer nodes. Now I want to export some event from an index and import ...
See more...
Hi all,
I deployed Splunk and enabled indexer clustering. Then I created an index in master-apps and it has been replicated to peer nodes. Now I want to export some event from an index and import to the newly created index. I tested multiple methods:
I export events using following command:
./splunk cmd exporttool /opt/splunk/var/lib/splunk/defaultdb/db/db_1305913172_1301920239_29/ /myexportpath/export1.csv -et 1302393600 -lt 1302480000 -csv
and import the result using following command:
./splunk cmd importtool /opt/splunk/var/lib/splunk/defaultdb/db /myexportpath/export1.csv
but the data not replicated to indexers.
I tried another method using UI in cluster master. I import my events to newly created index. In the cluster master search everything is OK but this events not replicated to the indexers.
Note that my newly index does not shown in the indexes tab in indexer clustering: manger node. There are just three indexes: _internal, _audit, _telementry
I think I did a wrong way to do this. Does anyone have an idea?
The purpose of these dashboards are health checks. We do manually check these dashboards to see if the errors are within the thresholds. If they breach, we check if there is any actual issue going on...
See more...
The purpose of these dashboards are health checks. We do manually check these dashboards to see if the errors are within the thresholds. If they breach, we check if there is any actual issue going on. Though we have alerts configured, we do these checks manually 6 times a day, to ensure stability. we would like to move away manual checks and see for any automation options
Thanks @inventsekar . Apologies if my question was unclear but we do have alerts and dashboards configured. What we want now is automated health check in a simple RGB status which tells status of das...
See more...
Thanks @inventsekar . Apologies if my question was unclear but we do have alerts and dashboards configured. What we want now is automated health check in a simple RGB status which tells status of dashboards and alerts.
Hi @sameerdeepu2000 ... you can create Splunk Alerts easily.. let me give you an example... 1) simply run a splunk search query (index=User_Custom_Index username=testUser | stats count by usernam...
See more...
Hi @sameerdeepu2000 ... you can create Splunk Alerts easily.. let me give you an example... 1) simply run a splunk search query (index=User_Custom_Index username=testUser | stats count by username) 2) you can save that search query as as alert ..... ( just above the time-picker... "Save As"..choose "Alert" in the drop-down) 3) Splunk Alert gives you options to send email alerts.. for example.. if the count by a user is above 10, you can send email alert to your team DL. pls find doc link... https://docs.splunk.com/Documentation/Splunk/latest/Alert/Aboutalerts
Hi @KR1, sorry but I don't understand your issue: is your issue on the columns or on the displayed values (as I can understand from your screenshots)? if on the columns, is your issue that you wan...
See more...
Hi @KR1, sorry but I don't understand your issue: is your issue on the columns or on the displayed values (as I can understand from your screenshots)? if on the columns, is your issue that you want the columns in a specified order (which order?), or you don't want to display empty columns? Ciao. Giuseppe
Hi @Arty .. >> an application to send SOAR files to a server? to a "server", meaning outside regular user server ?!?! is it part of the SOAR playbook tasks, you mean?