Hi, Does anybody now how to change the email in my account. My company is doing an email domain renewal and I need to change my email to a new email. Could you help me?
Hi PickleRick, Agreed. Than do i remove the sourcetype= statement from stanza in inputs.conf ? ( becuase it is over written any way ) please share your thoughts. also do i create seperate ind...
See more...
Hi PickleRick, Agreed. Than do i remove the sourcetype= statement from stanza in inputs.conf ? ( becuase it is over written any way ) please share your thoughts. also do i create seperate index for metrics mentioned in my inputs.conf of keep with eventtype index ? here is snipped of inputs.conf ------------------------------- inputs.conf ---------- # ###### OS Logs ###### # [WinEventLog://Application] disabled = false start_from = oldest current_only = 0 checkpointInterval = 5 renderXml=true index = winos ----- ------ ----- # ###### Host monitoring ###### # [WinHostMon://Computer] interval = 600 disabled = false type = Computer index = winos [WinHostMon://Process] interval = 600 disabled = false type = Process index = winos ----- ----- # ###### Win Registry Monitoring # [WinRegMon://default] disabled = false hive = .* proc = .* type = rename|set|delete|create index = winos ------- ------ # # perfmonance Monitoring # ###### Splunk 5.0+ Performance Counters ###### ## CPU [perfmon://CPU] counters = % Processor Time; % User Time; % Privileged Time; Interrupts/sec; % DPC Time; % Interrupt Time; DPCs Queued/sec; DPC Rate; % Idle Time; % C1 Time; % C2 Time; % C3 Time; C1 Transitions/sec; C2 Transitions/sec; C3 Transitions/sec instances = * interval = 30 mode = single object = Processor _meta = os::"Microsoft Windows Server 2012 R2 Standard" os_version::6.3.9600 entity_type::Windows_Host useEnglishOnly = true sourcetype = PerfmonMetrics:CPU disabled = 0 index = ????? Please share your expertise thanks
our app's addon's Inputs.config the sourcetype is set to custom name and the index is set to default. shown in below image
In the Add_on install flow .. The UI drop down to pick indexes i...
See more...
our app's addon's Inputs.config the sourcetype is set to custom name and the index is set to default. shown in below image
In the Add_on install flow .. The UI drop down to pick indexes is showing fewer than what are available
For example below shown indexes are not showing in the list.
The one difference I see is .. these indexes are created with App "_cluster_admin" the other are "search" ..
How do we enable search option in the available indexes ?
Hi Team, I have one file CARS.HIERCTR for which I want to capture START and END DURATION I am using below query: ndex="600000304_d_gridgain_idx*" sourcetype =600000304_gg_abs_ipc2 | rex "\[(?<thre...
See more...
Hi Team, I have one file CARS.HIERCTR for which I want to capture START and END DURATION I am using below query: ndex="600000304_d_gridgain_idx*" sourcetype =600000304_gg_abs_ipc2 | rex "\[(?<thread>Thread[^\]]+)\]" | transaction thread startswith="Reading Control-File /absin/CARS.HIERCTR." endswith="Completed Settlement file processing, CARS.HIER." | table duration But I am not getting any result Can someone guide me Starting Logger - 2023-08-29 00:26:20.256 [INFO ] [pool-3-thread-1] ReadControlFileImpl - Reading Control-File /absin/CARS.HIERCTR.D082823.T001819 Ending logger - 2023-08-29 02:18:33.064 [INFO ] [Thread-34] FileEventCreator - Completed Settlement file processing, CARS.HIER.D082823.T020913 records processed: 135959 PLEASE GUIDE.
Splunk can index data locally and forward it to another system. The assumption, however, is that the other system is Splunk. Splunk indexers can forward to non-Splunk systems, but only as raw TCP o...
See more...
Splunk can index data locally and forward it to another system. The assumption, however, is that the other system is Splunk. Splunk indexers can forward to non-Splunk systems, but only as raw TCP or syslog. See https://docs.splunk.com/Documentation/Splunk/9.1.0/Admin/Outputsconf#TCP_Output_stanzas and https://docs.splunk.com/Documentation/Splunk/9.1.0/Forwarding/Forwarddatatothird-partysystemsd for more information.
Hi, Previously in the Classic Dashboard designer you could use both the Input Name (now Called Label) and the value in a search. Is there a way to still do that in the new Designer? or store and call...
See more...
Hi, Previously in the Classic Dashboard designer you could use both the Input Name (now Called Label) and the value in a search. Is there a way to still do that in the new Designer? or store and call more than 1 value per drop down? For example I have a Dashboard that checks log files for several programs to see if they are abnormally large, to indicate a problem. in the Classic designer it used the Filename as the Label and the Size it should be as the Value. I could call both in the search. If that is no longer possible is there a way to hold more than one Value in an Array or something?
Running 9.0.x now, and I'm getting messages about kvstore issues on indexers, etc. I understand I can disable kvstore on some systems, but not all. Where do I need it upgraded to wiredTiger and wher...
See more...
Running 9.0.x now, and I'm getting messages about kvstore issues on indexers, etc. I understand I can disable kvstore on some systems, but not all. Where do I need it upgraded to wiredTiger and where can I disable it? Search heads - enabled and upgraded to wiredTiger Enterprise security search head - enabled and upgraded to wiredTiger Cluster master - mmapv1 Indexers - mmapv1 Deployment server - mmapv1 Heavy forwarders - enabled and upgraded to wiredTiger
Hello, no problem. In the screenshot below, there a numerical values in the each cell of the Count column. Currently, we see when the Cell color is Green, the Text color is Black, and when the Cell...
See more...
Hello, no problem. In the screenshot below, there a numerical values in the each cell of the Count column. Currently, we see when the Cell color is Green, the Text color is Black, and when the Cell color is Red, the Text color is White. I need a way to change that Text color to be Green if the Cell is Green, and Red if the Cell is Red in order to hide the Text from the Count column. Or if there is a way to hide the Text Value in the Count Column and only display the Cell color. That would be awesome. Thanks, Tom
Hello - Does the Splunk UF require .NET Framework to be installed in order to run on Windows servers? I am trying to determine if there are any .NET Framework dependencies for the Splunk Universal...
See more...
Hello - Does the Splunk UF require .NET Framework to be installed in order to run on Windows servers? I am trying to determine if there are any .NET Framework dependencies for the Splunk Universal Forwarder. Thanks! Joel B
Check the TA default configs or anything else for field aliases or evals that have the same name i.e. FIELDALIAS-user and EVAL-user in props or GUI. Either remove the duplicate field alias or eval, o...
See more...
Check the TA default configs or anything else for field aliases or evals that have the same name i.e. FIELDALIAS-user and EVAL-user in props or GUI. Either remove the duplicate field alias or eval, or rename them like FIELDALIAS-userTest and see if the new field pops up. I know the Crowdstrike TA 3.1.6 has duplicate names for user and severity which causes Splunk to drop the alias or eval altogether
Hello I upgraded from Splunk Enterprise 8.2.10 to 9.1.0.2. The values of the overview dashboard of the monitoring console are visible or not visible. Is it a bug or is there a way to fix it? I lo...
See more...
Hello I upgraded from Splunk Enterprise 8.2.10 to 9.1.0.2. The values of the overview dashboard of the monitoring console are visible or not visible. Is it a bug or is there a way to fix it? I look forward to hearing from you.
Thanks again, sorry, but that method only changes the cell color. I need the actual Text color to change or figure out how to hide the Text for this column. Thanks for the help though, Tom
Hi @mninansplunk, as I said: open the dashboard in Edit Mode, click on the pencin in the top of the column to apply colours, click on Colour ranges (instead None), Insert the colours for the wa...
See more...
Hi @mninansplunk, as I said: open the dashboard in Edit Mode, click on the pencin in the top of the column to apply colours, click on Colour ranges (instead None), Insert the colours for the wanted ranges, save the dashboard. I'm supponing that you are using the Classical Dashboard interface not Dashboard Stdio, otherwise I cannot help you because I didn't yet started to use it. Ciao. Giuseppe