Hi @smanojkumar Sorry, I got my wires crossed. It doesnt look like this is possible with XML Dashboards, however you can probably achieve this design much easier with Dashboard Studio dashboard. Is...
See more...
Hi @smanojkumar Sorry, I got my wires crossed. It doesnt look like this is possible with XML Dashboards, however you can probably achieve this design much easier with Dashboard Studio dashboard. Is there anything preventing you switching to a Dashboard Studio dashboard for this? Thanks Will
Hello There, I'm having 3 panles, where i need to display panel 1 in left side, In the same row I need to display Panle 2 and Panel 3 in left side in a stacked way. Is there is possibel way in Cl...
See more...
Hello There, I'm having 3 panles, where i need to display panel 1 in left side, In the same row I need to display Panle 2 and Panel 3 in left side in a stacked way. Is there is possibel way in Classic dashboard in Splunk? | Left | Top-Right | | Panel |---------- | | | Bot-Right| Looking forward for the resposne. Thanks!
@ITWhisperer thanks for the code. It is working but my doubt as per your comment - do I replace $app_name$ token with $app_name_choice$ in all my panels? Because even though I didn't change my panels...
See more...
@ITWhisperer thanks for the code. It is working but my doubt as per your comment - do I replace $app_name$ token with $app_name_choice$ in all my panels? Because even though I didn't change my panels are refreshing at the moment according to multiselect options given. Please confirm do I need to replace?
We investigated this add-on, but altough it mentions TRAP, there is no information provided to configure it. TRAP Cloud integration method, as far as I know, is by API.
@TheJagoff Please take a look. Is it related to the same? Fixed issues - Splunk Documentation Slow indexer/receiver detection capability - Splunk Community Splunk crash during tcpout (outputs.co...
See more...
@TheJagoff Please take a look. Is it related to the same? Fixed issues - Splunk Documentation Slow indexer/receiver detection capability - Splunk Community Splunk crash during tcpout (outputs.conf) reload - Splunk Community
Hello. I noticed on a U/F, "Splunk destroying TcpOutputClient during shutdown/reload" as a level INFO and happens 4 or 5 times a minute for each of the 3 indexers. The U/F has been running for quite...
See more...
Hello. I noticed on a U/F, "Splunk destroying TcpOutputClient during shutdown/reload" as a level INFO and happens 4 or 5 times a minute for each of the 3 indexers. The U/F has been running for quite some time and is not in a shutdown/reload situation and I am receiving events both _internal and OS data from the TA_Splunk_nix from it. Is destroying a connection a normal message and what would cause that? I can't seem to find anything online about this message.
That is interesting. Are you using the same user to search from WebUI as you're using for API access? If not, that could mean some differences in permissions to knowledge objects - in your case - fi...
See more...
That is interesting. Are you using the same user to search from WebUI as you're using for API access? If not, that could mean some differences in permissions to knowledge objects - in your case - field extractions.
@PickleRick Yes. I have web UI access also. When I search the query in Web splunk, I get the results. the same query when i execute it in splunk rest api via python script, not getting any results. ...
See more...
@PickleRick Yes. I have web UI access also. When I search the query in Web splunk, I get the results. the same query when i execute it in splunk rest api via python script, not getting any results. I dont know why.
I was using the Microsoft 365 App for Splunk and all of a sudden it stopped working and receiving any events or logs, I have tried everything and went back and backtracked all the installation steps,...
See more...
I was using the Microsoft 365 App for Splunk and all of a sudden it stopped working and receiving any events or logs, I have tried everything and went back and backtracked all the installation steps, everything seems to be in order, but I still do not receive any new information
@dataisbeautifulThis is not needed. The string is defined with triple single quotes as long string and therefore double quotes do not need to be escaped. @BalajiRaju If your base search returns val...
See more...
@dataisbeautifulThis is not needed. The string is defined with triple single quotes as long string and therefore double quotes do not need to be escaped. @BalajiRaju If your base search returns values and your filtering part causes it to not return any events at all, that would mean that you're filtering it wrong. There can be several reasons, most obvious would be that the httpcode field isn't properly extracted from the events (or simply your data doesn't have any 500 results). Do you have any webui access or is REST the only way you're accessing your Splunk installation?
Proofpoint Essentials is - as far as I remember - a simplified Proofpoint on Demand service. Proofpoint Enterprise can be deployed as either Proofpoint-managed Proofpoint on Demand service or an on-...
See more...
Proofpoint Essentials is - as far as I remember - a simplified Proofpoint on Demand service. Proofpoint Enterprise can be deployed as either Proofpoint-managed Proofpoint on Demand service or an on-premise Proofpoint Protection Server installation. As I understand, you're using Essentials so you're not interested in an on-premise installation. So your only way to get the detailed email flow info would be to upgrade to Enterprise and license the Remote Syslog Forwarding feature. Then you can set up your own TLS-secured "syslog" receiver and push the events from your PoD instance. Essentials is a simplified service for small businesses and therefore doesn't have all the bells and whistles that "full" Enterprise setup has. But is way cheaper as I remember.
Thank you again for the support @gcusello I currently don´t have visibility on _audit index in splunk. Do you maybe know if it is possible as well to filter the data based on the user type ? like f...
See more...
Thank you again for the support @gcusello I currently don´t have visibility on _audit index in splunk. Do you maybe know if it is possible as well to filter the data based on the user type ? like for example : user=admin ? what other users in splunk would exist with administrative privileges as well ? Are there any standard fields that exist in the _audit index that you think are enough to be archived while delivering the important details of the audit event ? I would really appreciate any help !
Hi @danielbb , I don't think it's possible with that ProofPoint, due to a problem at the source of it. I have integrated many ProofPoints, but honestly I couldn't tell you what version or type of P...
See more...
Hi @danielbb , I don't think it's possible with that ProofPoint, due to a problem at the source of it. I have integrated many ProofPoints, but honestly I couldn't tell you what version or type of PP there was. Ciao. Giuseppe
Hi @rpfutrell If possible, run a btool ($SPLUNK_HOME/bin/splunk btool inputs list --debug) on your UF which should give you an output of all inputs configured on that host. Have a look through th...
See more...
Hi @rpfutrell If possible, run a btool ($SPLUNK_HOME/bin/splunk btool inputs list --debug) on your UF which should give you an output of all inputs configured on that host. Have a look through the output to see if you can see any references to the logs you're looking for. By applying --debug to the command you will also see, on the left, which file/folder the configuration came from - this should help you track down the app responsible for these inputs and allow you to update accordingly. If the app is controlled by your DS then you can head over to the DS ($SPLUNK_HOME/etc/deployment-apps/<appName> and update the configuration there. Please let me know how you get on and consider accepting this answer or adding karma this answer if it has helped. Regards Will
Hi @zksvc Try adding ` | addinfo` to the end of your search, this will add the info_* fields to the results and should let you use them within your drilldown. Please let me know how you get on ...
See more...
Hi @zksvc Try adding ` | addinfo` to the end of your search, this will add the info_* fields to the results and should let you use them within your drilldown. Please let me know how you get on and consider accepting this answer or adding karma this answer if it has helped. Regards Will