All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Token was set using the time range control. see below image
Hi Team  Can you please help me to extract the data from the external website to Splunk Dashboard.  Is it possible ??  Example :  I've to fetch the below status from the website: "https://www.e... See more...
Hi Team  Can you please help me to extract the data from the external website to Splunk Dashboard.  Is it possible ??  Example :  I've to fetch the below status from the website: "https://www.ecb.europa.eu/"  Output in SPLUNK Dashboard: T2S is operating normally.  
Please show what is in your token and how you have set it
As you say: "is _not_ straightforward", and I agree, why I think the "solution" here is vague, and ought to be refined
Hello guys, I am trying to add a time range to my search, so the user can pick any time range and see data for the selected time (e.g. 24hours, last 30 days, previous year etc), . I created a time ra... See more...
Hello guys, I am trying to add a time range to my search, so the user can pick any time range and see data for the selected time (e.g. 24hours, last 30 days, previous year etc), . I created a time range control and token for this purpose, called TimeRange. But when I run my query, I get the below error: Invalid value "$TimeRange$" for time term 'earliest' Here is my query: base query earliest = $TimeRange$, latest=now () | other query
Hi mitag,  its been a while since you posted this. Were you able to work on such an app / add-on? I would be interested in it. 
The question was very vague and ambiguous. Let's consider a situation where you have a server hosting two interfaces - 192.168.10.23/24 and 172.17.1.10/24. It receives HEC data on the 172.17.1.10 in... See more...
The question was very vague and ambiguous. Let's consider a situation where you have a server hosting two interfaces - 192.168.10.23/24 and 172.17.1.10/24. It receives HEC data on the 172.17.1.10 interface and has a default route via 192.168.10.1. It sends its data to an indexer located at 10.1.2.3/24 but the connection is SNAT-ed so it appears to the indexer as coming from 10.20.1.1. What is internal and external in this case? It is _not_ straightforward. I could throw in an intermediate forwarder to this mix and possibly some HTTP proxy. "Internal" and "external" mean different things depending on where you look from.
@SreejithDas- You are installing Splunk IT Intelligence App which is not allowed to install from UI. You need to install it from backend/SSH only. Reference Document - https://docs.splunk.com/Docume... See more...
@SreejithDas- You are installing Splunk IT Intelligence App which is not allowed to install from UI. You need to install it from backend/SSH only. Reference Document - https://docs.splunk.com/Documentation/ITSI/4.19.1/Install/Install   I hope this helps!!! Kindly upload if it does!!!
@SreejithDas- You need to either increase the UI upload limit in web.conf or just install the ES from backend/SSH. https://docs.splunk.com/Documentation/ES/6.0.0/Install/InstallEnterpriseSecurity ... See more...
@SreejithDas- You need to either increase the UI upload limit in web.conf or just install the ES from backend/SSH. https://docs.splunk.com/Documentation/ES/6.0.0/Install/InstallEnterpriseSecurity  
Hello Experts, I am Getting Error while importing splunk-enterprise-security_732.spl Current Splunk version which is used here is Splunk EnterpriseVersion: 9.3.2 Here is the Error description ... See more...
Hello Experts, I am Getting Error while importing splunk-enterprise-security_732.spl Current Splunk version which is used here is Splunk EnterpriseVersion: 9.3.2 Here is the Error description This XML file does not appear to have any style information associated with it. The document tree is shown below. <response> <messages> <msg type="ERROR">Content-Length of 920287904 too large (maximum is 524288000)</msg> </messages> </response>   need help on this   #SplunkError #ContentLengthExceeded #EnterpriseSecurity  #UploadIssue #LargeAppFileError  
Hi, I have a python script that requires a hostname as input and then runs an Ansible job via AWX. Is there a way to install this cleanly via a dashboard or in a menu in ES? I actually just want t... See more...
Hi, I have a python script that requires a hostname as input and then runs an Ansible job via AWX. Is there a way to install this cleanly via a dashboard or in a menu in ES? I actually just want to enter the hostname and use it to start the script. Regards, David
Hello Experts, I am Getting Error while importing splunk-it-service-intelligence_4191.spl. Current Splunk version which is used here is Splunk EnterpriseVersion: 9.3.2 Here is the Error descri... See more...
Hello Experts, I am Getting Error while importing splunk-it-service-intelligence_4191.spl. Current Splunk version which is used here is Splunk EnterpriseVersion: 9.3.2 Here is the Error description "There was an error processing the upload.Invalid app contents: archive contains more than one immediate subdirectory: and DA-ITSI-DATABASE" Please help on this  #SplunkError #InvalidAppContents #AppUploadIssue #SplunkDebugging #ITSIError
Hi @PickleRick , I agree to a certain extend. The question was here how to "find internal and external ip addresses", and I think we here can agree on, that it's not the Internal IP that is prese... See more...
Hi @PickleRick , I agree to a certain extend. The question was here how to "find internal and external ip addresses", and I think we here can agree on, that it's not the Internal IP that is presented, unless they are sitting on the same network. But as many (most I suppose) are more or less distributed, you'll not be able to get the internal ip this way - right?
To answer such question one should first define what "internal" and "external" IPs mean here given many possible deployment scenarios including multihomed hosts, NAT-s, intermediate forwarders, proxi... See more...
To answer such question one should first define what "internal" and "external" IPs mean here given many possible deployment scenarios including multihomed hosts, NAT-s, intermediate forwarders, proxies and so on. Only then one can start digging into available data.
I hade the same issue.  For me upgrading to Es7.3.2 did solve the issue.    Br 
Just because the issuer is "Splunk something", doesn't mean the file itself couldn't have been - for example - manually renamed from the original file which was created by some built-in scripts. Unf... See more...
Just because the issuer is "Splunk something", doesn't mean the file itself couldn't have been - for example - manually renamed from the original file which was created by some built-in scripts. Unfortunately you're using windows so I won't give you a find | grep oneliner to find whether it's referenced anywhere. You have to check for yourself if any *.conf file calls out to it.
Hi @yeahnah, Unfortunately your solution don't provide the truth as the clientIp is NOT equal to the Internal IP, it's unfortunately the public IP, which is not that same as the internal - and what ... See more...
Hi @yeahnah, Unfortunately your solution don't provide the truth as the clientIp is NOT equal to the Internal IP, it's unfortunately the public IP, which is not that same as the internal - and what I'd rather call the Private IP. The reason I know this is because I'm sitting with a bunch of external UF calling home to a DPL outside the network to all UF's, and I need to get the same information - the internal (private) IP, but it's not available. Till now I only see one way, which is scripted input and/or an existing app that collects this info. Your search is still good    it just don't provide what's requested.
Your description is still way incomplete. But whatever your exact use case is, I agree with @gcusello that it's something that you should work with your local Splunk Partner on - have an experienced ... See more...
Your description is still way incomplete. But whatever your exact use case is, I agree with @gcusello that it's something that you should work with your local Splunk Partner on - have an experienced Architect or Consultant go through your use case and see what can be done and how.
There is a fat chance that the links as well as the content itself aren't manually created but rather generated from some external tool. You might want to ask on Slack (on #docs or "the other channel... See more...
There is a fat chance that the links as well as the content itself aren't manually created but rather generated from some external tool. You might want to ask on Slack (on #docs or "the other channel" ) if there is someone having more insight on this
Hi @marnall ,  We are using Splunk python sdk in our App to configured custom data inputs. Please check below link for reference. https://dev.splunk.com/enterprise/docs/devtools/python/sdk-python/h... See more...
Hi @marnall ,  We are using Splunk python sdk in our App to configured custom data inputs. Please check below link for reference. https://dev.splunk.com/enterprise/docs/devtools/python/sdk-python/howtousesplunkpython/howtocreatemodpy/ Issue here is during creation or editing data input Stream_event function is called and it called after specific interval of time as well like each 15 min. We need to identify in Stream_event function from where it gets called, so accordingly we have 2 different algorithm to execute.