All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Solution: https://community.splunk.com/t5/Dashboards-Visualizations/How-to-add-background-colour-to-single-value-visualisation-based/td-p/616565
rex "HTTP\/1\.1\"\s*(?<http_response>\d{3})" try above
You could try to calculate transfer time based your network and disk I/O values. Or just start that work and estimate it after sometimes.
Try adding a limits.conf with the following [kv] maxchars = 40000
Hi!  The log in question reads as: HTTP/1.1" 200 365 3 in our splunk, we don't have a "HTTP status" field to pivot off of.. So I see that the HTTP response always shows as it does above, So ... See more...
Hi!  The log in question reads as: HTTP/1.1" 200 365 3 in our splunk, we don't have a "HTTP status" field to pivot off of.. So I see that the HTTP response always shows as it does above, So I'd need a regex that gives me something like: | rex field=HTTP response "   HTTP/1.1" *** 
If you have more than a small number of prompts at a time, you need to change how your playbooks are working. Speaking from experience, that will lead to things being missed and waiting for too long.... See more...
If you have more than a small number of prompts at a time, you need to change how your playbooks are working. Speaking from experience, that will lead to things being missed and waiting for too long. To answer your question, you could try changing your link to point at the container holding the prompt instead of the prompt on its own.  That would look something like https://10.250.74.118:8443/mission/[number]/analyst/approvals   
What does you msiexec command look like that you're using to install the Splunk UF ?  
Hi, I was wondering if anyone knew how I can find the custom source types created by Data Manager Input? I had configured a custom source type or cloudwatch logs but can't seem to find it under the s... See more...
Hi, I was wondering if anyone knew how I can find the custom source types created by Data Manager Input? I had configured a custom source type or cloudwatch logs but can't seem to find it under the source types UI. Is this abstracted away somehow? How can I take a look at how this was configured under the hood?   Thanks
Do you have any other app or add-on configured with the inputs.  Run the following to see all inputs that may be present on your forwarder  $SPLUNK_HOME$/bin/splunk btool inputs list --debug
Were you able to get a solution for this as we are also facing the same issue with multiple builds.
Hi, I was wondering if someone could give me a straightforward breakdown of how I can link dropdown inputs with different panels using tokens. Regards,
Hi @Fadil.CK, That Community post is 4 years old. The Docs link you sent should have the most up-to-date information. 
The TA just captures the results from running shell scripts.  Feel free to update the script(s) and/or props to produce the desired fields.  Of course, you are responsible for maintaining/supporting ... See more...
The TA just captures the results from running shell scripts.  Feel free to update the script(s) and/or props to produce the desired fields.  Of course, you are responsible for maintaining/supporting those updates.
Made the changes but still didn't see the logs go through. I am setting up the inputs.conf file on the Windows VM locally and then restarting the Splunk Forwarding Service afterwards to see the chang... See more...
Made the changes but still didn't see the logs go through. I am setting up the inputs.conf file on the Windows VM locally and then restarting the Splunk Forwarding Service afterwards to see the changes.  Here are the settings and path: C:\Program Files\SplunkUniversalForwarder\etc\system\local\inputs.conf host = <Full Computer Name> [WinEventLog://Application] disabled = 0 [WinEventLog://Security] disabled = 0 [WinEventLog://System] disabled = 0 [WinEventLog://Directory Service] disabled = 0 checkpointInterval = 5 current_only = 0 disabled = 0 index = main start_from = oldest [WinEventLog://DNS Server] disabled = 0 checkpointInterval = 5 current_only = 0 disabled = 0 index = main start_from = oldest [perfmon://Network Interface] disabled = 1 [perfmon://CPU Load] disabled = 1 [perfmon://Available Memory] disabled = 1 [perfmon://Disk Space] disabled = 1 Another problem I am noticing is that even though I disabled the perfmon logs, they still show. Not a big deal but it might help diagnose the root problem.
Hello @Easwar.C, Cc: @Ryan.Paredez @MARTINA.MELIANA  Thanks for your reply. As per our documentation, could you please try using -Xbootclasspath/a:/usr/lib/jvm/jdk-1.8-oracle-x64/jre/lib/ext/tool... See more...
Hello @Easwar.C, Cc: @Ryan.Paredez @MARTINA.MELIANA  Thanks for your reply. As per our documentation, could you please try using -Xbootclasspath/a:/usr/lib/jvm/jdk-1.8-oracle-x64/jre/lib/ext/tools.jar instead to see how it goes? Doc: https://docs.appdynamics.com/appd/onprem/24.x/24.7/en/application-monitoring/tiers-and-nodes/monitor-jvms/object-instance-tracking-for-java#id-.ObjectInstanceTrackingforJavav24.2-SpecifytheClasspath When using the JDK runtime environment, set the classpath using the  -classpath  option for the application. For example: On Windows: java -classpath <complete-path-to-tools.jar>;%CLASSPATH% -jar myApp.jar On Unix: java -Xbootclasspath/a:<complete-path-to-tools.jar> -jar myApp.jar Regards, Xiangning
Buongiorno Giuseppe, I see what you are saying, but I don't think that will work.  Here is what is in an event.   {"timestamp": "2024-08-20 15:30:00.837000", "data_type": "finding_export", "domain... See more...
Buongiorno Giuseppe, I see what you are saying, but I don't think that will work.  Here is what is in an event.   {"timestamp": "2024-08-20 15:30:00.837000", "data_type": "finding_export", "domain_id": "my_domain_id", "domain_name": "my_domain_name", "path_id": "T0MarkSensitive", "path_title": "My Path Title", "user": "my_user"}   Every 15 minutes the binary goes to the API and pulls events.  Most of the events are duplicates except for the timestamp.  There may or may not be a new event which needs to be alerted on.  The monitoring team doesn't want to see any duplication, thus the lookup to save what has already come through. Now the issue is that not all the fields have values all the time.  When a field has no value the SHA256 command doesn't work.  Which is why I asked is there a better way than doing isnull on each field. Ciao, Joe
Thanks for your reply.  No, not in the search. I want to prevent these events (from certain hostnames) to even get ingested into Splunk to begin with. As I mentioned before, we can do this by adding... See more...
Thanks for your reply.  No, not in the search. I want to prevent these events (from certain hostnames) to even get ingested into Splunk to begin with. As I mentioned before, we can do this by adding a logging app service setting (on Azure), but it requires listing the hostnames individually. I was hoping there was a way to read from a list instead.   Currently we are doing something like this.   
So I've run into a weird issue where most all my apps show up as a web, and you can see where calls from one app, are made to another app. All except one. In this one, connections to other apps just ... See more...
So I've run into a weird issue where most all my apps show up as a web, and you can see where calls from one app, are made to another app. All except one. In this one, connections to other apps just show up under the "Remote Services" page with the FQDN listed. As such, the dashboard view doesn't correctly link it. Is there a way that I can say that a specific remote service is actually connected to another app? All the documentation I've found tells you how to rename it to a tier within the same app.
Hello, we are trying to see if os version (eg. RHEL6, UBUNTU 6.x) from splunk add-on for linux, we have enabled version.sh script and trying to see how to get this info, currently i am only getting ... See more...
Hello, we are trying to see if os version (eg. RHEL6, UBUNTU 6.x) from splunk add-on for linux, we have enabled version.sh script and trying to see how to get this info, currently i am only getting os_name as linux,  Is this possible to get additional info like RHEL, UBUNTU, please help me out.   Thanks
Hello, Can someone help me with splunk search to see whether IPV6 is enabled on target machines?     Thanks