All Topics

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Topics

I have four panels: none, add, remove, reauthorize. When a user's information is added to the textbox and the add dropdown is selected it is written to a lookup table. If the remove is selected then ... See more...
I have four panels: none, add, remove, reauthorize. When a user's information is added to the textbox and the add dropdown is selected it is written to a lookup table. If the remove is selected then that instance of that user is removed from the csv table. The none panel just displays the current table with the entries. I need to make it so that when add or remove is selected then it goes back to the none panel and shows the updated table. <row> <panel depends="$none"> <title>USb</title> <table> <search> <query> | inputlookup USB.csv </query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <option name="drilldown">none</option> <option name="refresh.display">progressbar</option> </table> </panel> <panel depends="$add$"> <title>Add User</title> <table> <search> <query>| inputlookup USB.csv | append [ | makeresults | eval user="$user_tok$", description="$description_tok$", revisit="$revisit_tok$", Action="$dropdown_tok$"] | eval keep_time=_time | table _time, keep_time, user, category, department, description, revisit | eval _time=keep_time | outputlookup USB.csv</query> <earliest>-24h@h</earliest> <latest>now</latest> <done> <unset token="add"></unset> </done> </search> <option name="drilldown">none</option> <option name="refresh.display">progressbar</option> </table> </panel> <panel depends="$remove$"> <title>Remove User</title> <table> <search> <query>| inputlookup USB.csv | where user != "$user_tok$" | eval keep_time=_time | table _time, keep_time, user, category, description, revisit | eval _time=keep_time | outputlookup USB.csv </query> <earliest>-24h@h</earliest> <latest>now</latest> <done> <unset token="remove"></unset> </done> </search> <option name="drilldown">none</option> <option name="refresh.display">progressbar</option> </table> </panel> <panel depends="$reauthorize$"> <title>Reauthorize User</title> <table> <search> <query>|inputlookup USB.csv</query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <option name="drilldown">none</option> <option name="refresh.display">progressbar</option> </table> </panel> </row>
Hello Splunkers!! Can anyone please help me on whether the below Solaris version is compatible with Splunk UF version as I can see only Solaris 11 Sparc and Solaris 10,11 64-bit Version UF package ... See more...
Hello Splunkers!! Can anyone please help me on whether the below Solaris version is compatible with Splunk UF version as I can see only Solaris 11 Sparc and Solaris 10,11 64-bit Version UF package is there.  Is there any other way to monitor from this Solaris server?  Checked in  https://docs.splunk.com/Documentation/Splunk/8.2.6/Installation/Systemrequirements#Supported_Operating_Systems as well.   Solaris Version: SunOS 5.10 Generic_150400-49 sun4u sparc SUNW,SPARC-Enterprise Many thanks! Sarah
Hello Team, I have created a web-based python script. When I run it manually from the synthetic agent, it is running fine. But, when i deploy it in AppD and assign it to the same synthetic agent, it... See more...
Hello Team, I have created a web-based python script. When I run it manually from the synthetic agent, it is running fine. But, when i deploy it in AppD and assign it to the same synthetic agent, it is failing in the home page itself. Please suggest me a solution to resolve this issue
Hi I am new to Splunk and the first app I added was Jamf Pro add-on but it won't load, in the readiness app section I saw this warning Details This app is not compatible with Python... See more...
Hi I am new to Splunk and the first app I added was Jamf Pro add-on but it won't load, in the readiness app section I saw this warning Details This app is not compatible with Python 3. Version 2.10.5 Application Path /opt/splunk/etc/apps/JAMF-Pro-addon-for-splunk Required Action Do one of the following: Petition the developer to update the app. Uninstall the app from the app listing page. Take ownership of the app and override existing code (not recommended). Dismiss AppGo to App Page Issue:  This app contains an outdated Python SDK. Update to the latest Python SDK.   Anyone else experiencing this issue? Thanks
I am unable to use time picker in real time in classic dashboard is it not supported or am I having this problem.  so, I tried to use dashboard studio and created a dynamic dropdown input with help... See more...
I am unable to use time picker in real time in classic dashboard is it not supported or am I having this problem.  so, I tried to use dashboard studio and created a dynamic dropdown input with help of a search query this was working fine but as soon as I use the real-time search for dynamic input it is showing error "the search may have been cancelled while there are still subscribers" so, can anyone tell can we use real time searches for dynamic input dropdown if yes how? 
Hi , I need to find the time difference between two events, these events are when a job on our server starts running and when it finishes. I found this answer to a very similar question https:/... See more...
Hi , I need to find the time difference between two events, these events are when a job on our server starts running and when it finishes. I found this answer to a very similar question https://community.splunk.com/t5/Splunk-Search/Calculate-time-difference-between-two-events/td-p/578640 but when i try this it does not show me the latency (empty). , I think it has something to do with the search words or the conditions I'm using but I am not sure. Any help is appreciated ! index="0200-pio_numb3r5_support-app" "HumanResourceImportJob" AND "transitioning from state 'Processing' to 'Succeeded'. Reason:" OR "transitioning from state 'Enqueued' to 'Processing'. Reason:" AND NOT OnStateUnapplied | where host="AUDIINSA4919" OR host="AUDIINSA4304" | stats earliest(_time) as Start_time, latest(_time) as Finished_time by host | eval Latency=tostring(Start_time-Finished_time, "duration") | table Start_time , Finished_time , Latency , host | fieldformat Finished_time=strftime(Finished_time,"%c") | fieldformat Start_time=strftime(Start_time,"%c") The output is with latency empty:              Start_time                                       Finished_time                       Latency        host 1 Wed May 18 03:30:08 2022 Wed May 18 03:42:47 2022   AUDIINSA4304
Getting below error message on SH message box:  Search peer <Indexer_host> has the following message: Problem replicating config (bundle) to search peer ' <ip_deployment_server>:8089 ', Upload bun... See more...
Getting below error message on SH message box:  Search peer <Indexer_host> has the following message: Problem replicating config (bundle) to search peer ' <ip_deployment_server>:8089 ', Upload bundle="/opt/splunk/var/run/236039B4-5D5D-4138-A083-DE21022C7678-16566.bundle" to peer name=<deployment_server> uri=https://192.210.0.6:8089 failed; error="Read Timeout".
Dears, How we can integrate with twitter to Splunk read the tweets?   Regards
Hi Team, I am facing below error while integrating SAP CPI with Splunk through HEC. Error in SAP CPI: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path b... See more...
Hi Team, I am facing below error while integrating SAP CPI with Splunk through HEC. Error in SAP CPI: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target In trail account, I am not able to edit Global setting to disable EnableSSL check box. So, please let me know how to resolve this issue..  
The email alert says ERROR occurred while generating the PDF. Please see pyhton.log for details. As it is older issue unable to locate the logs in splunk. what could be issue here?
Hi Community, I dealt with csv files before, splunk would auto extracted so many fields, shown as figure 1. But today, when I try to search these files again, only fewer fields are displayed... sho... See more...
Hi Community, I dealt with csv files before, splunk would auto extracted so many fields, shown as figure 1. But today, when I try to search these files again, only fewer fields are displayed... shown as figure 2. And the fields I exacted manually also didn't shown... I don't know why... Really need help~~ figure1: Figure 2: Thanks in advance~ BR. Cecilia
Hello, Help me please. I'd like to define multiple search or subsearch to merge all relevant information about alerts. Interesting fields in search are  the hosts - as managed_host field and an u... See more...
Hello, Help me please. I'd like to define multiple search or subsearch to merge all relevant information about alerts. Interesting fields in search are  the hosts - as managed_host field and an uniqe alert number. I do not need alert about all the hosts, so i sort the relevant ones:  index=main ( managed_host="host_A" OR managed_host="host_B" OR managed_host="host_C" ) | dedup alert_num |  eval alert=alert_num Thats simple, will show the relevant alert numbers. After that i need to simple search the selected alerts to get ALL the logs ( some of them doesn't contain managed_host filed, so will not appear at first search.) Index=main alert_num=$alert$ How could be merged this two search in one to generate an alert that will contain all relevant information? Thanks, Gabor    
Can someone please guide me how do i exclude 5th column from a CSV file using props.conf and tranform.conf  Let's assume i have 100 column in my csv file.
My current Splunk regex query 10.66.189.62 -- -- -[17/May/2022:05:59:16--0400]--502- "POST /astra/sliceHTTP/1.1" req_len=1776-req_cont_len=117-req_cont_enc="-"-res_body_len=341 res_len=733 "https://... See more...
My current Splunk regex query 10.66.189.62 -- -- -[17/May/2022:05:59:16--0400]--502- "POST /astra/sliceHTTP/1.1" req_len=1776-req_cont_len=117-req_cont_enc="-"-res_body_len=341 res_len=733 "https://ninepoint.blackrock.com/astra/". "Mozilla/5.0- (Macintosh; Intel-Mac-OS-X-10_15_7) -AppleWebKit/537.36-(KHTML,-Like-Gecko) Chrome/10.0.4896.127 Safari/537.36" x_fw_for="-".req_time=278.326-ups_res_time=278.326 ups_con_time=0.011-ups_status=502-pipe=. -VNDRegID=undefined- gives me; POST /astra/sliceHTTP/1.1   I want to apply another query on the result of above query to get  POST/astra/sliceHTTP/1.1     ,i.e /astra Is there a way or a better regex pattern which can provide me the following?
We configured the EMC Isilon addon on our heavy forwarder, It is throwing the authentication error when we try to connect to any Isilon cluster node.  We are able to connect to same Isilon cluster n... See more...
We configured the EMC Isilon addon on our heavy forwarder, It is throwing the authentication error when we try to connect to any Isilon cluster node.  We are able to connect to same Isilon cluster nodes from web UI with given user and password.     Here are the log errors we are getting   Any help here is really appreciated!!!!!!!!!
we configured the EMC Isilon addon on our heavy forwarder, It is throwing the authentication error when we try to connect to any Isilon cluster node.  We are able to connect to same Isilon cluster n... See more...
we configured the EMC Isilon addon on our heavy forwarder, It is throwing the authentication error when we try to connect to any Isilon cluster node.  We are able to connect to same Isilon cluster nodes from web UI with given user and password.   Here are the log errors we are getting Any help here is really appreciated!!!!!!!!!
Hi All,  I'm very new in Splunk kindly guide. We have one syslog server integrated on UF my question is how to know the capacity of syslog server. Is there any way I could know the total capaci... See more...
Hi All,  I'm very new in Splunk kindly guide. We have one syslog server integrated on UF my question is how to know the capacity of syslog server. Is there any way I could know the total capacity of syslog server.     Thank you in advance!!
Error has occurred to export PDF of dashboard which has cluster map. Unable to render PDF. Exception raised while trying to render "<dashboard-name>" to PDF. Cannot access image at https://127.... See more...
Error has occurred to export PDF of dashboard which has cluster map. Unable to render PDF. Exception raised while trying to render "<dashboard-name>" to PDF. Cannot access image at https://127.0.0.1:8089/services/mbtiles/splunk-tiles/7/113/50?referrer=splunkpdfmaprenderer. Host not included in pdfgen_trusted_hosts in web.conf I specified tile of visualizations as following: https://mt3.google.com/vt/lyrs=m@114&z={z}&x={x}&y={y} Error message has changed Unable to render PDF. Exception raised while trying to render "<dashboard-name>" to PDF. Cannot access image at https://mt3.google.com/vt/lyrs=m@114&z=7&x=113&y=50. Host not included in pdfgen_trusted_hosts in web.conf If I remove Cluster Map from dashboard, I can export PDF. Because I used Splunk Cloud,  I don't know how to modify web.conf. How shoud I solve it?
Hello, For some reason the buttons in any of the dashboard panels under the Search & Reporting App displaying incorrectly. They either are misaligned, look like hyperlinks, or get all squished up. ... See more...
Hello, For some reason the buttons in any of the dashboard panels under the Search & Reporting App displaying incorrectly. They either are misaligned, look like hyperlinks, or get all squished up. Any help is greatly appreciated! FYI: Dashboards themselves work fine in terms of displaying results. See below:   V/r, mello920
Hi, I have a search and a report for the search.  How can I get the date range in the report?