Bad passwords logged in the DC Netlogon logs: for a specific account name:  index=cim sourcetype=netlogon host=*dc* "0xC000006A" Logon_Account="*<accountname>”  *** need the asterisk since the netlogon log usually puts the domain netbios name in front of the account name, for a specific account by source:  index=cim sourcetype=netlogon host=*dc* "0xC000006A" Logon_Account="*<accountname>”   *** same query as above because I did not find an easy way to get the bad password source.  Anyone please help me 

Hello, I have configured my OpenTelemetry agent to instrument the MySQL database my PHP application uses. Next, I followed the install process for the PHP agent to collect traces. My application is being detected in APM, and MySQL shows up as an inferred service in APM, so far so good. When I open Database Query Performance to analyse the queries being executed against my database, however, Splunk claims it cannot display any query data, no matter how large I make the time window.  Yet, when I look at the traces of my application, Splunk is able to see the content of the query spans and their latency. I'm having difficulty understanding why no data is flowing into the Database Query Performance while everything seems to be configured well. Is this feature simply not enabled for trial users?

Hi, I have a requirement to generate a report/export to excel the problems triggered for all the applications (total 113 applications) in AppDynamics in the last month. How can we achieve this? From the documentation, I could see we can generate reports through REST API.  Please guide me on how to create an API to extract data.  We are using windows OS. Could you please help me? Thanks & regards Srinivas

I have a service that does uploading in bulk per request. Each request will contain a list of 100 records. In splunk i get this list of 100 request as one event. Is there a way i can split this list and generate 100 splunk events through query Sample log event: [2022-04-28T09:27:39,755+0000]-[INFO ]-["threadPoolTaskExecutor-1" traceId=8f22a26fcd03cdfdcd186131aa862c09, spanId=c4bb44c1f0561b9b, sampled=false cid=, clu=]-[c.i.v.s.t.k.EventBusConsumer]-[110]-Message. key = null . Size = 5008 . Value = {"items": [{"contactID": "1","firstName": "ricj"},{"contactID": "2","firstName": "rock"},{"contactID": "3","firstName": "rob"}]}   Expected events: {"contactID": "1","firstName": "rich"} {"contactID": "2","firstName": "rock"} {"contactID": "3","firstName": "rob"}

Hi All, We are monitoring the same log file from multiple hosts and we have observed that when  a particular error gets logged the service of that machine stops, when this happens there is nothing else logged in the log file but the error,  The machine will try automatically to bring up the service, and if it does so successfully then other normal logs will follow. Aim: Our aim is to capture this particular error but only alert if that error is the last entry on this log file in the last 30 minutes or so. Any help on this would be greatly appreciated. For arguments sake the error looks like this: ***ERROR*** Exception occurred in serviceB_TDR

Dear professional, I want to get the log size of each service in an index. This is my search string index="hcg_oapi_prod"| eval size = len(_raw) | stats sum(size) as rawSize by sourcetype | eval GB = round(rawSize / 1024 / 1024/1024, 2)   But this query string can not be completed and auto-canceled.   Please help me.

Hi all, We have a dashboard with Radial Gauge which is refreshing automatically every 2 minutes. When the dashboard is refreshed automatically the Radial Gauge dial and number are in the correct centered position. However, the needle itself is shown in the starting position (upper left corner) aside of the Radial Gauge.   In this image, in the inspector on the right hand side, you can see that in "circle" the "cx" and "cy" coordinates are in the starting position. If we refresh the page manually or resize the window in any way the needle is moved in the correct position:  Here we can see the correct position of the needle which is also presented in the "Circle" coordinates "cx" and "cy" Does anyone encountered that issue before and how can it be fixed?

Hello, I have  signed up for my phantom us in order to get the ova and start testing. Unfortunately my account didn't get approved yet and it seems to be taking some time. Can someone from the support look into it pls. Thank you

Hi Team, Please help me out in this case. I am searching the Port Scanning attack attempts by the following query. index="firewall" | stats dc(destination_port) as pcount by source_ip | where pcount > 500 It Shows me the results in forms only like sorce_ip is 145.132.11.11 and p count 777. But I want the results in the form of  Sorce_ip      sorce_port     destination_ip      destnation_port      pcount So what will be the query in this regard? Waiting for your kind reply.

I have a fresh Splunk Cloud instance with the AWS Add on for AWS App installed. When I try to load the Analytics view I get a "You do not have permissions to access objects of user=sc_admin" error. I've given sc_admin all the privilege.