Hi,  I have missed DB collector credential while re-installing controller and i have back file of older controller folders. Kindly let me where can i find those DB collector configuration file in older controller folder. thanks

Hello - What version of Java/JDK is AppDynamics licensed to use with their software WRT to agents?  There's some concern with Oracle lawyers going after organizations using their Java JDK software.  Does AppDynamics have a license/agreement with Oracle?  Can we use OpenJDK, or Corretto instead? Thanks.

Hi Team, i have one abc.csv file with  only one colunm as Source_IP where values are in10.10.10.0/24 format . next i have  index=xyz which has multiple column as dst,city,counrty , src is one of the  column . here i need all data from index=xyz where Source_IP from abc.csv matches with src column of index=xyz. i have uploaded the file successfully but unable to find the relevant query to fetch data ..    

----------------------- DISK INFORMATION ---------------------------- DISK="/dev/sda" NAME="sda" HCTL="0:0:0:0" TYPE="disk" VENDOR="VMware " SIZE="210G" SCSIHOST="0" CHANNEL="0" ID="0" LUN="0" BOOTDISK="TRUE" DISK="/dev/sdb" NAME="sdb" HCTL="0:0:1:0" TYPE="disk" VENDOR="VMware " SIZE="100G" SCSIHOST="0" CHANNEL="0" ID="1" LUN="0" BOOTDISK="FALSE"   My log (multiline event) looks like this but Splunk is automatically extracting just the first line . I want to extract all the values.  for example: NAME=sda NAME=sdb     Could someone please help me with it  

host="SPL-SH-DC" sourcetype="csv" source="****"  Severity!="Info" Severity!="low" Plugin_Name!="SSL Certificate with Wrong Hostname" Plugin_Name!="Unix Operating System Unsupported Version Detection" Plugin_Name!="SSL Self-Signed Certificate" Plugin_Name!="SSL Certificate Cannot Be Trusted" Port!="8089" Port!="6502" | table IP_Address,device_name,Plugin_Name, Severity,model, Protocol, Port, Exploit, Synopsis, Description, Solution, See_Also, CVSS_V2_Base_Score, CVE,Plugin Thanks for your help!

Hi there all. I am in a bit of a catch 22.  I have a process that cannot send data over HTTPS data because the HEC is using a self-signed certificate and the process I am using will not allow that.  However, I cannot send HTTP because the HEC is set for HTTPS input and so is getting rejected by the Splunk HEC. Is there a way to have the HEC collect BOTH HTTP and HTTPS and set the requirement based on the input? Thanks

Hello everyone, I would like to ask if the following architecture is feasible to be build and to be functional: - Windows Domain with 200 Endpoints having UF installed. Endpoints collect host logs. - Heavy Forwarder collects all data from the UFs. - Same HF acts as an intermediate forwarder and forwards raw logs received to a Remote Indexer, outside the Windows Domain. - Remote Indexer is a Search Peer/Deployment Client of a Search Head/Deployment Server where Splunk ES is installed. Questions: 1. Is it possible for Splunk HF to be also a Deployment Server and manage the UFs on Endpoints? 2. Is HF a must for collecting data from 200 Endpoints and re-forwarding them to Indexer? Or a Splunk UF can easily do the job too with minimal footprint? 3. HW will not be directly connected with Splunk License Master (Search Head with ES installed). Can I install a license and set it as a License Slave? Thank you in advance. With kind regards, Chris

Hi everyone, I need help in figuring out a way to use my report (table data) into calculations in my dashboard panel. I have a report that runs on daily basis and calculates avg response time of servers by environments (app name say ABC, def and xyz). Now I want to use this response time as an input to one of my panel's back end search. So report data is like below app name   response time       1) ABC           0.234 sec 2) def            0.113 sec 3) xyz            0.227 sec I want to use this response time to build gauge in my dashboard panel. I have added this report in my dashboard panel that gives in a search ref tag but I don't know how to use this further.  

I want to add another title next to "UIP" on the apps bar! Settings-->User Interface-->Navigation Menus--> <nav search_view="search"> <view name="search" default='true' /> <view name="datasets" /> <view name="reports" /> <view name="alerts" /> <view name="dashboards" /> <collection label="UIP"> <view name="login_name"/> <view name="agent"/> <view name="hase_dashboard"/> <view name="hase_uip_data_search"/> </collection> <collection label="CIVR"> <view name="IVR-CC"/> <view name="IVR-CC3"/> </collection> </nav>