All Topics

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

All Topics

Unable to Collect SMBServer/Audit logs

by in Getting Data In
‎09-06-2021 12:00 AM
‎09-06-2021 12:00 AM
I have been unable to get the universal forwarders to correctly collect the SMB Server audit logs. The inputs.conf file on the deployment server has the following stanza configured but there are no l... See more...
I have been unable to get the universal forwarders to correctly collect the SMB Server audit logs. The inputs.conf file on the deployment server has the following stanza configured but there are no logs flowing in. The other events in the inputs file work without any issues.  ## Application and Services Logs - SMB Server Audit Log [WinEventLog://Microsoft-Windows-SMBServer/Audit] index = wineventlog disabled = 0 start_from = oldest current_only = 0 Thanks   

Status indicator by colour value

by in All Apps and Add-ons
‎09-05-2021 09:58 PM
‎09-05-2021 09:58 PM
Hi,   I am looking to build a query based on the service status of 2 hosts and then combine 2 of them into 1 and change colour based on the condition below:   For example:   I want A1 + B1 = x ... See more...
Hi,   I am looking to build a query based on the service status of 2 hosts and then combine 2 of them into 1 and change colour based on the condition below:   For example:   I want A1 + B1 = x then i want to check the service status, if both are running then green, if 1 is running then yellow and if none is running then red. Any idea how can I achieve this? Any help appreciated!  
Labels

ES 6.2 Incident Review jumps to the top when selecting notable events

by in Splunk Enterprise Security
‎09-05-2021 08:50 PM
‎09-05-2021 08:50 PM
Hi, Ever since upgrading to ES 6.2, there has been a problem bugging our team. Whenever we select one of the notable events in Incident Review dashboard, the screen would jump to the top. The worka... See more...
Hi, Ever since upgrading to ES 6.2, there has been a problem bugging our team. Whenever we select one of the notable events in Incident Review dashboard, the screen would jump to the top. The workaround is to zoom out enough so all notable events show in one screen, but it is suboptimal. Our operator team now either spends lots of time scrolling, or risks selecting wrong notable event for processing. We have tried to provision a new standalone Splunk instance in our environment as a testing (Splunk 8.1.5 + ES6.2), but it is the same. I didn't seem to find anyone talking about this in the community and also no mentioning of this bug under known issues section in the release notes. Is there any fix for this apart from upgrading to ES 6.4?

Can I load balancing REST API searches to a search head cluster?

by in Splunk Dev
‎09-05-2021 06:16 PM
‎09-05-2021 06:16 PM
Splunkers, I have an external analytic engine that is currently making Splunk REST API calls to a specific search head in a search head cluster to pull data sets for analysis. It works great but I ... See more...
Splunkers, I have an external analytic engine that is currently making Splunk REST API calls to a specific search head in a search head cluster to pull data sets for analysis. It works great but I want to be able to load balance these REST calls across the search head cluster and each search requires a minimum of three REST calls to start the search, check the search status, and retrieve any available search results. I am sure I am not the first individual to require this functionality. Is this functionality already available in Splunk? Has anyone seen an open source implementation? Does a Phantom instance connect to a single Splunk search head? I don't want to degrade the user experience on a search head by having it dedicated to serving up data sets. Please advise... Thanks, Mark
Labels

Potential bug in TIME_FORMAT for Splunk Add-on for Sysmon v1.0.1

by SplunkTrust in All Apps and Add-ons
‎09-05-2021 05:45 PM
‎09-05-2021 05:45 PM
I believe that the TIME_FORMAT value for this add-on is incorrect - more specifically, I believe that the trailing percentage sign (%) at the end needs to be removed. Is someone who is more familiar... See more...
I believe that the TIME_FORMAT value for this add-on is incorrect - more specifically, I believe that the trailing percentage sign (%) at the end needs to be removed. Is someone who is more familiar with XML formatted Sysmon events able to confirm this?    

Renaming regex returned token values and passing old token value(before they were renamed) to a drilldown search query i

by in Splunk Search
‎09-05-2021 01:00 PM
‎09-05-2021 01:00 PM
I have a splunk query that finds top errors in the log using regular expression. I then display it as a bar chart:             someSearchQuery|rex "someTerm(?<error>)|stats count by error|sort -coun... See more...
I have a splunk query that finds top errors in the log using regular expression. I then display it as a bar chart:             someSearchQuery|rex "someTerm(?<error>)|stats count by error|sort -count | head 10 I want to use the values returned by the query in a drill down such that on click on barchart the drilldown displays result for that value the drilldown xml i used for setting token is this         <drilldown>             <set token="show_panel">true</set>             <set token="selected_value">$click.value$</set>        </drilldown> and then I use this token in the drilldown query as such someSearchQuery|rex "someTerm(?<error>)|search error=$selected_value$|timechart count by errorType span="1m"|addcoltotals|rename NULL as count These error name are too technical and i want to change them in the main panel and drilldown. for e.g. if regex returns error"ID not found", I want to replace it with "Data_error" also i want my title to change with the general name         <title>$$selected_value$</title> But the problem is when I change the name using eval, the drilldown query doesnot get the actual error name and search fails becuase there is no such error as "Data_error". the query needs "ID not found" to fucntion. Is there any way this can be achieved?Can I change the name of my searchTerm and at the same time use the old searchTerm in drilldown query as well?  
Labels

Shelly Energy Monitor EM3 access individual Values in MVFields

by in Splunk Search
‎09-05-2021 09:43 AM
‎09-05-2021 09:43 AM
Hi, im splunking a shelly EM3 Powermeter and get MV Values of the JSON status Rest API http://192.168.1.2/status  which works fine but im getting the Power, Current etc for 3 Phases as Multivalue F... See more...
Hi, im splunking a shelly EM3 Powermeter and get MV Values of the JSON status Rest API http://192.168.1.2/status  which works fine but im getting the Power, Current etc for 3 Phases as Multivalue Fields ..  how do i access or separate those individual Phases out of the MVFields ? Like to have simple fields PowerL1=-76.85  PowerL2=635.06 PowerL3=-16.91  or would it be better to fix that index time ?  Thanks  
Labels

Masking

by in Getting Data In
‎09-05-2021 09:05 AM
‎09-05-2021 09:05 AM
Hello SPlunkers!!   I want to mask below client secret event and for that i am using SEDCMD in props.conf. It is working fine in lab environment. But whenever i have used to deploy this changes in ... See more...
Hello SPlunkers!!   I want to mask below client secret event and for that i am using SEDCMD in props.conf. It is working fine in lab environment. But whenever i have used to deploy this changes in the production it is not working. Please guide me what i am doing wrong here9 Below i have used.( SEDCMD i am using in Props) SEDCMD-client-secret-1=s/client_secret=([A-Za-z0-9-.%#()_]+)/client_secret=********/g Below is my event: grant_type=client_credentials&client_id=dcqac926-6f0f-4784-bd5f-09fa13aeb73b&client_secret=.PM8o5kUF.R562yrqahj35_Lr6F%7   Thanks in advance

how to integrate xml file from ftp server to splunk

by in Getting Data In
‎09-05-2021 04:03 AM
‎09-05-2021 04:03 AM
Dear Members, Please go through my problem statement and suggest the solution how i can achieve this with Splunk tool.  Sorry, i am new too Splunk. Every 2 minutes, i receive updated xml file from ... See more...
Dear Members, Please go through my problem statement and suggest the solution how i can achieve this with Splunk tool.  Sorry, i am new too Splunk. Every 2 minutes, i receive updated xml file from our middleware server. This file will be uploaded on secure ftp server in particular path ex. /home/ftpuser/esbfile/XXXX.xml. Kindly suggest, how can this file will be monitored through Splunk tool.
Labels

Splunk Query Task

by in Splunk Search
‎09-05-2021 12:56 AM
‎09-05-2021 12:56 AM
I want Splunk query related to: 1. Firewalls availability 2. Endpoint protection availability For my own work, you can help with this Thank you Best Regards.
Labels

How to sort the counts of the sub-category items in the categories?

by in Splunk Search
‎09-04-2021 09:20 PM
‎09-04-2021 09:20 PM
Hi Splunkers, My event example is as follows.       fruit_type size --------------- apple big banana medium melon small banana small apple small apple small apple medium melon big mel... See more...
Hi Splunkers, My event example is as follows.       fruit_type size --------------- apple big banana medium melon small banana small apple small apple small apple medium melon big melon big melon big       My chart is as follows How to sort the counts of the sub-category(like size) items in the differ category(such as fruit_type) at once? Here is my unfinished search.       source="test.csv" sourcetype="csv" | chart count(size) by fruit_type, size       Thanks for any help.
Labels

How to Exclude Events on a Certain Day, within a Certain Time, and With a Specific User

by in Splunk Search
‎09-04-2021 07:50 PM
‎09-04-2021 07:50 PM
Greetings, I need to exclude events that happen every Saturday between 2 AM and 4AM only if they have a specific username. An authenticated scan runs that triggers a lot of logon attempts with a spe... See more...
Greetings, I need to exclude events that happen every Saturday between 2 AM and 4AM only if they have a specific username. An authenticated scan runs that triggers a lot of logon attempts with a specific user account during that time.  My search so far isn't working: index=[myindex] host=* sourcetype=linux_secure process=sshd ("tag::action"="success" OR "tag::action"="failure") | eval hour = tonumber(strftime(_time,"%H")) | eval dow = tonumber(strftime(_time,"%w")) | where (dow!=6 AND (hour!=2 OR hour!=3 OR hour!=4) AND user=[username]) However, as soon as I remove the username variable the search works fine.  Can anyone help me figure out what's wrong?  Thanks.
Labels

Field Extraction using Regex

by in Splunk Search
‎09-04-2021 10:24 AM
‎09-04-2021 10:24 AM
Hi There, In my logs, the specific field "Other Parameters" contains a lot of logs. I want it to extract the logs and make a separate field for the logs. Here I don' have access to Props & transfor... See more...
Hi There, In my logs, the specific field "Other Parameters" contains a lot of logs. I want it to extract the logs and make a separate field for the logs. Here I don' have access to Props & transforms. conf I want to do by field extraction. Please help here. I want new fields like - md5, pid, ppid, full_path, name,  Sample Logs in the "Other Parameter" field "Other Parameters":"payload={\"config_id\":5,\"config_rev_id\":13,\"finding\":{\"system_info\":{\"bits\":64,\"build_number\":\"19042\",\"os\":\"Microsoft Windows 10 Enterprise\",\"patch_level\":\"10.0.19042.0.0\",\"platform\":\"Windows\"}},\"intel_id\":209,\"match\":{\"contexts\":[{\"event\":{},\"process\":{\"uniqueEventId\":\"72057594037975619\",\"uniqueProcessId\":\"-7264562598978448809\"}},{\"event\":{},\"process\":{\"uniqueEventId\":\"72057594037975619\",\"uniqueProcessId\":\"-7264562598978448809\"}},{\"event\":{},\"process\":{\"uniqueEventId\":\"72057594037975619\",\"uniqueProcessId\":\"-7264562598978448809\"}}],\"hash\":2108229220,\"properties\":{\"args\":\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\regasm \\/codebase \\\"C:\\\\Windows\\\\SPEOFIPLAN\\\\Softland.CapitalHumano.Bridge.v701.dll\\\" \\/tlb:\\\"C:\\\\Windows\\\\SPEOFIPLAN\\\\Softland.CapitalHumano.Bridge.v701.tlb\\\"\",\"cwd\":null,\"file\":{\"fullpath\":\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\RegAsm.exe\",\"md5\":\"0d5df43af2916f47d00c1573797c1a13\",\"sha1\":null,\"sha256\":null,\"size\":null},\"name\":\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\RegAsm.exe\",\"parent\":{\"args\":\"\\\"C:\\\\WINDOWS\\\\System32\\\\cmd.exe\\\" \\/C \\\"C:\\\\Windows\\\\SPEOFIPLAN\\\\RegSCHv4.cmd\\\" \",\"cwd\":null,\"file\":{\"fullpath\":\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"md5\":\"8a2122e8162dbef04694b9c3e0b6cdee\",\"sha1\":null,\"sha256\":null,\"size\":null},\"name\":\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"parent\":{\"args\":\"C:\\\\WINDOWS\\\\Explorer.EXE\",\"cwd\":null,\"file\":{\"fullpath\":\"C:\\\\Windows\\\\explorer.exe\",\"md5\":\"5ea66ff5ae5612f921bc9da23bac95f7\",\"sha1\":null,\"sha256\":null,\"size\":null},\"name\":\"C:\\\\Windows\\\\explorer.exe\",\"parent\":{\"args\":\"C:\\\\Windows\\\\system32\\\\userinit.exe\",\"cwd\":null,\"file\":{\"fullpath\":\"C:\\\\Windows\\\\System32\\\\userinit.exe\",\"md5\":\"582a919ca5f944aa83895a5c633c122c\",\"sha1\":null,\"sha256\":null,\"size\":null},\"name\":\"C:\\\\Windows\\\\System32\\\\userinit.exe\",\"parent\":{\"args\":\"winlogon.exe\",\"cwd\":null,\"file\":{\"fullpath\":\"C:\\\\Windows\\\\System32\\\\winlogon.exe\",\"md5\":\"a987b43e6a8e8f894b98a3df022db518\",\"sha1\":null,\"sha256\":null,\"size\":null},\"name\":\"C:\\\\Windows\\\\System32\\\\winlogon.exe\",\"parent\":{\"args\":\"\\\\SystemRoot\\\\System32\\\\smss.exe 000000e4 00000084 \",\"cwd\":null,\"file\":{\"fullpath\":\"C:\\\\Windows\\\\System32\\\\smss.exe\",\"md5\":\"2c3f91bb4c0994a7b36ed0b6b14ec9c7\",\"sha1\":null,\"sha256\":null,\"size\":null},\"name\":\"C:\\\\Windows\\\\System32\\\\smss.exe\",\"parent\":{\"args\":\"\\\\SystemRoot\\\\System32\\\\smss.exe\",\"cwd\":null,\"file\":{\"fullpath\":\"C:\\\\Windows\\\\System32\\\\smss.exe\",\"md5\":\"2c3f91bb4c0994a7b36ed0b6b14ec9c7\",\"sha1\":null,\"sha256\":null,\"size\":null},\"name\":\"C:\\\\Windows\\\\System32\\\\smss.exe\",\"parent\":{\"args\":\"\",\"cwd\":null,\"file\":{\"fullpath\":\"System\",\"md5\":null,\"sha1\":null,\"sha256\":null,\"size\":null},\"name\":\"System\",\"parent\":{\"pid\":null},\"pid\":4,\"ppid\":null,\"recorder_table_id\":null,\"recorder_unique_id\":\"3510362775707909737\",\"start_time\":\"2021-09-04T15:50:24Z\",\"user\":\"NT AUTHORITY\\\\SYSTEM\"},\"pid\":456,\"ppid\":4,\"recorder_table_id\":null,\"recorder_unique_id\":\"-6091327008692918503\",\"start_time\":\"2021-09-04T15:50:26Z\",\"user\":\"NT AUTHORITY\\\\SYSTEM\"},\"pid\":9032,\"ppid\":456,\"recorder_table_id\":null,\"recorder_unique_id\":\"-2820547760412538774\",\"start_time\":\"2021-09-04T15:58:34Z\",\"user\":\"NT AUTHORITY\\\\SYSTEM\"},\"pid\":14432,\"ppid\":9032,\"recorder_table_id\":null,\"recorder_unique_id\":\"4059013987027248497\",\"start_time\":\"2021-09-04T15:58:34Z\",\"user\":\"NT AUTHORITY\\\\SYSTEM\"},\"pid\":12896,\"ppid\":14432,\"recorder_table_id\":null,\"recorder_unique_id\":\"7583898902682956175\",\"start_time\":\"2021-09-04T15:59:19Z\",\"user\":\"Weir\\\\221924\"},\"pid\":1772,\"ppid\":12896,\"recorder_table_id\":null,\"recorder_unique_id\":\"5896339469594690517\",\"start_time\":\"2021-09-04T15:59:20Z\",\"user\":\"Weir\\\\221924\"},\"pid\":2032,\"ppid\":1772,\"recorder_table_id\":null,\"recorder_unique_id\":\"-594781336782834181\",\"start_time\":\"2021-09-04T17:03:14Z\",\"user\":\"Weir\\\\123121q\"},\"pid\":15172,\"ppid\":2032,\"recorder_table_id\":null,\"recorder_unique_id\":\"-7264562598978448809\",\"start_time\":\"2021-09-04T17:03:14Z\",\"user\":\"Weir\\\\123121q\"},\"source\":\"signals\",\"type\":\"process\",\"version\":1},\"service_id\":\"b909f782-b0ed-4979-aa9e-ee6fbe4ba5b2\"}"} Show syntax highlighted  
Labels

Why is the health status of IOWait red?

by in Splunk Enterprise
‎09-04-2021 04:33 AM
‎09-04-2021 04:33 AM
After I successfully installed Splunk Enterprise and I'd added some data I tried to do some searching, but there was an issue with searching, and the intended result doesn't appear at all. I think th... See more...
After I successfully installed Splunk Enterprise and I'd added some data I tried to do some searching, but there was an issue with searching, and the intended result doesn't appear at all. I think this is due to the red health status for IOWait as shown below, so how could solve this issue?
Labels

Convert UTC time to EPOCH

by in Splunk Search
‎09-04-2021 01:40 AM
‎09-04-2021 01:40 AM
Hi Team,   I am finding a way to convert UTC to EPOCH   and vice versa for my search query   Sample is here -> date: 2021-09-04 08:25:56 UTC

How to update an existing threat intel collection row on splunk ESS portal?

by in Splunk Enterprise Security
‎09-03-2021 04:11 PM
‎09-03-2021 04:11 PM
I can CRUD threat intel collection rows with ESS REST API(such as /services/data/threat_intel/item/ip_intel), and I can see those rows at Security Intelligence->Threat Intelligence->Threat Artifacts.... See more...
I can CRUD threat intel collection rows with ESS REST API(such as /services/data/threat_intel/item/ip_intel), and I can see those rows at Security Intelligence->Threat Intelligence->Threat Artifacts.      May I know how I can do the same job on Splunk ESS portal? As I can only update local lookup files via Configure > Content > Content Management, and insert a row above/below, but it looks different from what I do with REST API, and I cannot get the rows I added with API there.    Besides, I cannot find the row I inserted to local lookup file at Security Intelligence->Threat Intelligence->Threat Artifacts. May I know if I missed something during configuration or there is elsewhere on ESS portal that I can update threat intel rows? Thanks  
Labels

Field Extraction from SQL Coded Events

by in Splunk Search
‎09-03-2021 02:48 PM
‎09-03-2021 02:48 PM
Hello, I have some issues to extract fields from this SQL coded events. Is there any way we can perform field extraction on these events?  Two sample events are given below. Thank you so much, any h... See more...
Hello, I have some issues to extract fields from this SQL coded events. Is there any way we can perform field extraction on these events?  Two sample events are given below. Thank you so much, any help will be highly appreciated.   Q17CNB_L_0__20210630-235755_5828.html@^@^2021/06/30@^@^23:57:55@^@^ Q17CNB @^@^select "a"."basetin","w2nonus","w2maxdistoff","ssanonus","ssamaxdistoff","f1099rnonus","f1099rmaxdistoff","f1099miscnonus","f1099miscmaxdistoff","f1099gnonus","f1099gmaxdistoff","f1099intnonus","f1099intmaxdistoff","f1099oidnonus","f1099oidmaxdistoff","f1041k1nonus","f1041k1maxdistoff","f1065k1nonus","f1065k1maxdistoff","wages_w2","allocated_tips_w2","medicare_wages_w2","taxable_fica_tips_w2","WITHHLDG_w2","pens_annties_f1099_ssa_rrb","withhldg_f1099_ssa_rrb","gross_distrib_f1099r","taxable_amt_f1099r","WITHHLDG_f1099r","non_emp_compensation_f1099misc","othincome_f1099misc","rents_f1099misc","royalties_f1099misc","crop_insurance_f1099misc","WITHHLDG_f1099misc","taxbl_grant_f1099g","UNEMP_COMP_f1099g","prior_refnd_f1099g","agr_subsds_f1099g","atta_pymnt_f1099g","WITHHLDG_f1099g","interest_f1099int","savings_bonds_f1099int","WITHHLDG_f1099int","interest_f1099oid","withhldg_f1099oid","interest_f1041_k1","bus_inc_f1041_k1","net_rental_f1041_k1","oth_prtflo_f1041_k1","oth_rental_f1041_k1","interest_f1065_k1","guarpaymt_f1065_k1","ord_inc_f1065_k1","othrental_f1065_k1","realestate_f1065_k1","royalties_f1065_k1","section179_f1065_k1" into #TEMP9 from(select "basetin","w2nonus","w2maxdistoff","ssanonus","ssamaxdistoff","f1099rnonus","f1099rmaxdistoff","f1099miscnonus","f1099miscmaxdistoff","f1099gnonus","f1099gmaxdistoff","f1099intnonus","f1099intmaxdistoff","f1099oidnonus","f1099oidmaxdistoff","f1041k1nonus","f1041k1maxdistoff","wages_w2","allocated_tips_w2","medicare_wages_w2","taxable_fica_tips_w2","WITHHLDG_w2","pens_annties_f1099_ssa_rrb","withhldg_f1099_ssa_rrb","gross_distrib_f1099r","taxable_amt_f1099r","WITHHLDG_f1099r","non_emp_compensation_f1099misc","othincome_f1099misc","rents_f1099misc","royalties_f1099misc","crop_insurance_f1099misc","WITHHLDG_f1099misc","taxbl_grant_f1099g","UNEMP_COMP_f1099g","prior_refnd_f1099g","agr_subsds_f1099g","atta_pymnt_f1099g","WITHHLDG_f1099g","interest_f1099int","savings_bonds_f1099int","WITHHLDG_f1099int","interest_f1099oid","withhldg_f1099oid","interest_f1041_k1","bus_inc_f1041_k1","net_rental_f1041_k1","oth_prtflo_f1041_k1","oth_rental_f1041_k1" from #TEMP8) as "A" left outer join(select "tin","min"(case when "f1065k1nonus" = 1 then 1 else 0 end) as "f1065k1nonus","max"(case when "f1065k1maxdistoff" = 1 then 1 when "f1065k1maxdistoff" = 2 then 2 when "f1065k1maxdistoff" = 3 then 3 when "f1065k1maxdistoff" = 4 then 4 when "f1065k1maxdistoff" = 5 then 5 else 0 end) as "f1065k1maxdistoff","sum"("interest_f1065_k1") as "interest_f1065_k1","sum"("guarpaymt_f1065_k1") as "guarpaymt_f1065_k1","sum"("ord_inc_f1065_k1") as "ord_inc_f1065_k1","sum"("othrental_f1065_k1") as "othrental_f1065_k1","sum"("realestate_f1065_k1") as "realestate_f1065_k1","sum"("royalties_f1065_k1") as "royalties_f1065_k1","sum"("section179_f1065_k1") as "section179_f1065_k1" from #TEMP9a group by "tin") as "B" on "a"."basetin" = "b"."tin"@^@^D7CNB.#TEMP9|Temp D7CNB.#TEMP8 AS A|Temp  Q17CNB.#TEMP9A@^@^ N17CNB_L_0__20210630-235521_5826.html@^@^2021/06/30@^@^23:55:21@^@^ N17CNB @^@^select "a"."basetin","w2nonus","w2maxdistoff","ssanonus","ssamaxdistoff","f1099rnonus","f1099rmaxdistoff","f1099miscnonus","f1099miscmaxdistoff","f1099gnonus","f1099gmaxdistoff","f1099intnonus","f1099intmaxdistoff","f1099oidnonus","f1099oidmaxdistoff","f1041k1nonus","f1041k1maxdistoff","wages_w2","allocated_tips_w2","medicare_wages_w2","taxable_fica_tips_w2","WITHHLDG_w2","pens_annties_f1099_ssa_rrb","withhldg_f1099_ssa_rrb","gross_distrib_f1099r","taxable_amt_f1099r","WITHHLDG_f1099r","non_emp_compensation_f1099misc","othincome_f1099misc","rents_f1099misc","royalties_f1099misc","crop_insurance_f1099misc","WITHHLDG_f1099misc","taxbl_grant_f1099g","UNEMP_COMP_f1099g","prior_refnd_f1099g","agr_subsds_f1099g","atta_pymnt_f1099g","WITHHLDG_f1099g","interest_f1099int","savings_bonds_f1099int","WITHHLDG_f1099int","interest_f1099oid","withhldg_f1099oid","interest_f1041_k1","bus_inc_f1041_k1","net_rental_f1041_k1","oth_prtflo_f1041_k1","oth_rental_f1041_k1" into #TEMP8 from(select "basetin","w2nonus","w2maxdistoff","ssanonus","ssamaxdistoff","f1099rnonus","f1099rmaxdistoff","f1099miscnonus","f1099miscmaxdistoff","f1099gnonus","f1099gmaxdistoff","f1099intnonus","f1099intmaxdistoff","f1099oidnonus","f1099oidmaxdistoff","wages_w2","allocated_tips_w2","medicare_wages_w2","taxable_fica_tips_w2","WITHHLDG_w2","pens_annties_f1099_ssa_rrb","withhldg_f1099_ssa_rrb","gross_distrib_f1099r","taxable_amt_f1099r","WITHHLDG_f1099r","non_emp_compensation_f1099misc","othincome_f1099misc","rents_f1099misc","royalties_f1099misc","crop_insurance_f1099misc","WITHHLDG_f1099misc","taxbl_grant_f1099g","UNEMP_COMP_f1099g","prior_refnd_f1099g","agr_subsds_f1099g","atta_pymnt_f1099g","WITHHLDG_f1099g","interest_f1099int","savings_bonds_f1099int","WITHHLDG_f1099int","interest_f1099oid","withhldg_f1099oid" from #TEMP7) as "A" left outer join(select "tin","min"(case when "f1041k1nonus" = 1 then 1 else 0 end) as "f1041k1nonus","max"(case when "f1041k1maxdistoff" = 1 then 1 when "f1041k1maxdistoff" = 2 then 2 when "f1041k1maxdistoff" = 3 then 3 when "f1041k1maxdistoff" = 4 then 4 when "f1041k1maxdistoff" = 5 then 5 else 0 end) as "f1041k1maxdistoff","sum"("interest_f1041_k1") as "interest_f1041_k1","sum"("bus_inc_f1041_k1") as "bus_inc_f1041_k1","sum"("net_rental_f1041_k1") as "net_rental_f1041_k1","sum"("oth_prtflo_f1041_k1") as "oth_prtflo_f1041_k1","sum"("oth_rental_f1041_k1") as "oth_rental_f1041_k1" from #TEMP8A group by "tin") as "B" on "a"."basetin" = "b"."tin"@^@^D7CNB.#TEMP8|Temp D7CNB.#TEMP7 AS A|Temp  N17CNB.#TEMP8A@^@^      
Labels

How to include custom jquery in app folder

by in Splunk Dev
‎09-03-2021 12:05 PM
‎09-03-2021 12:05 PM
There is a requirement to update jquery on all custom apps and I just have a simple js file in /app/appserver/static/  that allows me to have tabs on my dashboards but now they're all broken because ... See more...
There is a requirement to update jquery on all custom apps and I just have a simple js file in /app/appserver/static/  that allows me to have tabs on my dashboards but now they're all broken because splunk only supports jquery 3.5 or above now.  So I opened a ticket and they told me to update jquery for my app.  Well I think the solution is to update jqeury on the server so when I use:     require(['jquery','underscore','splunkjs/mvc', 'bootstrap.tab', 'splunkjs/mvc/simplexml/ready!'], function($, _, mvc){blah blah blah       it will pull the updated jquery from the servers.  However I can't do that because I'm on splunk cloud and can't update the jquery library on the server. So my question is how do I bundle a jquery.js file in my app, place it in the bin folder (or some other folder) and reference it in my require statement so that I can use an updated library?
Labels

Global Account Settings

by in All Apps and Add-ons
‎09-03-2021 10:31 AM
‎09-03-2021 10:31 AM
How can I add new fields and/or rename existing fields to Global Account Settings which currently by default just have username/password inputs ? Something like client id, client secret etc.    ... See more...
How can I add new fields and/or rename existing fields to Global Account Settings which currently by default just have username/password inputs ? Something like client id, client secret etc.     I cannot add password/client secret as data input parameter as they get stored in plain text when add via system user interface(settings->data input)   I cannot make them global parameter either as we need to support multiple environment with each having different set of data. Any help would be appreciated.

Splunk add-on builder error - v4.0.0

by in All Apps and Add-ons
‎09-03-2021 10:30 AM
‎09-03-2021 10:30 AM
Getting following error when installing Splunk Enterprise v8.2.2 and Splunk Add-on-builder 4.0.0 Any idea what must be going on? Unable to initialize modular input "validation_mi" defined in the ap... See more...
Getting following error when installing Splunk Enterprise v8.2.2 and Splunk Add-on-builder 4.0.0 Any idea what must be going on? Unable to initialize modular input "validation_mi" defined in the app "splunk_app_addon-builder": Introspecting scheme=validation_mi: script running failed (exited with code 1)..   File Integrity checks found 1 files that did not match the system-provided manifest. Review the list of problems reported by the InstalledFileHashChecker in splunkd.log File Integrity Check View ; potentially restore files from installation media, change practices to avoid changing files, or work with support to identify the problem. Learn more.      
Labels