All Topics

Top

All Topics

    Hi, I have seen the dashboard which is running in Splunk but available publicly. https://covid-19.splunkforgood.com/coronavirus__covid_19_ I got the app and its source codes from... See more...
    Hi, I have seen the dashboard which is running in Splunk but available publicly. https://covid-19.splunkforgood.com/coronavirus__covid_19_ I got the app and its source codes from the github. https://github.com/splunk/corona_virus I would like to on how the dashboard is available publicly and how the searches are running when we run this dashboard. Because it does need the authentication to view the dashboard and what happens when lot of people run this dashboard at the same time.    Or is it manually updated via Iframe embedded Reports?   Thanks   Joe
Hi I would like to create a dashboard that has more than one chart, and also be able to decide where each chart goes, how can I do that? I can create a dashboard for a chart fine, struggling to unde... See more...
Hi I would like to create a dashboard that has more than one chart, and also be able to decide where each chart goes, how can I do that? I can create a dashboard for a chart fine, struggling to understand how to have more than one chart per dashboard.
Hi New to Splunk and learning how to create a simple dashboard. What I'd like to see is status=403 or status=200 over time So i've created this search here: index=main sourcetype="access_combined_... See more...
Hi New to Splunk and learning how to create a simple dashboard. What I'd like to see is status=403 or status=200 over time So i've created this search here: index=main sourcetype="access_combined_wcookie" status=403 OR status=200 | timechart span=1h count  Then I hit visualise. Question is, how do I differentiate between 403 and 200, they seem to be amalgamated. Is there a way to colour code them differently?  
I try to fill in the registration form below in order to get a Splunk ID and try to be certified. https://www.splunk.com/en_us/training/pearson-vue-registration-form.html I am a free user using a g... See more...
I try to fill in the registration form below in order to get a Splunk ID and try to be certified. https://www.splunk.com/en_us/training/pearson-vue-registration-form.html I am a free user using a gmail non-corporate account. Although all fields seem to be completed correctly (all green), the "submit information" button does not become active in order to click and proceed. No errors regarding my info. Just never becomes active (already tried from different browsers/devices)    
Hi Splunkers! I have a problem with line breaking in Splunk add-on F5-bigip. I've tried some regex to break the line correctly but I'm not successful. First of all for simplicity I changed my outpu... See more...
Hi Splunkers! I have a problem with line breaking in Splunk add-on F5-bigip. I've tried some regex to break the line correctly but I'm not successful. First of all for simplicity I changed my outputs.conf in Heavy Forwarder. outputs.conf   [indexAndForward] index = true     In fact the   indexing is false on this node and this HF forward data to my indexer cluster and I also have search head cluster. But as I mentioned just for simplicity I turned mu indexing to true in this HF. Then I used these regexes to break the lines   props.conf   [f5:bigip:syslog] # LINE_BREAKER = ^()\w{3}\s\d{2}\s\d{2}:\d{2}:\d{2} # LINE_BREAKER = ^\w{3}\s\d*\s\d{2}\W\d{2}\W\d{2} LINE_BREAKER = ([\r\n]+)\w{3}\s\d+\s\d{2}\W\d{2}\W\d{2} # LINE_BREAKER = ([\r\n]+) # LINE_BREAKER = \n MAX_TIMESTAMP_LOOKAHEAD = 16 # ADD_EXTRA_TIME_FIELDS = subseconds NO_BINARY_CHECK = true # EVENT_BREAKER_ENABLE = false # TIME_FORMAT = %b %d %H:%M:%S TIME_PREFIX = SHOULD_LINEMERGE = false TRUNCATE = 1000000     This is some of my data that I can't break the line correctly.     Sep 18 19:12:27 192.168.1.1 Sep 18 14:42:27 F5-LTM-3.company.local info logger[25169]: [ssl_req][18/Sep/2021:14:42:27 +0000] 1.1.1.1 TLSv1.2 ECDHE-RSA-AES128-SHA "/mgmt/shared/inflate/available" 2 Sep 18 19:12:28 192.168.1.1 Sep 18 14:42:28 F5-LTM-3.company.local ASM:unit_hostname="F5-LTM-3.company.local",management_ip_address="192.168.1.1",management_ip_address_2="",http_class_name="/Common/Online",web_application_name="/Common/Online",policy_name="/Common/Online",policy_apply_date="2021-08-26 10:13:52",violations="Illegal redUSection attempt",support_id="13616148673914804247",request_status="alerted",response_code="302",ip_client="1.1.1.1",route_domain="0",method="GET",protocol="HTTP",query_string="",x_forwarded_for_header_value="1.1.1.1",sig_ids="",sig_names="",date_time="2021-09-18 14:42:28",severity="Error",attack_type="Other Application Activity",geo_location="US",ip_address_intelligence="N/A",username="N/A",session_id="0",src_port="44180",dest_port="80",dest_ip="1.1.1.1",sub_violations="",vUSus_name="N/A",violation_rating="3",websocket_dUSection="N/A",websocket_message_type="N/A",device_id="N/A",staged_sig_ids="",staged_sig_names="",threat_campaign_names="",staged_threat_campaign_names="",blocking_exception_reason="N/A",captcha_result="not_received",microservice="",vs_name="/Common/OnlineShared3-HTTP",uri="/account/login",fragment="",request="GET /Account/Login HTTP/1.1\r\nConnection: keep-alive\r\nHost: example.com\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.8,en-US;q=0.5,en;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: Mozilla/5.0 (Android 7.0; Mobile; rv:68.0) Gecko/68.0 FUSefox/68.0\r\nUpgrade-Insecure-Requests: 1\r\nX-Forwarded-For: 1.1.1.1\r\n\r\n",response="Response logging disabled" Sep 18 19:12:28 192.168.1.1 Sep 18 14:42:28 F5-LTM-3.company.local ASM:unit_hostname="F5-LTM-3.company.local",management_ip_address="192.168.1.1",management_ip_address_2="",http_class_name="/Common/Online",web_application_name="/Common/Online",policy_name="/Common/Online",policy_apply_date="2021-08-26 10:13:52",violations="Illegal redUSection attempt",support_id="13616148673951684370",request_status="alerted",response_code="302",ip_client="1.1.1.1",route_domain="0",method="GET",protocol="HTTP",query_string="",x_forwarded_for_header_value="1.1.1.1",sig_ids="",sig_names="",date_time="2021-09-18 14:42:28",severity="Error",attack_type="Other Application Activity",geo_location="US",ip_address_intelligence="N/A",username="N/A",session_id="0",src_port="19338",dest_port="80",dest_ip="1.1.1.1",sub_violations="",vUSus_name="N/A",violation_rating="3",websocket_dUSection="N/A",websocket_message_type="N/A",device_id="N/A",staged_sig_ids="",staged_sig_names="",threat_campaign_names="",staged_threat_campaign_names="",blocking_exception_reason="N/A",captcha_result="not_received",microservice="",vs_name="/Common/OnlineShared3-HTTP",uri="/account/login",fragment="",request="GET //Account/Login HTTP/1.1\r\nHost: example.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 FUSefox/92.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nCookie: GuidedTourVersion=1; SiteVersion=3.7.6; __utma=226054936.2062308401.1625890970.1631960683.1631966584.238; __utmz=226054936.1625890970.1.1.utmcsr=(dUSect)|utmccn=(dUSect)|utmcmd=(none); crisp-client%2Fsession%2Fbb1636a8-4b45-4fbb-971e-d5e50e2a1e1f=session_230233c6-895e-42d0-b257-4ae4c1903150; _hjid=b846f33d-e2e6-4c9a-a757-f9ab405b0193; Token=6abe8980-5856-4d6f-b05a-2915b970983e; lastmessage-6=87696; lastmessage-4=1; lastmessage-2=undefined; text0_1567617252=true; text0_496056564=true; .ASPXAUTH=4A5473E3674D47ED86E8EA52D6A4613C2F30F1D31A41DF7F8BEDBAB120DE5ACEB8E3DD46D71 Sep 18 19:12:29 192.168.1.1 Sep 18 14:42:29 F5-LTM-3.company.local ASM:unit_hostname="F5-LTM-3.company.local",management_ip_address="192.168.1.1",management_ip_address_2="",http_class_name="/Common/Online",web_application_name="/Common/Online",policy_name="/Common/Online",policy_apply_date="2021-08-26 10:13:52",violations="Illegal redUSection attempt",support_id="13616148673926887289",request_status="alerted",response_code="302",ip_client="1.1.1.1",route_domain="0",method="GET",protocol="HTTP",query_string="",x_forwarded_for_header_value="1.1.1.1",sig_ids="",sig_names="",date_time="2021-09-18 14:42:29",severity="Error",attack_type="Other Application Activity",geo_location="US",ip_address_intelligence="N/A",username="N/A",session_id="0",src_port="46453",dest_port="80",dest_ip="1.1.1.1",sub_violations="",vUSus_name="N/A",violation_rating="3",websocket_dUSection="N/A",websocket_message_type="N/A",device_id="N/A",staged_sig_ids="",staged_sig_names="",threat_campaign_names="",staged_threat_campaign_names="",blocking_exception_reason="N/A",captcha_result="not_received",microservice="",vs_name="/Common/OnlineShared3-HTTP",uri="/account/login",fragment="",request="GET //Account/login HTTP/1.1\r\nHost: example.com\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nUser-Agent: Mozilla/5.0 (Linux; Android 7.1.1; SM-J510F Build/NMF26X; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/64.0.3282.137 Mobile Saenri/537.36 AgentWeb/4.1.3 UCBrowser/1.1.1.1\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\r\nAccept-Encoding: gzip, deflate\r\nAccept-Language: en,en-US;q=0.9,en-GB;q=0.8,en-US;q=0.7\r\nX-Requested-With: com.sefryekcompany.mobiletradingpro\r\nX-Forwarded-For: 1.1.1.1\r\n\r\n",response="Response logging disabled" Sep 18 19:12:29 192.168.1.1 Sep 18 14:42:29 F5-LTM-3.company.local ASM:unit_hostname="F5-LTM-3.company.local",management_ip_address="192.168.1.1",management_ip_address_2="",http_class_name="/Common/Online",web_application_name="/Common/Online",policy_name="/Common/Online",policy_apply_date="2021-08-26 10:13:52",violations="Illegal redUSection attempt",support_id="13616148673919202912",request_status="alerted",response_code="301",ip_client="1.1.1.1",route_domain="0",method="GET",protocol="HTTPS",query_string="37419741",x_forwarded_for_header_value="1.1.1.1",sig_ids="",sig_names="",date_time="2021-09-18 14:42:29",severity="Error",attack_type="Other Application Activity",geo_location="US",ip_address_intelligence="N/A",username="N/A",session_id="f8689163755118a6",src_port="44760",dest_port="443",dest_ip="1.1.1.1",sub_violations="",vUSus_name="N/A",violation_rating="3",websocket_dUSection="N/A",websocket_message_type="N/A",device_id="N/A",staged_sig_ids="",staged_sig_names="",threat_campaign_names="",staged_threat_campaign_names="",blocking_exception_reason="N/A",captcha_result="not_received",microservice="",vs_name="/Common/OnlineShared1-HTTPS",uri="/serviceworker.js",fragment="",request="GET /serviceworker.js?37419741 HTTP/1.1\r\nHost: example.com\r\nConnection: keep-alive\r\nCache-Control: max-age=0\r\nAccept: */*\r\nSave-Data: on\r\nService-Worker: script\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Dest: serviceworker\r\nReferer: https://mobile.bmibourse.com/serviceworker.js?37419741\r\nUser-Agent: Mozilla/5.0 (Linux; Android 10; SM-A207F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Saenri/537.36\r\nAccept-Encoding: gzip, deflate, br\r\nAccept-Language: en-US,en;q=0.9,en-US;q=0.8,en;q=0.7\r\nCookie: basket-warning-readed=1; basket-option-visited=true; tag-market-map-visited=true; index-technical-visited=true; stock-technical-visited=true; AppVersion=1.1.2; TS01e42c80=0180bb6f222b77a4b3dd30e3eddfc570acb1a0674cc23f80304088a610b57e5e43c686eb7415c18bc949724b74a1f77b7746en6cd8\r\nX-Forwarded-For: 5.116.208 Sep 18 19:12:29 192.168.1.1 Sep 18 14:42:29 F5-LTM-3.company.local ASM:unit_hostname="F5-LTM-3.company.local",management_ip_address="192.168.1.1",management_ip_address_2="",http_class_name="/Common/Online",web_application_name="/Common/Online",policy_name="/Common/Online",policy_apply_date="2021-08-26 10:13:52",violations="Illegal redUSection attempt",support_id="13616148673963109971",request_status="alerted",response_code="301",ip_client="1.1.1.1",route_domain="0",method="GET",protocol="HTTPS",query_string="37418741",x_forwarded_for_header_value="1.1.1.1",sig_ids="",sig_names="",date_time="2021-09-18 14:42:29",severity="Error",attack_type="Other Application Activity",geo_location="US",ip_address_intelligence="N/A",username="N/A",session_id="80b2664635b96eeb",src_port="41628",dest_port="443",dest_ip="1.1.1.1",sub_violations="",vUSus_name="N/A",violation_rating="3",websocket_dUSection="N/A",websocket_message_type="N/A",device_id="N/A",staged_sig_ids="",staged_sig_names="",threat_campaign_names="",staged_threat_campaign_names="",blocking_exception_reason="N/A",captcha_result="not_received",microservice="",vs_name="/Common/OnlineShared3-HTTPS",uri="/serviceworker.js",fragment="",request="GET /serviceworker.js?37418741 HTTP/1.1\r\nHost: example.com\r\nUser-Agent: Mozilla/5.0 (Android 7.0; Mobile; rv:68.0) Gecko/68.0 FUSefox/68.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.8,en-US;q=0.5,en;q=0.3\r\nAccept-Encoding: gzip, deflate, br\r\nService-Worker: script\r\nConnection: keep-alive\r\nCookie: _ga=GA1.2.1098137509.1594471619; basket-warning-readed=1; basket-option-visited=true; AppVersion=1.1.2; index-technical-visited=true; tag-market-map-visited=true\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nX-Forwarded-For: 1.1.1.1\r\nSSLcompany: 1\r\n\r\n",response="Response logging disabled" Sep 18 19:12:29 192.168.1.1 Sep 18 14:42:29 F5-LTM-3.company.local ASM:unit_hostname="F5-LTM-3.company.local",management_ip_address="192.168.1.1",management_ip_address_2="",http_class_name="/Common/Online",web_application_name="/Common/Online",policy_name="/Common/Online",policy_apply_date="2021-08-26 10:13:52",violations="Illegal redUSection attempt",support_id="13616148673952377578",request_status="alerted",response_code="301",ip_client="1.1.1.1",route_domain="0",method="GET",protocol="HTTPS",query_string="37418741",x_forwarded_for_header_value="1.1.1.1",sig_ids="",sig_names="",date_time="2021-09-18 14:42:29",severity="Error",attack_type="Other Application Activity",geo_location="US",ip_address_intelligence="N/A",username="N/A",session_id="3915b37e523c6d41",src_port="55434",dest_port="443",dest_ip="1.1.1.1",sub_violations="",vUSus_name="N/A",violation_rating="3",websocket_dUSection="N/A",websocket_message_type="N/A",device_id="N/A",staged_sig_ids="",staged_sig_names="",threat_campaign_names="",staged_threat_campaign_names="",blocking_exception_reason="N/A",captcha_result="not_received",microservice="",vs_name="/Common/OnlineShared2-HTTPS",uri="/serviceworker.js",fragment="",request="GET /serviceworker.js?37418741 HTTP/1.1\r\nHost: example.com\r\nConnection: keep-alive\r\nCache-Control: max-age=0\r\nAccept: */*\r\nService-Worker: script\r\nX-Requested-With: com.sefryekcompany.mobiletradingpro\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Dest: serviceworker\r\nReferer: https://mobile.mobinsb.com/serviceworker.js?37418741\r\nUser-Agent: Mozilla/5.0 (Linux; Android 10; SM-A600G Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/81.0.4044.138 Mobile Saenri/537.36\r\nAccept-Encoding: gzip, deflate\r\nAccept-Language: en-US,en;q=0.9,en-CA;q=0.8,en-US;q=0.7,en;q=0.6\r\nCookie: companyRLCUrl=////////////////////////////////////core.companyrlc.com/; companyRLApiUrl=//rlcchartapi.companyrlc.com/; BrokerId=777; ThemeName=MobinSarmayeh; DisabledModules=changebroker; PushSubDomainName=push2v7.company.co      Thanks in advance
I'm new to Splunk. I've got a Search that works fine in the Search screen and correctly generates a bar chart. index="production" source="s3://hydrow-android-logs-input-queue-prod/console/*" logWor... See more...
I'm new to Splunk. I've got a Search that works fine in the Search screen and correctly generates a bar chart. index="production" source="s3://hydrow-android-logs-input-queue-prod/console/*" logWorkoutEndDebugStats releaseStage="production" | rename workoutEndInfo.videoRestartStats.videoStopped as videoStops | stats count by buildNumber, videoStops | eventstats sum(count) as itemTotal by buildNumber | eval percentage=round((count / itemTotal) * 100 , 1 ) | search videoStops = true | chart values(percentage) over buildNumber by videoStops   Error when rendering as chart on a dashboard:     When I Save it to a dashboard or create a new chart on the dashboard and enter the search as the datasource, I get the error below.  if I change the visualization from a chart to a table, then the table renders fine.  There's no indication of why the visualization works fine on the Search page, but not the dashboard.   Any suggestions on how to debug this would be very welcome!    
Hi  Could someone help to let me know how to display fields stating "file is missing" in Splunk DB query output when no output is expected Currently the below query returns- | dbxquery query=" s... See more...
Hi  Could someone help to let me know how to display fields stating "file is missing" in Splunk DB query output when no output is expected Currently the below query returns- | dbxquery query=" select * from ............................ ;" connection="to_connect" > No results found Expected output- file missing   file missing    file missing (if possible ...different texts in different columns, not sure if eval/fillnull command can be used here)
I was looking at installing https://splunkbase.splunk.com/app/3075/ in Splunkcloud. The documentation here -> https://training.threatconnect.com/learn/article/threatconnect-application-for-splunk-use... See more...
I was looking at installing https://splunkbase.splunk.com/app/3075/ in Splunkcloud. The documentation here -> https://training.threatconnect.com/learn/article/threatconnect-application-for-splunk-user-guide-kb-... does not specify if it needs to be installed on IDM or can be installed on SH. I went ahead and installed on my ES SH and configured the app, but now the logs are coming into lastchanceindex. Has anyone installed this in splunkcloud and got this working?
Hello, I want to find the 7 days rolling sum as per the attached sample data. For example in the attached sample data, 7d_rolling_count for 18 Sep should be the sum of previous 7 today_count counts ... See more...
Hello, I want to find the 7 days rolling sum as per the attached sample data. For example in the attached sample data, 7d_rolling_count for 18 Sep should be the sum of previous 7 today_count counts (i.e. from 17 Sep to 11 Sep ) and 7d_rolling_count for 17 Sep should be the sum of previous 7 days today_count (i.e. from 16 Sep to 10 Sep and so on. I am only concerned to calculate the rolling average till first 8 days (i.e till 11 Sep).  Thanks for your time in advance.
Hi there, I am building a Synology Splunk TA to share with the community. In the logs, file sizes can be presented in many different units:   1.72 KB 2.35 KB 0 Bytes 75.08 KB 243.00 KB 18.62 MB 26... See more...
Hi there, I am building a Synology Splunk TA to share with the community. In the logs, file sizes can be presented in many different units:   1.72 KB 2.35 KB 0 Bytes 75.08 KB 243.00 KB 18.62 MB 261.62 KB 48.60 GB     I've been stuck trying to convert all of these values to bytes. This post was really helpful in using regex and eval statements, but does not consider the added complexity of have decimal places. Any assistance is appreciated and will be credited in the App.
Hi In my app there are 2 payment processor, netconnect(backup) and sourcejet(primary), where is netconnect is the backup processor. I have created a report query which pulls the refund data from the... See more...
Hi In my app there are 2 payment processor, netconnect(backup) and sourcejet(primary), where is netconnect is the backup processor. I have created a report query which pulls the refund data from the logs given below log: <myapp.com.sys.BillingLogger.logResponse(?:?):stage=final; type=payment; service=PaymentCollect; processor=netconnect; method=refund; itemType=F; status=failed; latency=602; payMode=Card; CardType=visa; bookingId=91113274385; error='Decline - Generic Error. No other information provided'> The query used is as below: stage=final type=payment processor=netconnect method=refund status=failed bookingId=* paymentMode=* | stats count by bookingId Output: bookingId Count 91113274385 1 91111234567 1 91114567890 1   Now the issue here is in certain scenario system makes a retry using the backup net connect processor. This happens when the first call for refund to sourcejet failed due to a system error. Netconnect log: <myapp.com.sys.BillingLogger.logResponse(?:?):stage=final; type=payment; service=PaymentCollect; processor=sourcejet; method=refund; itemType=F; status=failed; latency=602; payMode=Card; CardType=visa; bookingId=91113274385; error='Decline - Generic Error. No other information provided'> Sourcejet log: <myapp.com.sys.BillingLogger.logResponse(?:?):stage=final; type=payment; service=PaymentCollect; processor=sourcejet; method=refund; itemType=F; status=failed; latency=602; payMode=Card; CardType=visa; bookingId=91113274385; error='Decline - Generic Error. No other information provided'> If there is a way to eliminate the sourcejet failures using net connect for backup
Hi, Due to come compliance issue, there is a need to search for logs from 10pm to the following day 10am. This has to be a daily affair.  Can someone please show me how this is done? Thank You
Anyone have a good method for doing substring matches where field1 is my searched field and field2 is my substring I want to search for? Attempted to use the following logic without any luck and runn... See more...
Anyone have a good method for doing substring matches where field1 is my searched field and field2 is my substring I want to search for? Attempted to use the following logic without any luck and running low on ideas.   | eval comparison = if(like(field1, %field2%), "1", "0")   field1 is a URL and field2 is a base domain, but field2 is input from a lookup, so it's variable but would look something like:   field1="http://www.yahoo.com/mail/inbox" field2="yahoo" OR field1="linkedin.com/company/google/profile" field2="google"   I'm low on ideas after spending my time in docs and forums all day.
We are planning to install controller 21.x. Is is possible to use Oracle as controller database instead MySQL ? Regards, Qumrul 
Hi, I want to change this first (sanitized) query to use a data model instead but I'm unsure how to incorporate "[field] IN ([comma separated list])".      search index=my_index _raw IN ("*test*" ... See more...
Hi, I want to change this first (sanitized) query to use a data model instead but I'm unsure how to incorporate "[field] IN ([comma separated list])".      search index=my_index _raw IN ("*test*" ,"*sale*", "*customer*", "*item*" , "*code*") |transaction src maxspan=1h |table _time src url     This is my latest  failed attempt:   |tstats values(Web.url) as urls FROM datamodel=Web by Web.src |search urls IN("*test*" ,"*sale*", "*customer*", "*item*" , "*code*") |table *     In the 2nd query, how can I use the IN operator after tstats to see if any one of strings  in a list (the wildcards are required) exists in a field?
I have a simple Maven configuration where I know the following is on the classpath (I can verify it at runtime before Spring Boot starts up in my application class): com.splunk.logging:splunk-libr... See more...
I have a simple Maven configuration where I know the following is on the classpath (I can verify it at runtime before Spring Boot starts up in my application class): com.splunk.logging:splunk-library-javalogging:1.6.2 The Maven dependency looks like: <dependency> <groupId>com.splunk.logging</groupId> <artifactId>splunk-library-javalogging</artifactId> <version>1.6.2</version> </dependency>   I made sure that Spring Boot is loaded this way: <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> <version>${version.spring.boot}</version> <exclusions> <exclusion> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-logging</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-log4j2</artifactId> <version>2.5.4</version> </dependency>      I created an appender this way: <?xml version="1.0" encoding="UTF-8"?> <Configuration status="info" name="LoggingTesting" packages=""> <Appenders> <SplunkHttp name="SPLUNK_APPENDER_1" url="http://SPLUNK_IP:8088/services/collector/event" token="MY_TOKEN" source="SampleJavaAppender1" messageFormat="text" batch_size_bytes="0" batch_size_count="5" batch_interval="0" connect_timeout="5000" disableCertificateValidation="true"> <PatternLayout pattern="%m"/> </SplunkHttp>   When I launch my application, I get this error: main ERROR Error processing element SplunkHttp ([Appenders: null]): CLASS_NOT_FOUND main ERROR Unable to locate appender "SPLUNK_APPENDER_1" for logger config "root" This was all based on the sample Log4J2 configuration . What am I missing in my configuration?
I am testing network latency from various subnets to 3 different VCenters.  The output gives me 3 results per subnet IP. How do I have Splunk see the values per subnet and output the best of the thre... See more...
I am testing network latency from various subnets to 3 different VCenters.  The output gives me 3 results per subnet IP. How do I have Splunk see the values per subnet and output the best of the three options?   I am fairly new to this and the tutorial got me this far.  Any constructive help would be appreciated. Current Search is below.   index="wineventlog" host="mgmt" source="wineventlog:application" "EventCode=999" "SourceName=NetworkLatencyCheck" | sort 1 - _time | mvexpand SubnetSourceLatencyDestinationSiteLocationStatus | rex Field=SubnetSourceLatencyDestinationSiteLocationStatus  "^(?<Subnet>.*),\$(?<Source>.*),\$(?<Latency>.*),\$(?<Destination>.*),\$(?<Site>.*),\$(?<Location>.*),\$(?<Status>.*)" | regex Source="(\d{1,3}\.(\d{1,3}\.(\d{1,3}\.(\d{1,3})" | table Subnet Latency Destination ***Example Output*** Subnet                  Latency          Destination 192.10.10               152.75            a08-vcenter 192.10.10                87                    a05-vcenter 192.10.10                8                      a03-vcenter 192.1.1                    25                     a08-vcenter 192.1.1                   13                      a05-vcenter 192.1.1                   48                      a03-vcenter
Can anyone please help me to create the regex expression for the below log.  > {\\n \\\"process\\\": \\\"get_input\\\",\\n \\\"totalProcessed\\\": \\\"0\\\",\\n \\\"SuccessfullyProcessed\\\": \\\"0\... See more...
Can anyone please help me to create the regex expression for the below log.  > {\\n \\\"process\\\": \\\"get_input\\\",\\n \\\"totalProcessed\\\": \\\"0\\\",\\n \\\"SuccessfullyProcessed\\\": \\\"0\\\",\\n \\\"FailedToProcess\\\": \\\"0\\\",\\n \\\"FileName\\\": \\\"\\\"\\n} I created the regex for this as below, but for the 'FileName' I am getting '\n'.   > | rex field=_raw "process\W+(?<process>[\w\s]+)" | rex field=_raw "totalProcessed\W+(?<totalProcessed>[\w\s]+)"| rex field=_raw "SuccessfullyProcessed\W+(?<SuccessfullyProcessed>[\w\s]+)" | rex field=_raw "FileName\W+(?<FileName>[\w\s]+)" | rex field=_raw "FailedToProcess\W+(?<FailedToProcess>[\w\s]+)" It seems some modification/rebuild the regex is needed.  Please help me on this.    Thanks in advance.
Am trying to find if the FWS are using the default user name + default password of changeme. Appreciate your time in advance. 
Hi to all, is wanted or is a bug that dashboard made with dashboard studio are not visible in the navigation menu? This is the cose inside default.xml:   <collection label="DStudio"> <collecti... See more...
Hi to all, is wanted or is a bug that dashboard made with dashboard studio are not visible in the navigation menu? This is the cose inside default.xml:   <collection label="DStudio"> <collection label="HFWD"> <view source="unclassified" name="hfwd_data_collection" /> </collection> </collection>   Instead to see my dashboard made with dashboard studio i see all other dashboards. Thanks for help