All Topics

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Topics

I have the standard deviation given to me in statistics.std and am trying to get the average variance by test type(subject.title). This runs but the statstd is blank. Can someone help? Thanks!     ... See more...
I have the standard deviation given to me in statistics.std and am trying to get the average variance by test type(subject.title). This runs but the statstd is blank. Can someone help? Thanks!     | eval statstd=(statistics.std * statistics.std) | stats avg(statstd) by subject.title | rename subject.title as "PPT Test"    
good day everyone, I have been wrestling with a rather trivial task in Splunk but have not been able to progress with the task at all. sample data _time fields.opco fields.msisdn name 2020-08-14T1... See more...
good day everyone, I have been wrestling with a rather trivial task in Splunk but have not been able to progress with the task at all. sample data _time fields.opco fields.msisdn name 2020-08-14T17:45:33.133+0200 JK 567787546132 get /subscription 2020-08-14T17:45:31.229+0200 JK 567880331982 post /signature/login/rio 2020-08-14T17:42:29.931+0200 JK 567980891094 get /subscription 2020-08-14T17:57:41.387+0200 JK 567584306164 get /subscription 2020-08-14T17:57:33.748+0200 JK 567584306164 get /subscription 2020-08-14T17:48:42.669+0200 JK 567584306164 get /subscription 2020-08-14T17:48:29.289+0200 JK 567584306164 get /subscription 2020-08-14T18:20:05.791+0200 KL 86603681561 get /subscription 2020-08-14T18:19:49.900+0200 KL 86603681561 get /subscription 2020-08-14T18:11:28.953+0200 JK 567715786742 get /subscription 2020-08-14T18:11:29.907+0200 JK 567827673378 get /subscription 2020-08-14T18:04:56.286+0200 JK 567796828080 post /signature/login/rio 2020-08-14T18:04:35.562+0200 JK 567796828080 post /signature/login/rio 2020-08-14T18:04:24.930+0200 JK 567789001801 get /subscription 2020-08-14T17:43:10.003+0200 JK 567789001801 get /subscription 2020-08-14T17:43:10.076+0200 JK 567557863786 get /subscription 2020-08-14T17:43:07.001+0200 JK 567551398328 get /subscription 2020-08-14T17:43:07.000+0200 JK 567423617929 get /subscription 2020-08-14T17:43:06.923+0200 JK 567796033325 get /subscription 2020-08-14T17:43:01.029+0200 JK 567980891094 get /subscription 2020-08-14T17:42:49.594+0200 KL 86605019808 get /subscription 2020-08-14T17:27:51.366+0200 JK 567879774893 get /subscription 2020-08-14T17:27:26.210+0200 JK 567879774893 get /subscription 2020-08-14T18:13:41.686+0200 JK 567861848260 post /signature/login/rio 2020-08-14T18:06:48.951+0200 JK 567788218931 get /subscription 2020-08-14T18:06:48.975+0200 JK 567552857976 get /subscription 2020-08-14T17:58:33.827+0200 JK 567867506086 get /subscription 2020-08-14T17:58:32.337+0200 JK 567956155000 post /signature/login/rio 2020-08-14T17:52:46.935+0200 JK 567751128114 post /signature/login/rio 2020-08-14T18:20:59.288+0200 JK 567584306164 get /subscription 2020-08-14T18:20:52.249+0200 JK 567584306164 get /subscription 2020-08-14T17:46:20.107+0200 JK 567551398328 get /subscription 2020-08-14T17:46:09.684+0200 JK 567470914264 get /subscription 2020-08-14T17:46:09.702+0200 JK 567584306164 get /subscription 2020-08-14T17:46:09.687+0200 JK 567551648923 get /subscription 2020-08-14T17:42:17.786+0200 JK 567778433115 post /signature/login/rio 2020-08-14T17:37:19.320+0200 KL 86640139242 get /subscription 2020-08-14T17:37:00.768+0200 KL 86640139242 get /subscription 2020-08-14T18:08:35.981+0200 JK 567876586588 get /subscription 2020-08-14T18:08:35.979+0200 JK 567810273174 get /subscription 2020-08-14T18:08:35.389+0200 JK 567500206810 post /signature/login/rio 2020-08-14T18:08:36.020+0200 JK 567407636991 get /subscription 2020-08-14T17:57:53.020+0200 JK 567584306164 get /subscription 2020-08-14T17:50:40.388+0200 JK 567917632405 post /signature/login/rio 2020-08-14T18:10:50.667+0200 JK 567703863374 get /subscription 2020-08-14T18:10:50.654+0200 JK 567715786742 get /subscription 2020-08-14T18:10:50.667+0200 JK 567881600418 get /subscription 2020-08-14T18:10:50.617+0200 JK 567880741429 get /subscription 2020-08-14T18:24:04.558+0200 JK 567567933884 post /signature/login/rio 2020-08-14T18:15:02.487+0200 KL 86662330588 get /subscription 2020-08-14T18:15:02.569+0200 JK 567470905376 get /subscription 2020-08-14T18:14:48.581+0200 JK 567809477109 post /subscription 2020-08-14T17:45:03.361+0200 KL 86662330588 get /subscription 2020-08-14T17:56:45.728+0200 JK 567470905376 get /subscription 2020-08-14T17:38:26.362+0200 JK 567305469170 post /signature/login/rio 2020-08-14T17:38:01.646+0200 KL 86647857718 get /subscription 2020-08-14T17:26:53.098+0200 KL 86615712753 post /subscription 2020-08-14T17:26:50.862+0200 KL 86615712753 get /subscription 2020-08-14T17:26:45.438+0200 KL 86615712753 get /subscription 2020-08-14T18:10:27.861+0200 JK 567887641030 get /subscription 2020-08-14T18:10:27.428+0200 JK 567801939123 get /subscription 2020-08-14T18:10:27.430+0200 JK 567585572786 get /subscription 2020-08-14T18:10:27.332+0200 JK 567470764538 get /subscription 2020-08-14T18:06:16.111+0200 JK 567554780915 get /subscription 2020-08-14T18:06:04.025+0200 JK 567917756570 get /subscription 2020-08-14T18:06:04.078+0200 JK 567554780915 get /subscription 2020-08-14T18:06:04.052+0200 JK 567470995350 get /subscription 2020-08-14T18:02:19.052+0200 JK 567751128114 post /signature/login/rio 2020-08-14T18:00:56.248+0200 JK 567817946465 post /signature/login/rio 2020-08-14T17:47:18.906+0200 JK 567564557805 post /signature/login/rio 2020-08-14T17:47:18.278+0200 JK 567966261887 get /subscription 2020-08-14T17:47:03.101+0200 JK 567966261887 get /subscription 2020-08-14T17:47:01.269+0200 JK 567584306164 get /subscription 2020-08-14T17:38:27.471+0200 KL 86647857718 get /subscription 2020-08-14T17:29:50.125+0200 JK 567470905376 get /subscription 2020-08-14T17:25:24.521+0200 JK 567500459122 post /subscription 2020-08-14T18:17:20.090+0200 JK 567584197420 post /signature/login/rio 2020-08-14T18:17:17.281+0200 JK 567747838596 post /signature/login/rio 2020-08-14T18:13:12.213+0200 JK 567423577129 get /subscription 2020-08-14T18:13:12.174+0200 JK 567742420010 get /subscription 2020-08-14T17:59:41.675+0200 JK 567470905376 get /subscription 2020-08-14T17:59:36.997+0200 JK 567956155000 post /subscription 2020-08-14T17:59:29.992+0200 JK 567557818804 post /signature/login/rio 2020-08-14T17:55:40.125+0200 JK 567767666400 post /subscription 2020-08-14T17:55:32.214+0200 JK 567767666400 get /subscription 2020-08-14T17:48:57.879+0200 JK 567817946465 post /signature/login/rio 2020-08-14T18:16:18.110+0200 JK 567860802514 post /signature/login/rio 2020-08-14T18:15:49.201+0200 KL 86667515678 get /subscription 2020-08-14T18:07:54.987+0200 JK 567932760820 post /signature/login/rio 2020-08-14T18:03:46.199+0200 JK 567788218931 post /signature/login/rio 2020-08-14T18:20:04.568+0200 JK 567584306164 get /subscription 2020-08-14T17:41:56.843+0200 JK 567980891094 get /subscription 2020-08-14T17:41:86.214+0200 KL 86647958263 get /subscription 2020-08-14T17:41:25.224+0200 KL 86647958263 get /subscription 2020-08-14T17:40:11.704+0200 KL 86647857718 get /subscription 2020-08-14T17:30:18.798+0200 JK 567920885230 post /signature/login/rio 2020-08-14T17:30:02.388+0200 JK 567470905376 get /subscription 2020-08-14T17:30:02.472+0200 KL 86662330588 get /subscription 2020-08-14T18:00:03.152+0200 KL 86662330588 get /subscription 2020-08-14T18:00:02.433+0200 JK 567470905376 get /subscription 2020-08-14T17:54:51.290+0200 JK 567767666400 post /signature/login/rio 2020-08-14T17:51:47.324+0200 JK 567817946465 post /signature/login/rio 2020-08-14T17:51:24.950+0200 JK 567500888621 post /signature/login/rio 2020-08-14T17:45:03.385+0200 JK 567470905376 get /subscription 2020-08-14T17:45:00.808+0200 JK 567787546132 get /subscription 2020-08-14T18:20:18.387+0200 JK 567795418063 get /subscription 2020-08-14T18:20:09.163+0200 JK 567901352826 post /signature/login/rio 2020-08-14T18:14:10.011+0200 JK 567809477109 post /signature/login/rio 2020-08-14T18:14:01.673+0200 JK 567861848260 post /signature/login/rio 2020-08-14T18:13:59.158+0200 JK 567867506086 get /subscription 2020-08-14T18:06:31.299+0200 JK 567920562320 post /signature/login/rio 2020-08-14T18:24:07.940+0200 JK 567597940329 post /signature/login/rio 2020-08-14T18:23:56.917+0200 JK 567411800010 post /signature/login/rio 2020-08-14T17:46:47.371+0200 JK 567584306164 get /subscription 2020-08-14T17:32:07.320+0200 JK 567935974302 post /signature/login/rio 2020-08-14T17:28:10.371+0200 JK 567702810173 get /subscription 2020-08-14T17:25:27.130+0200 JK 567425119829 post /signature/login/rio 2020-08-14T18:07:13.222+0200 JK 567788218931 get /subscription 2020-08-14T18:04:02.099+0200 JK 567557818804 post /signature/login/rio 2020-08-14T17:50:04.910+0200 JK 567776187770 post /signature/login/rio 2020-08-14T17:49:48.920+0200 JK 567867940400 get /subscription 2020-08-14T18:12:12.564+0200 JK 567565637382 post /signature/login/rio 2020-08-14T18:12:12.743+0200 JK 567860802514 get /subscription 2020-08-14T18:11:24.571+0200 JK 567788555612 get /subscription 2020-08-14T18:11:24.563+0200 JK 567989942782 get /subscription 2020-08-14T18:22:36.094+0200 JK 567597940329 post /signature/login/rio 2020-08-14T18:22:27.678+0200 JK 567774545333 post /signature/login/rio 2020-08-14T18:22:15.224+0200 JK 567597940329 post /signature/login/rio 2020-08-14T18:22:14.321+0200 JK 567860802514 get /subscription 2020-08-14T18:21:51.387+0200 JK 567474128268 get /subscription 2020-08-14T18:13:12.252+0200 JK 567393365552 get /subscription 2020-08-14T18:13:12.150+0200 JK 567464236314 get /subscription 2020-08-14T18:13:12.175+0200 JK 567880915362 get /subscription 2020-08-14T18:12:52.638+0200 JK 567771985693 post /signature/login/rio 2020-08-14T17:43:30.425+0200 JK 567825127859 get /subscription 2020-08-14T17:43:30.457+0200 JK 567833209143 get /subscription 2020-08-14T17:43:30.429+0200 JK 567391420102 get /subscription 2020-08-14T18:09:43.645+0200 JK 567932760820 post /subscription 2020-08-14T18:09:38.910+0200 KL 86677740752 get /subscription 2020-08-14T18:09:33.911+0200 JK 567932760820 get /subscription 2020-08-14T17:53:52.017+0200 JK 567751128114 post /signature/login/rio 2020-08-14T17:50:01.989+0200 JK 567841849391 get /subscription 2020-08-14T18:18:48.027+0200 JK 567771985693 post /subscription 2020-08-14T18:18:39.279+0200 JK 567771985693 get /subscription 2020-08-14T18:13:04.976+0200 JK 567305469170 post /signature/login/rio 2020-08-14T18:12:15.649+0200 JK 567500206810 post /signature/login/rio 2020-08-14T18:12:12.790+0200 JK 567585692861 get /subscription 2020-08-14T17:43:30.439+0200 JK 567787546132 get /subscription 2020-08-14T17:43:31.102+0200 JK 567789001801 get /subscription 2020-08-14T17:30:49.299+0200 JK 567920885230 post /signature/login/rio 2020-08-14T17:26:55.616+0200 KL 86615712753 get /subscription 2020-08-14T18:14:48.163+0200 JK 567861848260 post /subscription 2020-08-14T18:14:45.579+0200 KL 86647857718 get /subscription 2020-08-14T18:14:42.800+0200 JK 567809477109 get /subscription 2020-08-14T18:14:39.856+0200 JK 567861848260 get /subscription 2020-08-14T18:14:37.003+0200 JK 567470905376 get /subscription 2020-08-14T18:14:23.203+0200 JK 567493761701 get /subscription 2020-08-14T18:14:23.219+0200 JK 567391473757 get /subscription 2020-08-14T18:14:23.145+0200 JK 567437561172 get /subscription 2020-08-14T18:09:05.207+0200 JK 567900846961 post /signature/login/rio 2020-08-14T18:08:59.108+0200 JK 567790477774 post /signature/login/rio 2020-08-14T18:06:04.055+0200 JK 567787161505 get /subscription 2020-08-14T18:02:54.972+0200 JK 567788218931 post /signature/login/rio 2020-08-14T17:59:18.805+0200 JK 567956155000 get /subscription 2020-08-14T17:52:52.886+0200 JK 567817946465 post /signature/login/rio 2020-08-14T17:49:48.963+0200 JK 567841849391 get /subscription 2020-08-14T18:24:36.672+0200 KL 86722222476 get /subscription 2020-08-14T18:24:27.641+0200 JK 567956696586 get /subscription 2020-08-14T18:21:18.402+0200 JK 567597940329 post /signature/login/rio 2020-08-14T18:19:39.256+0200 JK 567584306164 get /subscription 2020-08-14T18:15:39.585+0200 JK 567867506086 get /subscription 2020-08-14T18:15:39.123+0200 JK 567884357880 post /signature/login/rio       earliest=-30d@d latest=now index=tdr_p fields.opco="*" name="post /signature/login/rio" OR name="get /subscription" OR name="post /subscription" | chart count by fields.msisdn, name | rename "get /subscription" as "Passed_VFID", "post /signature/login/rio" as "Started_RIO", "post /subscription" as "Ordered_eSIM" | eval "Started_RIO"=if( Started_RIO>0,1,0) | eval Passed_VFID=if( Passed_VFID>0,1,0) | eval Ordered_eSIM=if( Ordered_eSIM>0,1,0) | fields fields.msisdn, "Started_RIO","Passed_VFID","Ordered_eSIM" | eval comment=case( Started_RIO=1 and Passed_VFID=0 and Ordered_eSIM=0, "Attempts starting ODA RIO but not going past authentication", Started_RIO=0 and Passed_VFID=1 and Ordered_eSIM=1, "Customer that ordered but not started from ODA", Started_RIO=1 and Passed_VFID=1 and Ordered_eSIM=0, "Customers started ODA RIO, authenticated but didn’t order", Started_RIO=1 and Passed_VFID=1 and Ordered_eSIM=1, "Customers started ODA RIO, authenticated and ordered", Started_RIO=0 and Passed_VFID=1 and Ordered_eSIM=0, "Customer logged in on Portal (not via RIO) but didn’t order") | stats count by comment         Getting output like this       comment count Attempts starting ODA RIO but not going past authentication 3912 Customer logged in on Portal (not via RIO) but didn’t order 8653 Customer that ordered but not started from ODA 592 Customers started ODA RIO, authenticated and ordered 1661 Customers started ODA RIO, authenticated but didn’t order 832       Now my team wanted this stats day wise for last 30 days.  now I am not sure how I can break this stats day wise. I have tried with bucket _time span=1d but not able do it because of chart i.e " chart count by fields.msisdn, name ".  chart not taking 3rd fields in by condition. i.e chart count by _time,fields.msisdn, name  Any help is greatly appreciated. Thanks,      
Trying to collect information from a sub folder in a Windows server event log. Specifically in the Applications and Services Logs/DFS Replication folder. So far it looks like I need to add some info ... See more...
Trying to collect information from a sub folder in a Windows server event log. Specifically in the Applications and Services Logs/DFS Replication folder. So far it looks like I need to add some info to my local conf file, but unsure of the proper syntax. I believe it would be along these lines: [WinEventLog:"Application and Services Logs/DFSReplication"] disabled=0 start from=oldest currentonly=0 Can anyone point me to the proper doc to figure this out or offer a suggestion. Thanks in advance.    
HI All , I have a question regarding python , I have python installed on my servers and i want to delete the python from the server , is it will impact anything on splunk ? BEcause i heard splunk so... See more...
HI All , I have a question regarding python , I have python installed on my servers and i want to delete the python from the server , is it will impact anything on splunk ? BEcause i heard splunk software ships with python libarary and its not using the one we have installed on server , its using its own libarary , IS it true ????
Hi, How is it possible that a correlation rule is triggering notables based on data dates back to a previous month?  I have a rule with the below time range modifiers  It has just been trigger... See more...
Hi, How is it possible that a correlation rule is triggering notables based on data dates back to a previous month?  I have a rule with the below time range modifiers  It has just been triggered and I tried searching for the matching event for the past day with no luck.  Expanded my time range to 90 days and I found matching events during the past month only. Is this scenario familiar to anyone? 
is there any solution can automatically export reports to csv file and forward the files to third-party systems not by email?
I'm trying to configure a new receiving port for SSL encryptet data on my indexer. I've written an inputs.conf and a server.conf file on the indexer, but my indexer is complaining that there is a mis... See more...
I'm trying to configure a new receiving port for SSL encryptet data on my indexer. I've written an inputs.conf and a server.conf file on the indexer, but my indexer is complaining that there is a missing serverCert parameter from the [SSL] stanza. I can't figure out why it's complaining. The error message seems simple enough, but I've double checked the configuration with the documentation, but to no help, everything looks good in my eyes. Does anyone see what's wrong with my configuration, or has any tips on why the indexer is complaining? inputs.conf   [splunktcp-ssl:9998] disabled = 0 [SSL] serverCert = $SPLUNK_HOME/etc/path/to/cert/servercert.crt requireClientCert = true     server.conf   [sslConfig] sslRootCAPath = $SPLUNK_HOME/etc/path/to/rootca/rootca.pem     The specific error message from the indexer in splunkd.log:   ERROR TcpInputConfig - SSL context cannot be created due to missing required serverCert parameter from [SSL] stanza. Will not open splunk to splunk (SSL) IPv4 port 9998  
How can I disable audittrial logs to get ingested in splunk?
I have a requirement wherein i have 3 columns, Owning_stream, changeReq Number, Sate_id (proposed, awaiting approval etc). I am able to calculate the maximum of _time group by State_id. But i want to... See more...
I have a requirement wherein i have 3 columns, Owning_stream, changeReq Number, Sate_id (proposed, awaiting approval etc). I am able to calculate the maximum of _time group by State_id. But i want to add one more column in the final result which displays the difference between maximum and minimum dates from previous column. 
Phantom 4.9 supports Markdown notes and it is possible to add markdown note using GUI. But how to use markdown with the add_task API function? Like  phantom.add_task(container=None, name=None, owner... See more...
Phantom 4.9 supports Markdown notes and it is possible to add markdown note using GUI. But how to use markdown with the add_task API function? Like  phantom.add_task(container=None, name=None, owner=None, role=None, trace=False) By default it doesn't recognize markdown and just pastes a note as a raw text. 
Hi, I am facing some difficulty in achieving below. Can anyone help. I am getting 0 in the columns only and no other data index=dev_env sourcetype="urldata" URL ="*" LoadTime="*" | eval url_name=... See more...
Hi, I am facing some difficulty in achieving below. Can anyone help. I am getting 0 in the columns only and no other data index=dev_env sourcetype="urldata" URL ="*" LoadTime="*" | eval url_name= case(URL like "https://www.pingtest.com/server/server.aspx%" , "ServerLogin", URL like "https://www.servermonitor/clients/hostname/server.aspx?filetype_id=474&mode=new%","Servers", URL like "https://www.pingtest.com/clients/User/Testdata.aspx%" ,"ServersPing" URLlike "https://www.pingtest.com/mobileusers/Logins/Login.aspx?testid=1578&actid=21047%","MobilePing",URL like "https://www.pingtest.com/User/newuser.aspx?%","NewUserPing",1==1,0) | timechart span=1m  eval(round(avg(LoadTime),0)) as TimeUsedtoload by url_name 
My query generates a table with two columns . | index = somethnig | table car price car           price yegalo     2999 printek    3444 altox         5433 ylome    3222 etc.. I want to... See more...
My query generates a table with two columns . | index = somethnig | table car price car           price yegalo     2999 printek    3444 altox         5433 ylome    3222 etc.. I want to color the column price as red or green depending on the car name. If the car name is yegalo or ylome then the respective rows i.e. 2999 or 3222 should be red , others should be green. I am trying the following in the simpleXML <format type="color" field="price"> <colorPalette type="expression">if(like(value,"%y"), "#00F000", "#F00000")</colorPalette> </format> How ever the underlined if condition is checking the condition in "price" column instead of "car" column.  I tried    if(like($result.car,"%y"),    But it won't work.
Hi I am currently working on an alert wherein it should trigger email when a search condition is met. Details are as below: Whenever the log events contains the text "Timer Alert Expired", I should... See more...
Hi I am currently working on an alert wherein it should trigger email when a search condition is met. Details are as below: Whenever the log events contains the text "Timer Alert Expired", I should be able to trigger the alert and send an email.  Sample event as below: Error log:  “WARN  [com.tracegroup.IMP_DIAG.transformer.MappingDefinitionGroups.TSaaSRequestResp.MappingDefinitions.CreateAlert] (G_M80T53|utx:681b7409:173e5a33ee9:-35a4|chnl:LN1_TransactionQueue-Events|id:184880844222000160000096002) 200813PN100144009  --  Timer Alert Expired” While, I am able to extract the string and store it in a field (time_expire), I am unable to get a way to trigger an alert. Needed help in creating an alert with the above condition. I understand from alert function that it will be triggered when a particular condition is met but in this condition not sure on how to generate the alert.  Thanks  San
Hi, I went through the creation process of ES sandbox, but I haven't received any mail about the created sandbox. But when I tried to repeat the creation the system said I have already an active san... See more...
Hi, I went through the creation process of ES sandbox, but I haven't received any mail about the created sandbox. But when I tried to repeat the creation the system said I have already an active sandbox. I tried to access the instance from the "Instances" page but it drops HTTP Error 504. I assume the creation process of sandbox wasn't completed (this is why I didn't receive email about the Sandbox).  Please help me: How can I get a working ES Sandbox? Thank you in advance! BR, Gazgizmo
Good morning all, I'm hoping someone may be able to assist me quickly and easily. I have a dashboard that shows a number of panels that return a status of batch jobs. Thing is, these batch jobs onl... See more...
Good morning all, I'm hoping someone may be able to assist me quickly and easily. I have a dashboard that shows a number of panels that return a status of batch jobs. Thing is, these batch jobs only run at 1:30pm and 4pm. As such, to make the dashboard a little more dynamic, I'd like to hide the panels for 1:30pm prior to the time being 1:30pm and likewise for 4pm.  I have a hidden search that calculates current date and time, then I create two fields called time_check1 and time_check2. These two fields have a value of Yes or No depending on whether time_check1 is before 1:30pm (Yes, No) and likewise the second checks if it is before 4pm. Now, what I want to do is only show the 1:30pm panels when time_check1 is = Yes, and the same again for 4pm panels when time_check2 is Yes. I have done a fair amount of searching through here and can see lots of questions about utilising dropdowns and inputs for this, but mine is a static hidden search that I simply need to display the panels when criteria is met (the value of Yes).  Would anyone please be able to assist me? I'm sure there must be something along the lines of <panel depends="$time_check1$=YES"> or similar? Thank you in advance.
There are few DBs where the backup scheduled to be offline hence the DBs are to be made offline, however as the DBs are getting queried through DB connect the Splunk process are blocking the backup a... See more...
There are few DBs where the backup scheduled to be offline hence the DBs are to be made offline, however as the DBs are getting queried through DB connect the Splunk process are blocking the backup activities. is there any way we can stop this connection for any specific time window, except manual enabling and disabling connection.
When attempting to use the alert action from Splunk the The Hive it appears to fail with the following error: Configuration of lookup tables: thehive_datatypes.csv: default thehive_instance_li... See more...
When attempting to use the alert action from Splunk the The Hive it appears to fail with the following error: Configuration of lookup tables: thehive_datatypes.csv: default thehive_instance_list.csv   Everything was done according to manual: https://github.com/remg427/TA-thehive-ce/blob/master/docs/thehivealerts.md Any idea what can be wrong?
Hi Everyone, It would be great if someone help me on this. I am having one field URL in my raw data. URL = https://jfghdw.ind.com:1001/xyz/flow/group/186yugh-w12-567c-b89-pghj67y Now I want to ex... See more...
Hi Everyone, It would be great if someone help me on this. I am having one field URL in my raw data. URL = https://jfghdw.ind.com:1001/xyz/flow/group/186yugh-w12-567c-b89-pghj67y Now I want to extract only the last portion(that will be different for each URL so Cant take hard coded value) of the field URL  How to extract the 6th portion of the field that is "186yugh-w12-567c-b89-pghj67y" (It will be different for each URL) using regular expression.  
Hello All, I have tried updating ulimits values but it is not persistant in all the instances. Production environment which I am working on is having cluster/licensce master, search head cluster, in... See more...
Hello All, I have tried updating ulimits values but it is not persistant in all the instances. Production environment which I am working on is having cluster/licensce master, search head cluster, indexer cluster and few heavy forwarder instances. - As per splunk recommendation tried updating ulimits in /etc/security/limits.conf file and done the service restart. Post that ulimits got persistently updated only in indexer instances and in rest of the instances there was no changes in ulimits value. - Tried hard coding ulimits values in etc/init.d/splunk file inside splunk start () fucntion as well when it boot starts and rebooted the instances. Post that ulimits persistently updated in only indexer and search head instances  In heavy forwarder and licence master instances even if I try to increasing ulimits after couple of hpours it is getting reduced and can you please suggest ehat can be done to set the ulimits persistantly    -
Where should we install IBM Websphere MQ Modular Input for Splunk add-on . Is it to be installed in Heavy Forwarder or Universal Forwarder..??Is there any documentation for this..??