All Topics

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Topics

| tstats count where index=proxy AND sourcetype=dns earliest=-7d by _time, ComputerName span=1h | xyseries _time, ComputerName, count So this is an actual field with an actual value and it isnt ... See more...
| tstats count where index=proxy AND sourcetype=dns earliest=-7d by _time, ComputerName span=1h | xyseries _time, ComputerName, count So this is an actual field with an actual value and it isnt loading into the search, any reason why?
i need to pass the host value in the URL from external file to the python script. how to pass it through conf file? please help import requests headers={ "accept": "applicatio... See more...
i need to pass the host value in the URL from external file to the python script. how to pass it through conf file? please help import requests headers={ "accept": "application/json", "content-type": "application/json" } res = requests.get('https://"<passvalue>"/home/method=post/end',headers=headers ) print(res.text) inputs.conf [script://.\bin\gettinfdata.py] interval = * * * * * sourcetype = pythondata disabled = False index = test
I'm trying to create a props.conf file that will properly break up these av clam logs below. The logs don't have a date/timestamp only the long dashed line separates the events. The stanza below seem... See more...
I'm trying to create a props.conf file that will properly break up these av clam logs below. The logs don't have a date/timestamp only the long dashed line separates the events. The stanza below seems to work However I DO NOT like having to set should_linemerge=true/BREAK_ONLY_BEFORE.... in order to get this to work: [ av:clam ] SHOULD_LINEMERGE=true NO_BINARY_CHECK=true BREAK_ONLY_BEFORE=------------------------------------------------------------------------------- CHARSET=UTF-8 disabled=false DATETIME_CONFIG=NONE In regex 101 i used this regex to break up the events and it looks clean there. \-------------------------------------------------------------------------------$ When I try to use this to break the events it doesn't work (all the events are on separate lines) as if it doesn't recognize my line breaker. SHOULD_LINEMERGE=false LINE_BREAKER=\-------------------------------------------------------------------------------$ Below is a sample log (3 events). Hopefully, someone can help ------------------------------------------------------------------------------- WARNING: Can't open file /etc/rsyslog.conf.broken: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_buu1Z0: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_P1SWCK: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_pD4Mt4: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200021_ow7PXV: Permission denied WARNING: Can't open file /tmp/krb5cc_888600429_vx2xUp: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_QYox3k: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_0fEYYI: Permission denied WARNING: Can't open file /tmp/krb5cc_888600101_tfBE1x: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200026_aPhSxB: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1532.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1599.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1695.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1517.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1602.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1593.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1592.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1727.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1526.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1770.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1513.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1686.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1588.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1607.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1605.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1636.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1698.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1603.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1785.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1617.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1606.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1742.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1585.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1519.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1623.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1708.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1590.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1531.log: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_Myl0Qe: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_Y8YTvr: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_Svzf6O: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_QvgHg4: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200003_aWcbM9: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_eBGT5M: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200007_cPewso: Permission denied WARNING: Can't open file /tmp/krb5cc_888600099_vJnQRX: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200019_1cSMBo: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_RvJuPw: Permission denied WARNING: Can't open file /tmp/krb5cc_888600106_bhzQNt: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_BHjkuK: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200001_02GigF: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_8rXTya: Permission denied WARNING: Can't open file /tmp/krb5cc_888600286_wkk2hw: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200037_PR0YIo: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200030_n0sXYf: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_egUWcm: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_SER8kV: Permission denied WARNING: Can't open file /tmp/tmp.XIvDgFrUAn: Permission denied WARNING: Can't open file /tmp/EPEL6-GPG-KEY: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200013_qujiN0: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_g40tLJ: Permission denied WARNING: Can't open file /tmp/krb5cc_888600427_BuOUej: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_OpGADN: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_jbilyY: Permission denied WARNING: Can't open file /tmp/krb5cc_888700729_110ApX: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200028_4tocVD: Permission denied WARNING: Can't open file /tmp/krb5cc_888600042_em0uAD: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_qjdnTq: Permission denied WARNING: Can't open file /tmp/krb5cc_888600043_Pyb8Hf: Permission denied WARNING: Can't open file /tmp/krb5cc_888600111_CtZB8x: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_HpqDys: Permission denied WARNING: Can't open file /opt/splunk-6.4.0-f2c836328108-linux-2.6-x86_64.rpm: Permission denied ----------- SCAN SUMMARY ----------- Known viruses: 5995098 Engine version: 0.99.2 Scanned directories: 6366 Scanned files: 41938 Infected files: 0 Total errors: 83 Data scanned: 3329.70 MB Data read: 4610.58 MB (ratio 0.72:1) Time: 4296.029 sec (71 m 36 s) ------------------------------------------------------------------------------- WARNING: Can't open file /etc/rsyslog.conf.broken: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_buu1Z0: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200001_n3Udh3: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_P1SWCK: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_pD4Mt4: Permission denied WARNING: Can't open file /tmp/krb5cc_888600429_vx2xUp: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_QYox3k: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200046_tG4INP: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_0fEYYI: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200071_HSWmZ6: Permission denied WARNING: Can't open file /tmp/krb5cc_888600101_tfBE1x: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1532.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1599.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1695.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1517.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1594.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1595.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1602.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1580.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1593.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1592.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1526.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1513.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1686.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1588.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1607.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1605.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1589.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1636.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1698.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1603.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1617.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1606.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1604.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1584.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1585.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1519.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1623.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1708.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1590.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1531.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1608.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1610.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1598.log: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_Myl0Qe: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_Y8YTvr: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_Svzf6O: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_QvgHg4: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200028_dJudKj: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_eBGT5M: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200012_QHbp0P: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200003_3gLmvy: Permission denied WARNING: Can't open file /tmp/tmp.z1NhS7Cf1p: Permission denied WARNING: Can't open file /tmp/krb5cc_888600099_vJnQRX: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200016_ZuL9m4: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200048_CG4mxR: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200019_1cSMBo: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200037_FH62Pc: Permission denied WARNING: Can't open file /tmp/tmp.a9xsZutIWq: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_RvJuPw: Permission denied WARNING: Can't open file /tmp/krb5cc_888600106_bhzQNt: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_BHjkuK: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_8rXTya: Permission denied WARNING: Can't open file /tmp/krb5cc_888600286_wkk2hw: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200030_n0sXYf: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_egUWcm: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_SER8kV: Permission denied WARNING: Can't open file /tmp/tmp.XIvDgFrUAn: Permission denied WARNING: Can't open file /tmp/EPEL6-GPG-KEY: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200013_qujiN0: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_g40tLJ: Permission denied WARNING: Can't open file /tmp/krb5cc_888600427_BuOUej: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_OpGADN: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_jbilyY: Permission denied WARNING: Can't open file /tmp/krb5cc_888700729_110ApX: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200051_5IDsNl: Permission denied WARNING: Can't open file /tmp/krb5cc_888600042_em0uAD: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200049_70bzRj: Permission denied WARNING: Can't open file /tmp/tmp.E4AJCzpOIr: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200007_R3pBFi: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_qjdnTq: Permission denied WARNING: Can't open file /tmp/tmp.nEx5K1P19V: Permission denied WARNING: Can't open file /tmp/krb5cc_888600043_Pyb8Hf: Permission denied WARNING: Can't open file /tmp/tmp.3xu23Z8tDj: Permission denied WARNING: Can't open file /tmp/krb5cc_888600111_CtZB8x: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_HpqDys: Permission denied WARNING: Can't open file /opt/splunk-6.4.0-f2c836328108-linux-2.6-x86_64.rpm: Permission denied ----------- SCAN SUMMARY ----------- Known viruses: 6319346 Engine version: 0.99.2 Scanned directories: 7233 Scanned files: 45947 Infected files: 0 Total errors: 100 Data scanned: 3594.28 MB Data read: 4821.47 MB (ratio 0.75:1) Time: 485.906 sec (8 m 5 s) ------------------------------------------------------------------------------- WARNING: Can't open file /etc/rsyslog.conf.broken: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200048_SKap8h: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_buu1Z0: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_P1SWCK: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_pD4Mt4: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200071_e3US5K: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200021_IfCsp4: Permission denied WARNING: Can't open file /tmp/krb5cc_888600429_vx2xUp: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_QYox3k: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200046_tG4INP: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_0fEYYI: Permission denied WARNING: Can't open file /tmp/krb5cc_888600101_tfBE1x: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1587.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1599.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1594.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1595.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1602.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1580.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1593.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1592.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1566.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1578.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1611.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1588.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1607.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1605.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1589.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1603.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1583.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1596.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1606.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1604.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1584.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1582.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1620.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1585.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1623.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1590.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1577.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1608.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1610.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1598.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1591.log: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_Myl0Qe: Permission denied WARNING: Can't open file /tmp/tmp.0qPyyvkhIw: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_Y8YTvr: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_Svzf6O: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_QvgHg4: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200028_dJudKj: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_eBGT5M: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200012_QHbp0P: Permission denied WARNING: Can't open file /tmp/tmp.z1NhS7Cf1p: Permission denied WARNING: Can't open file /tmp/krb5cc_888600099_vJnQRX: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200019_1cSMBo: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200065_NZfYE4: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200037_FH62Pc: Permission denied WARNING: Can't open file /tmp/tmp.a9xsZutIWq: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200003_Ysuwzs: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_RvJuPw: Permission denied WARNING: Can't open file /tmp/krb5cc_888600106_bhzQNt: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_BHjkuK: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_8rXTya: Permission denied WARNING: Can't open file /tmp/krb5cc_888600286_wkk2hw: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200030_n0sXYf: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200001_VezxBM: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_egUWcm: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_SER8kV: Permission denied WARNING: Can't open file /tmp/tmp.XIvDgFrUAn: Permission denied WARNING: Can't open file /tmp/EPEL6-GPG-KEY: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200013_qujiN0: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_g40tLJ: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200049_zrBoRF: Permission denied WARNING: Can't open file /tmp/krb5cc_888600427_BuOUej: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200051_5uiGLr: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_OpGADN: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_jbilyY: Permission denied WARNING: Can't open file /tmp/krb5cc_888700729_110ApX: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200047_iM0nZM: Permission denied WARNING: Can't open file /tmp/krb5cc_888600042_em0uAD: Permission denied WARNING: Can't open file /tmp/tmp.E4AJCzpOIr: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200007_R3pBFi: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_qjdnTq: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200016_7hh0tc: Permission denied WARNING: Can't open file /tmp/tmp.nEx5K1P19V: Permission denied WARNING: Can't open file /tmp/krb5cc_888600043_Pyb8Hf: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200062_Y3tkcC: Permission denied WARNING: Can't open file /tmp/tmp.3xu23Z8tDj: Permission denied WARNING: Can't open file /tmp/tmp.KgPSpEWZwR: Permission denied WARNING: Can't open file /tmp/krb5cc_888600111_CtZB8x: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_HpqDys: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200067_xWpi42: Permission denied ----------- SCAN SUMMARY ----------- Known viruses: 6319470 Engine version: 0.99.4 Scanned directories: 8003 Scanned files: 47590 Infected files: 0 Total errors: 105 Data scanned: 4118.82 MB Data read: 5005.36 MB (ratio 0.82:1) Time: 556.020 sec (9 m 16 s)
Hello everybody! I have the following issue. i have two dashboards and i want to pass two tokens to another dashboard in one link tag. In a similar thread there was the suggestion of the usage of... See more...
Hello everybody! I have the following issue. i have two dashboards and i want to pass two tokens to another dashboard in one link tag. In a similar thread there was the suggestion of the usage of "&" but when i do the same, i get the following error message: Invalid character entity The link tag looks like this: dashboard?form.token1=$row.field1$&form.token2=$row.field2$ Passing one token works perfectly but i need two. I'd be very thankful for any suggestions
Hi All, I have counts of some offers for every hour eg 9-10 30 and then 10-11 - it is 40 it should be cumulative one. For example 00- 20 01-(20+10)=30 02-(30+20)=50 . But it will n... See more...
Hi All, I have counts of some offers for every hour eg 9-10 30 and then 10-11 - it is 40 it should be cumulative one. For example 00- 20 01-(20+10)=30 02-(30+20)=50 . But it will not be accumulated in the data. It will be just 00-20 01-10 02-20 Now i have 15 days data. like this 30 th March 00- 20, 01-10,02,-20 31st March 00-10,01-15,02-15 1st April 00-10,01-20,02-15 Now firsrt dat a should be changed like thi s through splunk 30 th March 00- 20, 01-30,02,-50 31st March 00-10,01-25,02-40 1st April 00-10,01-30,02-45 Then i have to take median or average by hours. Please help
if a field is missing in output, what is the query to eval another field to create this missing field. below query can do it, |eval missing=anothercolumn. but to run this query , i need to run... See more...
if a field is missing in output, what is the query to eval another field to create this missing field. below query can do it, |eval missing=anothercolumn. but to run this query , i need to run it only when the "missing" column is missing. what is the logic to use..
Hello, Please , I need to deploy the app dedicated for COVID-19 (following this Link : https://www.splunk.com/en_us/blog/leadership/bringing-data-to-covid-19.html ). is there any source for co... See more...
Hello, Please , I need to deploy the app dedicated for COVID-19 (following this Link : https://www.splunk.com/en_us/blog/leadership/bringing-data-to-covid-19.html ). is there any source for collecting data for COVID-19 for Tunisia ? Thanks in advance.
Hi all, I have an output.. ISIS: Adjacency to IDCSO-WANRTC001 (FastEthernet0/0/0) Down, bfd neighbor down ISIS: Adjacency to IDCSO-WANRTC001 (FastEthernet0/0/0) Up, new adjacency COde curren... See more...
Hi all, I have an output.. ISIS: Adjacency to IDCSO-WANRTC001 (FastEthernet0/0/0) Down, bfd neighbor down ISIS: Adjacency to IDCSO-WANRTC001 (FastEthernet0/0/0) Up, new adjacency COde currently am using. index=nw_syslog "*CLNS-5-ADJCHANGE*" | rename _time as Time_CST | fieldformat Time_CST=strftime(Time_CST,"%x %X") | dedup hostname, message | table hostname, Time_CST, message Output: hostname Time_CST message idpbv 03/31/20 06:24:32 ISIS: Adjacency to IDCSO (FastEthernet0/0/0) Down, bfd neighbor down idpbv 03/31/20 06:24:33 ISIS: Adjacency to IDCSO (FastEthernet0/0/0) Up, new adjacency idpbv 03/31/20 06:26:32 ISIS: Adjacency to IDCSO (FastEthernet0/2/0) Down, bfd neighbor down idpbv 03/31/20 06:26:54 ISIS: Adjacency to IDCSO (FastEthernet0/2/0) Up, new adjacency Expected output By using Regex. hostname Time_CST Interface Status Count idpbv 3/31/2020 6:24 FastEthernet0/0/0 UP 2 idpbv 3/31/2020 6:26 FastEthernet0/2/0 UP 2
Hello, I would like to Check for each host, its sourcetype and count by Sourcetype. I tried host=* | stats count by host, sourcetype But in fact I need all the sourcetypes to be set as column, a... See more...
Hello, I would like to Check for each host, its sourcetype and count by Sourcetype. I tried host=* | stats count by host, sourcetype But in fact I need all the sourcetypes to be set as column, and get the count by host for each sourcetype. Can you help ? Many thanks
I am not seeing extracted field against below query. index=fireeye | eval {flexString2Label} = flexString2 below are crossponding values in CEF format flexString2Label = subjcect flexString2 =... See more...
I am not seeing extracted field against below query. index=fireeye | eval {flexString2Label} = flexString2 below are crossponding values in CEF format flexString2Label = subjcect flexString2 = "a test message" Please advise that what I a missing
Hello everyone, I am trying to extract some data from the logs. I have created a little search that works well: customergetservice host=MBKBKKSPHTRSP0* source="/var/log/jbossas/standalone/se... See more...
Hello everyone, I am trying to extract some data from the logs. I have created a little search that works well: customergetservice host=MBKBKKSPHTRSP0* source="/var/log/jbossas/standalone/server.log" | transaction RequestId It links the request and the response from the server by the extracted field RequestId. However, I am trying to filter only some parameter contained in the field Login: The login has many possibilities of different values, but it starts with either: "BBC-*" "BBF-*" "BFL-*" "BCIMR-*" The login is only in the request, and not in the response. I am trying to filter by putting the following customergetservice host=MBKBKKSPHTRSP0* source="/var/log/jbossas/standalone/server.log" | transaction RequestId startswith="BCIMR-*" However, when I add the StartsWith, everything's broken, as the events are not linked together anymore. See following comment for example as I can't add more than 2 images per question
Hi, We are trying to implement in our GWT application with end user monitoring. But we are not sure it is possible to monitor the different pages as it is a single page application. We have see... See more...
Hi, We are trying to implement in our GWT application with end user monitoring. But we are not sure it is possible to monitor the different pages as it is a single page application. We have seen in the documentation portal that it supports angular and react. Did anyone have a successful example of implementing this in a GWT project? Thanks you very much
I would like to collect wildfire report from paloalto to splunk. Could you give me some instruction? Also, I are looking for the way to collect packet capture file from paloalto to splunk When I... See more...
I would like to collect wildfire report from paloalto to splunk. Could you give me some instruction? Also, I are looking for the way to collect packet capture file from paloalto to splunk When I log into Paloalto via webUI, I click on monitor tab and click on Threat. If there is some pcap file in this area, I would like to send data to splunk. Could you give me how to configure on the splunk side?
Hi Folks, Can anyone suggest how to remove the below data getting indexed to indexer and also how to remove the data which is already indexed? timestamp syslog_host user remote_host connection_... See more...
Hi Folks, Can anyone suggest how to remove the below data getting indexed to indexer and also how to remove the data which is already indexed? timestamp syslog_host user remote_host connection_id query_id operation database object
Unable to configure duo app.It's showing 500 internal server Please suggest any way to resolve this issue. Thanks
Hi, I have a dashboard, where in a column "status" have text with success or failed, i want to set up a alert for every 15 mins, if the value is failed. how can i achieve this in the XML code tha... See more...
Hi, I have a dashboard, where in a column "status" have text with success or failed, i want to set up a alert for every 15 mins, if the value is failed. how can i achieve this in the XML code that i already have with dashboard.
Hi, on a 7.2.4 Cluster my Indexers show memory usage of more than 80% in the initial screen of the monitoring console. When I then go into the Resource Usage: Machine screen, I see that Splunk know... See more...
Hi, on a 7.2.4 Cluster my Indexers show memory usage of more than 80% in the initial screen of the monitoring console. When I then go into the Resource Usage: Machine screen, I see that Splunk knows it has 7GB memory. in the Machine information on top, which also corresponds to the free command on the box. But when I look at the snapshot or memory usage graph, I see nonsense: I see 35.000 of 40.000 MB used. Where does this come from and how can it be fixed? thx afx
Hi Team, We are having an issue with Indexer not receiving updated code from master. I could see when we are pushing code its getting deployed to master and the .bundle is getting created and ... See more...
Hi Team, We are having an issue with Indexer not receiving updated code from master. I could see when we are pushing code its getting deployed to master and the .bundle is getting created and code is pushed to search heads fine but not to indexers also the .bundle is not persisted in master (utility box). This started happening while we are trying to move Splunk from 7.1 to 7.3.4 Could you please let me know what could be possible wrong? I have tried checking my puppet code for any errors but there are no errors with : /opt/splunk/bin/splunk apply cluster-bundle --answer-yes -auth username:password Post this step we are pushing code to SHs and this is working fine. /opt/splunk/bin/splunk apply shcluster-bundle --answer-yes -target targerURL -auth username:password As I mentioned above, during puppet apply (to push latest code running puppet to execute above commands) I see .bundle is getting created but after its applied I dont see the .bundle with latest timestamp is available under master (utility) /opt/splunk/var/run/splunk/cluster/remote-bundle. I have tried to check the logs under /opt/splunk/var/log/ (splunkd , utility, audit and other logs but nothing concrete I could find), except sometimes getting bundle validation failed (not for each deployment though). Any suggestions around this please? is this due to upgrade or some other issue?
Hi, How do we install a java agent using Jenkins? 
Hello Im running this query: index="prod" | rex field=source "(?<crate>.*?)/" | stats dc(crate)H But the number of results is 400 less than expected. Im wondering if the query is wrong... See more...
Hello Im running this query: index="prod" | rex field=source "(?<crate>.*?)/" | stats dc(crate)H But the number of results is 400 less than expected. Im wondering if the query is wrong or something is not working with the indexing ? Thanks