All Topics

Top

All Topics

Hello,   May I please know how to display a popup as soon as the dashboard opens? If there is any HTML code or a JS file for it please do let me know .....You valuable suggestions are required... ... See more...
Hello,   May I please know how to display a popup as soon as the dashboard opens? If there is any HTML code or a JS file for it please do let me know .....You valuable suggestions are required...  
Can , anyone help me where can I find the above dashboard in splunk , in Monitoring console.
Hi Team, I am unable to extract the Timestamp value from the below message in splunk events using rex command and add that value to new field. I request you to kindly look into this and help me out ... See more...
Hi Team, I am unable to extract the Timestamp value from the below message in splunk events using rex command and add that value to new field. I request you to kindly look into this and help me out in extracting that value to the new field by name TIME. Below is the event message. The Timestamp value is 20240301. We have to extract the similar values and add those value to the field TIME Dataframe row : {"_c0":{"0":"{","1":" \"0\": {","2":" \"jobname\": \"A001_GVE_ADHOC_AUDIT\"","3":" \"status\": \"ENDED NOTOK\"","4":" \"Timestamp\": \"20240301\"","5":" }","6":" \"1\": {","7":" \"jobname\": \"BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_TSYS\"","8":" \"status\": \"ENDED NOTOK\"","9":" \"Timestamp\": \"20240301\"","10":" }","11":" \"2\": {","12":" \"jobname\": \"BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_TSYS_WEEKLY\"","13":" \"status\": \"ENDED NOTOK\"","14":" \"Timestamp\": \"20240301\"","15":" }","16":" \"3\": {","17":" \"jobname\": \"D001_GVE_SOFT_MATCHING_GDH_CA\"","18":" \"status\": \"ENDED NOTOK\"","19":" \"Timestamp\": \"20240301\"","20":" }","21":" \"4\": {","22":" \"jobname\": \"D100_AKS_CDWH_SQOOP_TRX_ORG\"","23":" \"status\": \"ENDED NOTOK\"","24":" \"Timestamp\": \"20240301\"","25":" }","26":" \"5\": {","27":" \"jobname\": \"D100_AKS_CDWH_SQOOP_TYP_123\"","28":" \"status\": \"ENDED NOTOK\"","29":" \"Timestamp\": \"20240301\"","30":" }","31":" \"6\": {","32":" \"jobname\": \"D100_AKS_CDWH_SQOOP_TYP_45\"","33":" \"status\": \"ENDED OK\"","34":" \"Timestamp\": \"20240301\"","35":" }","36":" \"7\": {","37":" \"jobname\": \"D100_AKS_CDWH_SQOOP_TYP_ENPW\"","38":" \"status\": \"ENDED NOTOK\"","39":" \"Timestamp\": \"20240301\"","40":" }","41":" \"8\": {","42":" \"jobname\": \"D100_AKS_CDWH_SQOOP_TYP_T\"","43":" \"status\": \"ENDED NOTOK\"","44":" \"Timestamp\": \"20240301\"","45":" }","46":" \"9\": {","47":" \"jobname\": \"DREAMPC_CALC_ML_NAMESAPCE\"","48":" \"status\": \"ENDED NOTOK\"","49":" \"Timestamp\": \"20240301\"","50":" }","51":" \"10\": {","52":" \"jobname\": \"DREAMPC_MEMORY_AlERT_SIT\"","53":" \"status\": \"ENDED NOTOK\"","54":" \"Timestamp\": \"20240301\"","55":" }","56":" \"11\": {","57":" \"jobname\": \"DREAM_BDV_NBR_PRE_REQUISITE_TLX_LSP_3RD_PARTY_TRNS\"","58":" \"status\": \"ENDED NOTOK\"","59":" \"Timestamp\": \"20240301\"","60":" }","61":" \"12\": {","62":" \"jobname\": \"DREAM_BDV_NBR_PRE_REQUISITE_TLX_LSP_3RD_PARTY_TRNS_WEEKLY\"","63":" \"status\": \"ENDED NOTOK\"","64":" \"Timestamp\": \"20240301\"","65":" }","66":" \"13\": {","67":" \"jobname\": \"DREAM_BDV_NBR_STG_TLX_LSP_3RD_PARTY_TRNS\"","68":" \"status\": \"ENDED OK\"","69":" \"Timestamp\": \"20240301\"","70":" }","71":" \"14\": {","72":" \"jobname\": \"DREAM_BDV_NBR_STG_TLX_LSP_3RD_PARTY_TRNS_WEEKLY\"","73":" \"status\": \"ENDED OK\"","74":" \"Timestamp\": \"20240301\"","75":" }","76":" \"15\": {","77":" \"jobname\": \"DREAM_BDV_NBR_TLX_LSP_3RD_PARTY_TRNS\"","78":" \"status\": \"ENDED OK\"","79":" \"Timestamp\": \"20240301\"","80":" }","81":" \"16\": {","82":" \"jobname\": \"DREAM_BDV_NBR_TLX_LSP_3RD_PARTY_TRNS_WEEKLY\"","83":" \"status\": \"ENDED OK\"","84":" \"Timestamp\": \"20240301\"","85":" }","86":" \"17\": {","87":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_GDH\"","88":" \"status\": \"ENDED OK\"","89":" \"Timestamp\": \"20240301\"","90":" }","91":" \"18\": {","92":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_GDH_WEEKLY\"","93":" \"status\": \"ENDED OK\"","94":" \"Timestamp\": \"20240301\"","95":" }","96":" \"19\": {","97":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_SAMCONTDEPOT\"","98":" \"status\": \"ENDED NOTOK\"","99":" \"Timestamp\": \"20240301\"","100":" }","101":" \"20\": {","102":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_TLXLSP_TRXN\"","103":" \"status\": \"ENDED NOTOK\"","104":" \"Timestamp\": \"20240301\"","105":" }","106":" \"21\": {","107":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_TRADEABR\"","108":" \"status\": \"ENDED OK\"","109":" \"Timestamp\": \"20240301\"","110":" }","111":" \"22\": {","112":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_TRADEABR_WEEKLY\"","113":" \"status\": \"ENDED OK\"","114":" \"Timestamp\": \"20240301\"","115":" }","116":" \"23\": {","117":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_TRADESON\"","118":" \"status\": \"ENDED NOTOK\"","119":" \"Timestamp\": \"20240301\"","120":" }","121":" \"24\": {","122":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_TRADESON_WEEKLY\"","123":" \"status\": \"ENDED OK\"","124":" \"Timestamp\": \"20240301\"","125":" }","126":" \"25\": {","127":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_ZCI\"","128":" \"status\": \"ENDED NOTOK\"","129":" \"Timestamp\": \"20240301\"","130":" }","131":" \"26\": {","132":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_ZCI_WEEKLY\"","133":" \"status\": \"ENDED NOTOK\"","134":" \"Timestamp\": \"20240301\"","135":" }","136":" \"27\": {","137":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_ZPI\"","138":" \"status\": \"ENDED NOTOK\"","139":" \"Timestamp\": \"20240301\"","140":" }","141":" \"28\": {","142":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_ZPI_WEEKLY\"","143":" \"status\": \"ENDED NOTOK\"","144":" \"Timestamp\": \"20240301\"","145":" }","146":" \"29\": {","147":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQ_SAMCONTDEPOT_WEEKLY\"","148":" \"status\": \"ENDED NOTOK\"","149":" \"Timestamp\": \"20240301\"","150":" }","151":" \"30\": {","152":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQ_TALANX_TRAN\"","153":" \"status\": \"ENDED NOTOK\"","154":" \"Timestamp\": \"20240301\"","155":" }","156":" \"31\": {","157":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQ_TALANX_TRAN_WEEKLY\"","158":" \"status\": \"ENDED NOTOK\"","159":" \"Timestamp\": \"20240301\"","160":" }","161":" \"32\": {","162":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQ_TLXLSP_TRXN_WEEKLY\"","163":" \"status\": \"ENDED NOTOK\"","164":" \"Timestamp\": \"20240301\"","165":" }","166":" \"33\": {","167":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_STG_TRADEABR\"","168":" \"status\": \"ENDED NOTOK\"","169":" \"Timestamp\": \"20240301\"","170":" }","171":" \"34\": {","172":" \"jobname\": \"DREAM_BUILD_GDH_MIS_BDV_01\"","173":" \"status\": \"ENDED OK\"","174":" \"Timestamp\": \"20240301\"","175":" }","176":" \"35\": {","177":" \"jobname\": \"DREAM_BUILD_GDH_MIS_BDV_02\"","178":" \"status\": \"ENDED OK\"","179":" \"Timestamp\": \"20240301\"","180":" }","181":" \"36\": {","182":" \"jobname\": \"DREAM_BUILD_GDH_MIS_BDV_03\"","183":" \"status\": \"ENDED OK\"","184":" \"Timestamp\": \"20240301\"","185":" }","186":" \"37\": {","187":" \"jobname\": \"DREAM_BUILD_GDH_MIS_BDV_04\"","188":" \"status\": \"ENDED OK\"","189":" \"Timestamp\": \"20240301\"","190":" }","191":" \"38\": {","192":" \"jobname\": \"DREAM_BUILD_GDH_MIS_BDV_LINK\"","193":" \"status\": \"ENDED OK\"","194":" \"Timestamp\": \"20240301\"","195":" }","196":" \"39\": {","197":" \"jobname\": \"DREAM_BUILD_GDH_MIS_BDV_UNION\"","198":" \"status\": \"ENDED OK\"","199":" \"Timestamp\": \"20240301\"","200":" }","201":" \"40\": {","202":" \"jobname\": \"DREAM_CALC_BDV_CONTROL_COPY\"","203":" \"status\": \"ENDED NOTOK\"","204":" \"Timestamp\": \"20240301\"","205":" }","206":" \"41\": {","207":" \"jobname\": \"DREAM_CDWH_TLX_LSP_3RD_PARTY_TRNS_FACT_OUTBOUND_WEEKLY\"","208":" \"status\": \"ENDED OK\"","209":" \"Timestamp\": \"20240301\"","210":" }","211":" \"42\": {","212":" \"jobname\": \"DREAM_FILE_DELETION_OUTBOUND\"","213":" \"status\": \"ENDED NOTOK\"","214":" \"Timestamp\": \"20240301\"","215":" }","216":" \"43\": {","217":" \"jobname\": \"DREAM_FVDB_TLX_LSP_3RD_PARTY_TRNS_FACT_OUTBOUND_WEEKLY\"","218":" \"status\": \"ENDED OK\"","219":" \"Timestamp\": \"20240301\"","220":" }","221":" \"44\": {","222":" \"jobname\": \"DREAM_FVDB_TOCSV_TLX_LSP_3RD_PARTY_TRNS_FACT_OUTBOUND_WEEKLY\"","223":" \"status\": \"ENDED OK\"","224":" \"Timestamp\": \"20240301\"","225":" }","226":" \"45\": {","227":" \"jobname\": \"DREAM_GVE_GDH_NEW_BUSINESS_FACT_OUTBOUND\"","228":" \"status\": \"ENDED OK\"","229":" \"Timestamp\": \"20240301\"","230":" }","231":" \"46\": {","232":" \"jobname\": \"DREAM_GVE_TLX_LSP_3RD_PARTY_TRNS_FACT_OUTBOUND_WEEKLY\"","233":" \"status\": \"ENDED OK\"","234":" \"Timestamp\": \"20240301\"","235":" }","236":" \"47\": {","237":" \"jobname\": \"DREAM_MEMORY_ALERT_SIT\"","238":" \"status\": \"ENDED OK\"","239":" \"Timestamp\": \"20240301\"","240":" }","241":" \"48\": {","242":" \"jobname\": \"DREAM_MIS_BDV_GMOMIS46_GDH_CORRECTION\"","243":" \"status\": \"ENDED OK\"","244":" \"Timestamp\": \"20240301\"","245":" }","246":" \"49\": {","247":" \"jobname\": \"DREAM_MIS_BDV_TALANXLSP_INVENTORY_THIRD_PARTY_PRE_REQUISITE\"","248":" \"status\": \"ENDED NOTOK\"","249":" \"Timestamp\": \"20240301\"","250":" }","251":" \"50\": {","252":" \"jobname\": \"DREAM_MIS_BDV_TALANX_INSURANCE_PRE_REQUISITE\"","253":" \"status\": \"ENDED OK\"","254":" \"Timestamp\": \"20240301\"","255":" }","256":" \"51\": {","257":" \"jobname\": \"DREAM_MIS_BDV_TALANX_INSURANCE_WEEKLY_PRE_REQUISITE\"","258":" \"status\": \"ENDED OK\"","259":" \"Timestamp\": \"20240301\"","260":" }","261":" \"52\": {","262":" \"jobname\": \"DREAM_MIS_BDV_TALANX_LSP3P_INV\"","263":" \"status\": \"ENDED NOTOK\"","264":" \"Timestamp\": \"20240301\"","265":" }","266":" \"53\": {","267":" \"jobname\": \"DREAM_MIS_BDV_TALANX_LSP3P_TRANSACTION\"","268":" \"status\": \"ENDED NOTOK\"","269":" \"Timestamp\": \"20240301\"","270":" }","271":" \"54\": {","272":" \"jobname\": \"DREAM_MIS_BDV_TSYS_STOCK_PRE_REQUISITE\"","273":" \"status\": \"ENDED NOTOK\"","274":" \"Timestamp\": \"20240301\"","275":" }","276":" \"55\": {","277":" \"jobname\": \"DREAM_MIS_BDV_TSYS_STOCK_PRE_REQUISITE_WEEKLY\"","278":" \"status\": \"ENDED OK\"","279":" \"Timestamp\": \"20240301\"","280":" }","281":" \"56\": {","282":" \"jobname\": \"DREAM_MIS_PRECHECK_TALANXLSPDB_INVENTORY\"","283":" \"status\": \"ENDED NOTOK\"","284":" \"Timestamp\": \"20240301\"","285":" }","286":" \"57\": {","287":" \"jobname\": \"DREAM_MIS_PRECHECK_ZCI_INVENTORY_MONTHLY\"","288":" \"status\": \"ENDED OK\"","289":" \"Timestamp\": \"20240301\"","290":" }","291":" \"58\": {","292":" \"jobname\": \"DREAM_MIS_PRECHECK_ZCI_TRANSACTION_MONTHLY\"","293":" \"status\": \"ENDED OK\"","294":" \"Timestamp\": \"20240301\"","295":" }","296":" \"59\": {","297":" \"jobname\": \"DREAM_MIS_PRECHECK_ZPI_INVENTORY_MONTHLY\"","298":" \"status\": \"ENDED NOTOK\"","299":" \"Timestamp\": \"20240301\"","300":" }","301":" \"60\": {","302":" \"jobname\": \"DREAM_MIS_PRECHECK_ZPI_TRANSACTION_MONTHLY\"","303":" \"status\": \"ENDED OK\"","304":" \"Timestamp\": \"20240301\"","305":" }","306":" \"61\": {","307":" \"jobname\": \"DREAM_MIS_VP_FACTOR_PRE_PROCESSING\"","308":" \"status\": \"ENDED OK\"","309":" \"Timestamp\": \"20240301\"","310":" }","311":" \"62\": {","312":" \"jobname\": \"DREAM_NEW_BUSINESS_DETECTION_TLX_LSP3P_TRANSACTION\"","313":" \"status\": \"ENDED NOTOK\"","314":" \"Timestamp\": \"20240301\"","315":" }","316":" \"63\": {","317":" \"jobname\": \"DREAM_PRECHECK_GDH_DAILY_DATA\"","318":" \"status\": \"ENDED NOTOK\"","319":" \"Timestamp\": \"20240301\"","320":" }","321":" \"64\": {","322":" \"jobname\": \"DREAM_PRECHECK_TLX_DAILY_DATA_LSP3P_INV\"","323":" \"status\": \"ENDED OK\"","324":" \"Timestamp\": \"20240301\"","325":" }","326":" \"65\": {","327":" \"jobname\": \"DREAM_PRECHECK_TLX_DAILY_DATA_LSP3P_TRANSACTION\"","328":" \"status\": \"ENDED NOTOK\"","329":" \"Timestamp\": \"20240301\"","330":" }","331":" \"66\": {","332":" \"jobname\": \"DREAM_PRECHECK_TLX_LSP3P_TRANSACTION_DAILY\"","333":" \"status\": \"ENDED NOTOK\"","334":" \"Timestamp\": \"20240301\"","335":" }","336":" \"67\": {","337":" \"jobname\": \"DREAM_RDL_GDH_NEW_BUSINESS_FACT\"","338":" \"status\": \"ENDED NOTOK\"","339":" \"Timestamp\": \"20240301\"","340":" }","341":" \"68\": {","342":" \"jobname\": \"DREAM_RDL_STG_GDH_NEW_BUSINESS_FACT\"","343":" \"status\": \"ENDED NOTOK\"","344":" \"Timestamp\": \"20240301\"","345":" }","346":" \"69\": {","347":" \"jobname\": \"DREAM_RDL_STG_TLX_LSP_3RD_PARTY_TRNS_FACT\"","348":" \"status\": \"ENDED OK\"","349":" \"Timestamp\": \"20240301\"","350":" }","351":" \"70\": {","352":" \"jobname\": \"DREAM_RDL_STG_TLX_LSP_3RD_PARTY_TRNS_FACT_WEEKLY\"","353":" \"status\": \"ENDED OK\"","354":" \"Timestamp\": \"20240301\"","355":" }","356":" \"71\": {","357":" \"jobname\": \"DREAM_RDL_TLX_LSP_3RD_PARTY_TRNS_FACT\"","358":" \"status\": \"ENDED NOTOK\"","359":" \"Timestamp\": \"20240301\"","360":" }","361":" \"72\": {","362":" \"jobname\": \"DREAM_RDL_TLX_LSP_3RD_PARTY_TRNS_FACT_WEEKLY\"","363":" \"status\": \"ENDED OK\"","364":" \"Timestamp\": \"20240301\"","365":" }","366":" \"73\": {","367":" \"jobname\": \"DREAM_REDUCE_FILE_SIZE\"","368":" \"status\": \"ENDED NOTOK\"","369":" \"Timestamp\": \"20240301\"","370":" }","371":" \"74\": {","372":" \"jobname\": \"DREAM_SDM_STG_GMARS_FDWRISK_FACT\"","373":" \"status\": \"ENDED NOTOK\"","374":" \"Timestamp\": \"20240301\"","375":" }","376":" \"75\": {","377":" \"jobname\": \"DREAM_SDM_STG_TLX_LSP_3RD_PARTY_TRNS_FACT_WEEKLY\"","378":" \"status\": \"ENDED OK\"","379":" \"Timestamp\": \"20240301\"","380":" }","381":" \"76\": {","382":" \"jobname\": \"DREAM_TDM_STG_TALANXLSP_TRANSACTION_THIRD_PARTY_NB_FACT_WEEKLY\"","383":" \"status\": \"ENDED OK\"","384":" \"Timestamp\": \"20240301\"","385":" }","386":" \"77\": {","387":" \"jobname\": \"M002_GVE_SALES_KEY_MATCH_MAP_GVE_TO_DC\"","388":" \"status\": \"ENDED OK\"","389":" \"Timestamp\": \"20240301\"","390":" }","391":" \"78\": {","392":" \"jobname\": \"M003_GVE_AKS_PAYMNET_TRANSACTION_LOAD\"","393":" \"status\": \"ENDED NOTOK\"","394":" \"Timestamp\": \"20240301\"","395":" }","396":"}"}}   
  "I want to deploy my settings to another search head while using a virtual machine. However, whenever I attempt to authorize, the following error occurs:"     Bad Request — editTracker failed, ... See more...
  "I want to deploy my settings to another search head while using a virtual machine. However, whenever I attempt to authorize, the following error occurs:"     Bad Request — editTracker failed, reason='WARN: path=/masterlm/usage: This license does not support being a remote master. from ip=172.18.0.3'      
Please add proxy support for this applications.
For years I have kept a standalone Splunk Enterprise running on Macbooks.  Typically I keep MacOS in sleep or running mode overnight.  Splunk will run until I reboot (or forced restart).  Never had a... See more...
For years I have kept a standalone Splunk Enterprise running on Macbooks.  Typically I keep MacOS in sleep or running mode overnight.  Splunk will run until I reboot (or forced restart).  Never had a problem. But in the past two weeks, I had two nights during which splunkd on one Macbook entered a "frozen" state in that it will respond to some HTTP queries (e.g., listing dashboards) but all search jobs stopped responding.  I had to either run the Splunk launcher to stop it then relaunch, or reboot. Meanwhile, another Macbook continues to run Splunk fine (in sleep mode). Anyone experience the same?  What could be possible causes?  Neither instance has any recurring jobs or ingestion.  Current version is 9.1.2.  The problematic one runs MacOS 12.7.3/M1. (Last updated some weeks ago.)  The other one runs the same MacOS on Intel.
Hi, Have anyone faced this issue where you received a Unauthorized 401 error response from ServiceNow? The scenario is as below. We are using a AD service account userA to interact with Service... See more...
Hi, Have anyone faced this issue where you received a Unauthorized 401 error response from ServiceNow? The scenario is as below. We are using a AD service account userA to interact with ServiceNow for incident creation . On Splunk Side, we are using Basic Auth. On AD, user account is set to never expired.   So far below we have checked the service account status. No changes was made but the issue was sudden. Ran the query  >index=_internal sourcetype="ta_snow_ticket host IN ( search head) Above query was the one, we saw the Return code is 401 (Unauthorized) What else can be checked? As of now, we are planning to reset the service account password and try again. But if it works the issue is finding what cause the password to be changed when it have been set to never expires.  
Hi All,   I've been using the Addon Builder to create some modular inputs and associated AddOn configuration pages including account names. I've also shoehorned in some custom search commands which... See more...
Hi All,   I've been using the Addon Builder to create some modular inputs and associated AddOn configuration pages including account names. I've also shoehorned in some custom search commands which use the automatically generated configuration settings from the Web GUI. One thing I noticed was when you deploy the app to a search head cluster Addon Configuration changes do not migrate across the cluster. I thought it used REST endpoints to make these changes so they should replicate across the cluster? Might be worth putting something in the documentation so users are aware that the apps Addonbuilder makes will not be fully functional in a search head cluster environment.   The only solution we've found is to manually log into each Search Head in the cluster and make the changes on each one individually.
The complexity of IT environments is skyrocketing, and traditional monitoring tools often fail to provide the complete end-to-end visibility needed to keep up.  The answer? Observability.  But ... See more...
The complexity of IT environments is skyrocketing, and traditional monitoring tools often fail to provide the complete end-to-end visibility needed to keep up.  The answer? Observability.  But how do you make the leap from reactive monitoring to proactive observability?  Watch this on-demand presentation from Cisco Live 2024 to explore what this transition looks like — and how Cisco Full-Stack Observability can help.   ​​​​​​A blueprint for the journey towards Cisco Full-Stack Observability You’ll learn:  Why observability is essential to overcome the challenges of growing IT silos and tool sprawl.  Strategies to help you navigate the path to observability, whatever your starting point.  How Cisco Full-Stack Observability is designed to observe, secure, and optimize the entire IT environment.  Check out the recording for the steps you need to take to build a winning observability strategy.  Watch now!
Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk Enterprise 9.2 release. You will hear from the Splunk product team on platform initiatives that ... See more...
Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk Enterprise 9.2 release. You will hear from the Splunk product team on platform initiatives that are helping to improve your experience. Hear about our release methodology improvements and how it can help you stay current while meeting the operational constraints of rolling it out in your organization. Key Takeaways: Learn about new features and updates to the Splunk Enterprise 9.2 release Learn about platform initiatives that are designed to help you receive value faster Learn about new changes to our release methodology that can help you stay current Full Tech Talk here:
Phishing and malware attacks continue to surge, and phishing campaigns grow increasingly complex – all of which leaves analysts buried under a daily avalanche of alerts. As threat actors become m... See more...
Phishing and malware attacks continue to surge, and phishing campaigns grow increasingly complex – all of which leaves analysts buried under a daily avalanche of alerts. As threat actors become more adept at evading detection solutions with novel ways to deliver malware, the SOC requires an advanced solution to keep up with the continual shift of threat actor TTPs to protect the enterprise. Join Sr. Principal Product Manager, Neal Iyer, to learn how automated threat analysis strengthens the overall unified security operations experience of Splunk Security through: Initial triage at scale via automated end-to-end threat analysis and response and the ability to prioritize SOAR cases for analyst review Enhanced Splunk Enterprise Security (ES) notables with automated analysis of URLs Out of the box dashboards that empower SOC leadership to understand patterns in alert volumes and provide blue teams insights on how adversaries are getting past their defenses Watch the full Tech Talk here:
Hello, I have a set of Grade (Math, English, Science) data for Student1 and Student2 from 2/8/2024  to 3/1/2024 How to display timechart multivalues without colon? The complete search is down ... See more...
Hello, I have a set of Grade (Math, English, Science) data for Student1 and Student2 from 2/8/2024  to 3/1/2024 How to display timechart multivalues without colon? The complete search is down below.   Thank you so much for your help. This is the result with colon Is it possible to display the data like the following?  Should I parse the data to get the display like below or is there a better way to do this? Student Grades 2/8/2024 2/15/2024 2/22/2024 2/29/2024 Student1 EnglishGrade 10 7 7 10 Student1 MathGrade 10 7 7 10 Student1 ScienceGrade 10 7 7 10 Student2 EnglishGrade 9 6 7 9 Student2 MathGrade 9 6 7 9 Student2 ScienceGrade 9 6 7 9 Here's the search   | makeresults format=csv data="_time,Student,MathGrade,EnglishGrade,ScienceGrade 1707368400,Student1,10,10,10 1707454800,Student1,9,9,9 1707541200,Student1,8,8,8 1707627600,Student1,7,7,7 1707714000,Student1,6,6,6 1707800400,Student1,5,5,5 1707886800,Student1,6,6,6 1707973200,Student1,7,7,7 1708059600,Student1,8,8,8 1708146000,Student1,9,9,9 1708232400,Student1,10,10,10 1708318800,Student1,10,10,10 1708405200,Student1,9,9,9 1708491600,Student1,8,8,8 1708578000,Student1,7,7,7 1708664400,Student1,6,6,6 1708750800,Student1,5,5,5 1708837200,Student1,6,6,6 1708923600,Student1,7,7,7 1709010000,Student1,8,8,8 1709096400,Student1,9,9,9 1709182800,Student1,10,10,10 1709269200,Student1,10,10,10 1707368400,Student2,9,9,9 1707454800,Student2,5,5,5 1707541200,Student2,6,6,6 1707627600,Student2,7,7,7 1707714000,Student2,8,8,8 1707800400,Student2,9,9,9 1707886800,Student2,5,5,5 1707973200,Student2,6,6,6 1708059600,Student2,7,7,7 1708146000,Student2,8,8,8 1708232400,Student2,9,9,9 1708318800,Student2,9,9,9 1708405200,Student2,5,5,5 1708491600,Student2,6,6,6 1708578000,Student2,7,7,7 1708664400,Student2,8,8,8 1708750800,Student2,9,9,9 1708837200,Student2,5,5,5 1708923600,Student2,6,6,6 1709010000,Student2,7,7,7 1709096400,Student2,8,8,8 1709182800,Student2,9,9,9 1709269200,Student2,9,9,9" | table _time, Student, MathGrade, EnglishGrade, ScienceGrade | timechart span=1w first(MathGrade) as MathGrade, first(EnglishGrade) as EnglishGrade, first(ScienceGrade) as ScienceGrade by Student useother=f limit=0 | eval _time = strftime(_time,"%m/%d/%Y") | fields - _span _spandays | transpose 0 header_field=_time column_name=Grades    
Hello everyone, I am trying to use Splunk to create an ongoing patching countdown that will be Single Value (Days Until Patch) on my Dashboard. How can I go about accomplishing this? I was able to ca... See more...
Hello everyone, I am trying to use Splunk to create an ongoing patching countdown that will be Single Value (Days Until Patch) on my Dashboard. How can I go about accomplishing this? I was able to calculate 1 patch cycle, but I am not sure how to get it to recalculate for every month. Right now for example, it is telling me the next patch date is 2/29/2024. Hoping someone already has a solution built out. Thank you for any assistance!    This is what I have so far: | makeresults | eval start= strptime("02-01-2024", "%m-%d-%Y") | eval startStr=strftime(start, "%D") | eval PatchDate = relative_time(start ,"+28d") | eval PatchDateString= strftime(PatchDate, "%D") | eval PriorPatchDate = relative_time(start ,"-28d") | eval PriorPatchDateString = strftime(PriorPatchDate, "%D") | eval daysCountD= strftime(PatchDate - now(), "%d") | table daysCountD PriorPatchDateString PatchDateString
I am trying to run the following search: index=tripwire LogCategory="Audit Event" AND "/etc/pki/rpm-gpg/RPM-GPG-KEY-shibboleth-7" AND "myserver.mydomain.com" | rex max_match=0 field=_raw "(?<li... See more...
I am trying to run the following search: index=tripwire LogCategory="Audit Event" AND "/etc/pki/rpm-gpg/RPM-GPG-KEY-shibboleth-7" AND "myserver.mydomain.com" | rex max_match=0 field=_raw "(?<lineData>[^\n]+)" | rex field=Msg "'(?<FilePath>.*)' accessed by" | rex field=_raw "accessed\sby\s'(?<Audit_UserName>.*)'.\sType" | table _time, FilePath, Audit_UserName However, the way I am splitting the multiline data doesn't appear to be working with this data. Here is a sample of the data as viewed in Notepad++ with symbols; Every line ends in CR LF  However, in Splunk it isn't splitting up the events.  What am I missing here?  I have had this work with similar data but unsure what is different in this situation. TIA!
HOw to retrieve NPA and NXX from CNAC.ca using splunk query. 
When a lookup is updated via | outputlookup, does that change the modified time?  For example - search for a lookup or kvstore name and see the SPL that gives overall usage, then have the option to ... See more...
When a lookup is updated via | outputlookup, does that change the modified time?  For example - search for a lookup or kvstore name and see the SPL that gives overall usage, then have the option to filter to only those SPL searches that have an outputlookup that modify the file. index=abc sourcetype=xyz | stats count | outputlookup append=true newlookup.csv How can i track whether outputlokkup file is updated or not using _internal or _audit index. Pleae suggest the splunk query to get the status 
Using the DECRYPT2 app, I have a search that uses the decrypt command to decode a encoded string. It returns results as a table just fine. I created a email alert using this search but the email aler... See more...
Using the DECRYPT2 app, I have a search that uses the decrypt command to decode a encoded string. It returns results as a table just fine. I created a email alert using this search but the email alert fails to trigger unless I remove the decrypted field from the table.  I would like the email alert to be sent which includes the decoded value from the decrypted field. Anyone might know what the issue is? 
Hello, How to use specific start date in weekly timechart? For example: I have a set of Grade (Math, English, Science) data for Student1 and Student2 from 2/8/2024  to 3/1/2024 When I use time... See more...
Hello, How to use specific start date in weekly timechart? For example: I have a set of Grade (Math, English, Science) data for Student1 and Student2 from 2/8/2024  to 3/1/2024 When I use timechart weekly, it always starts with 02/08/2024. | timechart span=1w first(MathGrade) by Student useother=f limit=0 How do I start from other date, such as 02/09/2024 or 02/10/2024? Thank you for your help Here's the search   | makeresults format=csv data="_time,Student,MathGrade,EnglishGrade,ScienceGrade 1707368400,Student1,10,10,10 1707454800,Student1,9,9,9 1707541200,Student1,8,8,8 1707627600,Student1,7,7,7 1707714000,Student1,6,6,6 1707800400,Student1,5,5,5 1707886800,Student1,6,6,6 1707973200,Student1,7,7,7 1708059600,Student1,8,8,8 1708146000,Student1,9,9,9 1708232400,Student1,10,10,10 1708318800,Student1,10,10,10 1708405200,Student1,9,9,9 1708491600,Student1,8,8,8 1708578000,Student1,7,7,7 1708664400,Student1,6,6,6 1708750800,Student1,5,5,5 1708837200,Student1,6,6,6 1708923600,Student1,7,7,7 1709010000,Student1,8,8,8 1709096400,Student1,9,9,9 1709182800,Student1,10,10,10 1709269200,Student1,10,10,10 1707368400,Student2,9,9,9 1707454800,Student2,5,5,5 1707541200,Student2,6,6,6 1707627600,Student2,7,7,7 1707714000,Student2,8,8,8 1707800400,Student2,9,9,9 1707886800,Student2,5,5,5 1707973200,Student2,6,6,6 1708059600,Student2,7,7,7 1708146000,Student2,8,8,8 1708232400,Student2,9,9,9 1708318800,Student2,9,9,9 1708405200,Student2,5,5,5 1708491600,Student2,6,6,6 1708578000,Student2,7,7,7 1708664400,Student2,8,8,8 1708750800,Student2,9,9,9 1708837200,Student2,5,5,5 1708923600,Student2,6,6,6 1709010000,Student2,7,7,7 1709096400,Student2,8,8,8 1709182800,Student2,9,9,9 1709269200,Student2,9,9,9" | table _time, Student, MathGrade, EnglishGrade, ScienceGrade | timechart span=1w first(MathGrade) by Student useother=f limit=0      
Here is my current rex command -      EventCode=1004 | rex field=_raw "Files: (?<Media_Source>.+?\.txt)" | table Media_Source       My source data looks like this -     Files: C:\ProgramDa... See more...
Here is my current rex command -      EventCode=1004 | rex field=_raw "Files: (?<Media_Source>.+?\.txt)" | table Media_Source       My source data looks like this -     Files: C:\ProgramData\Roxio Log Files\Test.test_user_20240305122549.txt SHA1: 73b710056457bd9bda5fee22bb2a2ada8aa9f3e0       My current rex result is -  C:\ProgramData\Roxio Log Files\Test.test_user_20240305122549.txt How do I make it - Test.test_user_20240305122549.txt Im trying to drop - C:\ProgramData\Roxio Log Files\
Hi, Been trying to connect/join two log sources which have fields that share the same values. To break it down: source_1 field_A, field_D, and field_E source_2 field_B, and field_C f... See more...
Hi, Been trying to connect/join two log sources which have fields that share the same values. To break it down: source_1 field_A, field_D, and field_E source_2 field_B, and field_C field_a and field_b can share same value. field_c can correspond to multiple values of field_A/field_B. The query should essentially add field_c from source_2 to every filtered event in source_1 (like a left join, with source_2 almost functioning as a lookup table). I've gotten pretty close with my Join query, but it's a bit slow and not populating all the field_c's. Inspecting the job reveals I'm hitting 50000 result limit. I've also tried a stew query using stats, which is much faster, but it's not actually connecting the events / data together. Here are the queries I've been using so far: join   index=index_1 sourcetype=source_1 field_D="Device" field_E=*Down* OR field_E=*Up* | rename field_A as field_B | join type=left max=0 field_B [ search source="source_2" earliest=-30d@d latest=@m] | table field_D field_E field_B field_C   stats w/ coalesce()   index=index_1 (sourcetype=source_1 field_D="Device" field_E=*Down* OR field_E=*Up*) OR (source="source_2" earliest=-30d@d latest=@m) | eval field_AB=coalesce(field_A, field_B) | fields field_D field_E field_AB field_C | stats values(*) as * by field_AB     expected output field_D field_E field_A/field_B field_C fun_text Up/Down_text shared_value corresponding_value