Hi, We are using the intsights app for splunk cloud as the intsights app installed on splunk idm,we notice that when we try to create a inputs to get the alerts,we are not able to select the custom index created in the indexer. Why the all indexes which are present in splunk cloud not populating in the intsights app splunk idm ??  

A service was set up to measure datastore free space usage, overprovisioning, and read and write activity. The thresholds per entity work fine, and many entities are displayed. The aggregated threshold for the KPIs, however, shows only the values of the top entity. According to the manual, the aggregated threshold should display the average of all entities. Is there a setting that I am not using correctly?

We set up a service measuring datastore free space usage, overprovisioning , read and write activity. Large amount of entities  are shown and per entity thresholds are working fine. However the aggregated threshold for the KPIs show only the values of the top entity.  According to manual the aggregated threshold should present an average of all entities result. Is there a setting I am not using correct?

Hi Team, Need assistance in the installation of appagent on step 5 as attached on the screenshot. On points 2 & 3 we were stuck due to not being able to execute -javaagent command. Please help as we are stuck for a long time.

Hi,  I want to onboard unique data from sql server to splunk, i have db connect app and i configured everything.  We have more than 4 lak events in database and it is dynamic, We have three fields equipment number, contact number, and Company code. Equipment number will be added/updated to database once in a week. How can I onboard unique equipment number every time? 

Hello. We're trying to integrate our Golang application to splunk through APM by following this documentation  Is there any difference especially in terms of cost when sending the data directly to splunk compared to using the splunk collector?

Hello everyone,  I have been working on a Chrome/Edge extension to enable some enhancements in the Splunk SPL search box. Initially, my goal was to enable the ability to toggle comments on and off using Ctrl+/, which is common in most code editors, but I also added other features; like the ability to cut lines using Ctrl+x or toggle showing line numbers with Ctrl+l. You can check out the extension at github. There I provide detailed installation instructions.  I am looking forward to any feedback, questions or suggestions. Thanks, Julio

Hey everyone, just wanted to get some help with regards to some issues i am facing with resetting a Server Enterprise Password from Linux,  i tried making a change onto the server.conf , from the local directory, specifically ,  "/opt/splunk/etc/system/local" ..server.conf   Here is the current directory:  ┌──(root㉿kali)-[/opt/splunk/etc/system/local] └─# ls deploymentclient.conf   migration.conf   README   server.conf web.conf   { [sslConfig] sslPassword = [general] pass4SymmKey = [lmpool:auto_generated_pool_download-trial] description = auto_generated_pool_download-trial peers = * quota = MAX stack_id = download-trial [lmpool:auto_generated_pool_forwarder] description = auto_generated_pool_forwarder peers = * quota = MAX stack_id = forwarder [lmpool:auto_generated_pool_free] description = auto_generated_pool_free peers = * quota = MAX stack_id = free }      From the above, i have also tried removing the SHA 256 algorithm Hash key under the,  "pass4SymmKey =", as well as "sslPassword ="m but after restarting the server, these fields which i omitted, seem to be blank by now ..      As per some help, i was able to remove and also delete the, the server.conf, and prior to that i stopped the server with the following command  ...                    $ ./splunk stop   Then after, this i tried restarting the server with the following command , but the issue here it is  not prompting me to create a new credentials, as per this page below :     ┌──(root㉿kali)-[/opt/splunk/bin]     └─# ./splunk start {  Splunk> All batbelt. No tights. Checking prerequisites... Checking http port [8000]: open Checking mgmt port [8080]: open Checking appserver port [127.0.0.1:8065]: open Checking kvstore port [8191]: open Checking configuration... Done. Checking critical directories... Done Checking kvstore port [8191]: open [223/1590] Checking configuration... Done. Checking critical directories... Done Checking indexes... Validated: _audit _configtracker _internal _introspection _metrics _metrics_rollup _telemetry _thefishbucket history main summary Done Checking filesystem compatibility... Done Checking conf files for problems... Invalid key in stanza [instrumentation.usage.tlsBestPractices] in /opt/splunk/etc/apps/splunk_instrumentation/default/savedsearches.conf, line 451: | append [| rest /services/configs/conf-pythonSslClientConfig | eval ssl VerifyServerCert (value: if(isnull(sslVerifyServerCert),"unset",sslVerifyServerCert), splunk_server=sha256(splunk_server) | stats values(eai:acl.app) as python_configuredApp values(sslVerifyServerCert) as python_sslVerifyServerCert by s plunk_server | eval python_configuredSystem=if(python_configuredApp="system","true","false") | fields python_sslVerifyServerCert, splunk_server, python_configuredSystem] | append [| rest /services/configs/conf-web/settings | eval mgmtHostPort=if(isnull(mgmtHostPort),"unset",mgmtHostPort), splunk_server=sha256(splunk_server) | stats values(eai:acl.app) as fwdrMgmtHostPort_configuredApp values(mgmtHostPor t) as fwdr_mgmtHostPort by splunk_server | eval fwdrMgmtHostPort_configuredSystem=if(fwdrMgmtHostPort_configuredApp="system","true","false") | fields fwdrMgmtHostPort_sslVerifyServerCert, splunk_server, fwdrMgmtHostPort_configuredSystem ] | append [| rest /services/configs/conf-server/sslConfig | eval cliVerifyServerName=if(isnull(cliVerifyServerName),"feature",cliVerifyServerName), splunk_server=sha256(splunk_server) | stats values(cliVerifyServerName) as servername_cli VerifyServerName values(eai:acl.app) as servername_configuredApp by splunk_server | eval cli_configuredSystem=if(cli_configuredApp="system","true","false") | fields cli_sslVerifyServerCert, splunk_server, cli_configuredSystem] | stats values(*) as * by splunk_server | eval date=now() | makejson output=data | eval _time=date, date=strftime(date,"%Y-%m-%d") | fields data date _time). Your indexes and inputs configurations are not internally consistent. For more information, run 'splunk btool check --debug' Done Checking default conf files for edits... Validating installed files against hashes from '/opt/splunk/splunk-9.0.3-dd0128b1f8cd-linux-2.6-x86_64-manifest' All installed files intact. Done All preliminary checks passed. Starting splunk server daemon (splunkd)... PYTHONHTTPSVERIFY is set to 0 in splunk-launch.conf disabling certificate validation for the httplib and urllib libraries shipped with the embedded Python interpreter; must be set to "1" for increased security Enter PEM pass phrase: Done } Waiting for web server at http://127.0.0.1:webport to be available.................................................... Done If you get stuck, we're here to help. Look for answers here: http://docs.splunk.com The Splunk web interface is at http://kali::webport   Can someone help me to change the password, concurrently, i have both "Splunk forwarder" installed on the both machine , Windows Host as well as the  Linux Machine.. But i will like to ingest data from my Linux Machine , this happened recently until i forgot the Server Enterprise password under the VMNET 1, Linux Machine,  ,192.168.0.0/24 :the {http://ocalhost,:web port }, Windows is working fine at the local address 127.0.0.1:webport ..  Thanks for all the help in advance ..     

Hello! Can I ask something very basic as it will help me get started quickly? How can I structure a query to: 1) group records by a [Field1] 2) calculate max and min [Date] for each group of the above (i.e. unique value of [Field1])  3) calculate the difference between max and min [Date] from above Thanks!

Hello I try to download/extract a query and I get the following error: socket.timeout: The read operation timed out Any idea? If downloading it via a web browser is not an option due to size, is there any other alternative? Thanks! 

Hello! I am a user and I have access to https://myorg.splunkcloud.com/en-US/app/myapp/search   I would like to see: 1) what fields and tables I can query (I have access to) 2) what data modelling exists (how tables relate and are joined) 3) some unique values of some of these fields   If I can run SQL, it would be great for example! Otherwise, what is the proper way? My goal is to run a query to return values of some fields applying some filters, the typical stuff!   Thanks!

Hi, Could you please help me in listing out the services request to splunk by user, I' m trying to upload it to the ticketing tool Type                   service         desc onboarding  operational appliances Thanks..  

I registered for a Splunkwork+ account with my .edu email for my university that is on the list for Splunkwork+. I received the verification email, but the link was expired after only a few minutes. Pasting into a web browser got the same results. I can't get the Splunkwork+ site to resend the verification, I just keep getting the about page for college students.

Hey all, requiring some assistance in tuning an out-of-box Splunk detection rule.  Volume Shadow Copy services frequently enters the running/stopped state by itself.  I wish to compare the lastTimeStamp of the running/stopped state of a unique service.  Ideally, if the comparison is more than one hour, a field stoppedForMoreThanAnHour equals to True.  How can I achieve this?

Hello, Can Splunk monitor Microsoft Office 365 Services like, Power Automate, Power BI, PowerApps, Planner etc,? I see SharePoint Online (one of Office 365 Service) is monitored and able to view details. Please advice, if we need to configure anything / install any add-on or need to buy additional license for monitoring Power BI, Power Automate or power Apps? Regards, Shantha Kumar