All Topics

Top

All Topics

I am wondering if anyone has this issue or use case. We are trying to see if we can have a system that would alert us on when a host has stopped sending logs based on the specific index it belongs. F... See more...
I am wondering if anyone has this issue or use case. We are trying to see if we can have a system that would alert us on when a host has stopped sending logs based on the specific index it belongs. For example: We woudl like to know if a firewall has stopped sending logs within 30min and also lets say if a host for another less continuos feed has stopped, exmaple: host A of index=trickle_feed has not send in 4 hours, etc. We are good with the logic on those searches, what i am really looking for is direction on how you create those alerts and assigned them to someone to be follow up on? what other tools you might be using for the triaging and tracking of the alert/incident/ticket/work while the feed for the Quiet host is being restored?   
Hi folks, Our on-premise 5.3.1 SOAR's Ingest daemon is behaving funny in terms of memory management and was wondering if someone can give me any pointers to where to look for what is going wrong. ... See more...
Hi folks, Our on-premise 5.3.1 SOAR's Ingest daemon is behaving funny in terms of memory management and was wondering if someone can give me any pointers to where to look for what is going wrong. In essence, the ingestd keeps on using more and more virtual memory until it maxes out at 256GB and then stops ingesting more data. Restarting the service does solve the issue. I am thinking the root cause might be hiding in 3 places: - poorly written playbooks - I am thinking something might be wrong with the playbooks that we have. We have playbooks running as often as every 5 minutes, so I suppose they can cause resource starvation. Not sure how to dive deeper for potential memory leaks here though.  - something going wrong with the ingestion of containers/better clean-up of closed containers - is it possible that just closing containers without deleting them after X amount of time can cause this? - some weird bug that we've hit - not sure how likely this is but I saw that in version 5.3.4 a bug regarding memory usage has been fixed (PSAAS-9663) so it is on my list, if nothing else turns up   One relevant point to make is that this started occurring after migration from 4.9.X to our current version so I have no idea if this is linked to the fact that we migrated to Python 3 playbooks or the particular product version. Any pointers to where/how to start looking for the root cause are appreciated. Cheers.
A new splunk user here. I am trying to install splunk UF on ubuntu. I get this error while trying to run the package for the first time: Could not open log file "/opt/splunkforwarder/var/log/splu... See more...
A new splunk user here. I am trying to install splunk UF on ubuntu. I get this error while trying to run the package for the first time: Could not open log file "/opt/splunkforwarder/var/log/splunk/first_install.log" for writing (2). I saw some articles online but the suggestions did not resolve the issue for me. If I can get some step by step guide on resolving this, I will be grateful. Thank you.    
In this installment, see how you can use and control the Community’s subscription and notification features Hello, Everyone We are excited to share with you... drop 3 of the Community Welcome... See more...
In this installment, see how you can use and control the Community’s subscription and notification features Hello, Everyone We are excited to share with you... drop 3 of the Community Welcome Center! This collection is focused on subscriptions and notifications Knowing when new relevant content is available can be very valuable. We wanted to be sure you know how to get the most out of subscribing and making sure those notifications trigger when and how you want them to. Subscriptions and notifications, this week in Community 101 We recommend subscribing to specific topic areas, discussions, or labels. You’ll get notifications whenever new content is published, so you don’t need to stop and search for areas of interest.  Understanding your Community notification settings will help get the information you want, at the frequency in which you want it, delivered to you. New articles about subscriptions and notifications How do subscriptions, bookmarks, and notifications work in Community? How do I subscribe to receive Community notifications? How do I review, manage, or delete subscriptions and bookmarks? What settings options are available for automatic Community notifications? Recommended areas to subscribe to  Here are some key areas we recommend you check out and subscribe to: News & Announcements. This Community content is where you'll find advisories, notices, event, product, and industry news Monthly Product Update. The Knowledge Base series with this label is published monthly and provides highlights for new enhancements and other information of note Share a Tip. This space in the Forums invites members to share short tips and hints that make a difference   Where can I find the Welcome Center? Check out the Welcome Center for yourself, from the top navigation under Groups. Cheers,  Claudia and Ryan, AppDynamics Community Managers Related posts Introducing the Community Welcome Center Now in the Welcome Center: new "search how-to" articles   Explore the Welcome Center here
Hi all, Here's an interesting use case, wonder if SOAR can handle it. You send a user an email from SOAR after running a playbook. In the email you ask them a question with a Yes / No Response ... See more...
Hi all, Here's an interesting use case, wonder if SOAR can handle it. You send a user an email from SOAR after running a playbook. In the email you ask them a question with a Yes / No Response User can click "Yes" or "No" hyperlinks in the email, both are URL's linking back to SOAR. SOAR records when the URL is accessed, and notes it down in the related event (e.g. User click "No") Any possible way of doing something like that?
I want to disable the feature of save as, user can able to search but shouldn't be able to save it as a dashboard or report or any knowledge object.  
I have a horizontal bar chart usingthe following post processing search: | stats count by urgency | eval urgency = if(urgency=="-", "unknown", 'urgency') The values of the urgency field are: ... See more...
I have a horizontal bar chart usingthe following post processing search: | stats count by urgency | eval urgency = if(urgency=="-", "unknown", 'urgency') The values of the urgency field are: "1 - High" "2 - Medium" "3 - Low" "unknown" I would like the horizontal bar color to change for each value: "1 - High"  would be Red "2 - Medium" would be Orange "3 - Low" would be Yellow "unknown" would remain blue I have seen code for working with value ranges, but I am looking for code that works only with the value.   Any suggestions are grealy appreciated
I am trying to determine the average time for a set of issues to get resolved. I already created a field named "Duration" that extracts the time periods, the issue is that they're labeled in differen... See more...
I am trying to determine the average time for a set of issues to get resolved. I already created a field named "Duration" that extracts the time periods, the issue is that they're labeled in different time formats, with some combination of Day Hour Minute (ex. 4d 7h 20m, 1d 13m, 7h 43m, 5h, 25m). Duration is a rex created field which pulls the info from a string that looks something like this: issue="D830 System Down - 1930E 13 Jan - 2240 14 Jan (1d 3h 10m) - MU3892" Here is part of the search: index=main ................... . . | rex field=issue ".*\((?P<Duration>\d[^\)]+" | rex field=Duration "((?P<Days>\d{0,2})d\s)?((?P<Hours>\d{0,2})h\s)?(?P<Mins>\d{0,2})m" | eval Days=tonumber(Days) | eval Hours=tonumber(Hours) | eval Mins=tonumber(Mins) | eval MTTR=((Days*1440)+(Hours*60)+(Mins))/60 | table Duration Days Hours Mins MTTR Two combinations work successfully - 1d 12m and 43m Anything that includes the Hours field breaks the rex: - 1d 10h 20m and 20h 10m only pulls Mins - 5h doesn't work at all I ran it in regex101 and it should work for all. What is wrong with my "rex field=Duration " line?
Hello,  I need a search query to detect http outboun irect traffic. Thank  you.
Hello I have 2 lookups. The first one will be getting inputs from a dashboard and getting saved to the lookup(for example: a column called <username>). The second lookup has the same data from ... See more...
Hello I have 2 lookups. The first one will be getting inputs from a dashboard and getting saved to the lookup(for example: a column called <username>). The second lookup has the same data from the first lookup with additional information(for example : columns called <username>,<usercity>,<userstate> ,<usercountry>). I'm trying to take the inputs from the first lookup > use information from the second lookup> and map it out using a clustermap.  Can someone help me with the spl ?  
I'm doing a search for server names and will eventually extract to to a csv. However, each result comes out as one of the following servername.domain: servername.domain servername: servername.... See more...
I'm doing a search for server names and will eventually extract to to a csv. However, each result comes out as one of the following servername.domain: servername.domain servername: servername.domain servername: servername How can I change the results in that particular field to be just servername? I feel like this is where regular expressions may come in to play. 
Hey, Is there a way to retrieve the raw object of an app action in phantom.collect? So I have an app, which returns the following values: data, message, status, parameter And normally that wo... See more...
Hey, Is there a way to retrieve the raw object of an app action in phantom.collect? So I have an app, which returns the following values: data, message, status, parameter And normally that works fine - I can call each of these in turn like this;     data_result = phantom.collect(container=container, datapath=["my_app_action:action_result.data"]) message_result = phantom.collect(container=container, datapath=["my_app_action:action_result.message"])     etc.   but how do I retrieve the full object? e.g. something like this:     all_result = phantom.collect(container=container, datapath=["my_app_action:action_result.*"]) all_result = phantom.collect(container=container, datapath=["my_app_action:*"])     Hope that makes sense.
  January 2023 New Product Releases   Splunk Network Explorer for Infrastructure Monitoring Splunk unveils Network Explorer, a new feature integrated within the Infrastructure Monitoring... See more...
  January 2023 New Product Releases   Splunk Network Explorer for Infrastructure Monitoring Splunk unveils Network Explorer, a new feature integrated within the Infrastructure Monitoring solution designed to bring network-level visibility to cloud-native environments. With this new capability, SRE and developers can finally get full visibility into their Kubernetes environment to better monitor their cloud and microservices and troubleshoot faster.   Incident Intelligence Public Preview Splunk Incident Intelligence public preview is now available! An incident response solution, Splunk Incident Intelligence connects IT and DevOps teams handling on-call responsibilities to the data they need to diagnose, remediate, and restore services before customers are impacted. This is available to all Splunk Observability Cloud suite and a la carte product customers. With the introduction of Splunk Incident Intelligence to Splunk Observability Cloud we are the only observability vendor to offer infrastructure, application, and digital experience monitoring with AIOps and incident response capabilities in one unified experience. ICYMI Dos and Don’ts of Observability: Lessons Learned from RedMonk Can Your Cloud Migration Strategy Keep Up With the Speed of Business? DevSecOps: The What, Why, Who, and How New Splunk APM Enhancements Help Troubleshoot Your MySQL and NoSQL Databases Faster     FREE Observability eLearning Courses Help You Up-Skill with Splunk Splunk can give you the superpowers you need to save the day. Our latest survey shows that the strongest superheroes up-skill with Splunk Education. That’s why we are making Splunk training easier and more accessible than ever. Get started today with these Observability self-paced, free eLearning courses. Result Modification This three-hour course is for power users who want to use commands to manipulate output and normalize data.  Register  Working with Time This three-hour course is for power users who want to become experts at using time in searches.  Register  Getting Data In This 2-hour introductory course is designed for anyone who wants to use the Splunk Distribution of the OpenTelemetry (OTel) Collector to send metrics and logs to Splunk Observability Cloud, including basic troubleshooting during setup.  Register Statistical Processing This three-hour course is for power users who want to identify and use transforming commands and eval functions to calculate statistics on their data.  Register Creating Knowledge Objects This three-hour course is for knowledge managers who want to learn how to create knowledge objects for their search environment using the Splunk web interface.   Register Creating Field Extractions This three-hour course is for knowledge managers who want to learn about field extraction and the Field Extractor (FX) utility.  Register Enriching Data with Lookups This three-hour course is for knowledge managers who want to use lookups to enrich their search environment.  Register Data Models This three-hour course is for knowledge managers who want to learn how to create and accelerate data models.  Register Introduction to Splunk Synthetic Monitoring Learn what Splunk Synthetic Monitoring is, explore the UI and differentiate the types of tests. Register     Cloud Customers Add your “Security Contact” Today for Cybersecurity-based “Data Breach” Legal Notices We work hard to protect your data. In the event of a data breach incident, we need to act fast and be confident we’re communicating with the right people. Good news, we’re making it easy for you to add and manage this through our new “Security Contact” feature. Please take a few minutes to add one or more individual emails or email aliases as your Security Contact(s) through the Customer Portal. Learn more here.       Talk to Splunk Product Design Our product design team is currently looking for Splunk users to talk to about their experiences with Splunk products. Sign up here to participate in upcoming studies and shape the future of our products and roadmaps!         Lantern Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data insights, key use cases, and tips on managing Splunk more efficiently. We also host Getting Started Guides for a range of Splunk products, Product Tips, and Data Descriptor articles. This month we’re sharing a swathe of new articles written by fantastic Splunk partners. We’re also requesting help from Splunkers and partners to help us write articles on a range of hot topics requested by Splunk customers. If you’re a Splunker or partner with expertise to share, we’d love to hear from you!  Read on to find out more.       Education Register for a FREE Certification Exam, Now in Beta Are you ready to validate your knowledge of all-things-Observability? Then you’ll be happy to know that we have a New Splunk Certification: Splunk O11y Cloud Certified Metrics User. Registration for this new Certification exam is open NOW in beta.  As a beta, this exam is FREE for all candidates, is a bit longer, and the results are valid for those who pass,  but the results will not be available until May or June. If you feel ready and qualified for the challenge, practice for the exam using the test blueprint and register for a free exam appointment. All the details can be found on the Splunk Registration Page on the Website.       Splunkbase Did you join the recent Builder Tech Talks on getting the most out of the new Splunkbase user interface? If not, you can watch the replays and join the discussion in the Splunk Community.  With the new year come lots of new and updated apps in Splunkbase! Or maybe you want to see what’s popular among Splunk customers. Take a look and try a new app!   Community We are Happy to Share the Newest Updates in Splunk Cloud Platform 9.0.2209!  Analysts can benefit from faster troubleshooting, enhanced drill-down capabilities, streamlined viewing of Dashboard Studio and Classic dashboards on Splunk Mobile with a scannable QR code for each dashboard that automatically registers users and displays the dashboard on their mobile device, etc.  Admins can benefit from easier configuration with a user interface to directly set specific stanzas, improved security management with the ability to limit which domains can import images on their dashboards, etc. Read the blog post for more details! Tech Talks | Now On Demand Security Edition: Fusing Intelligence into Splunk SOAR | Watch Now Platform Edition: Splunk Cloud Platform Migration Lessons Learned | Watch Now   Until Next Month, Happy Splunking!
I have a simple question for documentation purposes. What are the default ports and services being used on them for the Splunk heavy forwarder and Splunk ES?
Hi, I have a csv that is imported to splunk and one of those fields has a space for the thousands and ends with  ",00",  I need it to be an integer only with numbers.   I can solve this th... See more...
Hi, I have a csv that is imported to splunk and one of those fields has a space for the thousands and ends with  ",00",  I need it to be an integer only with numbers.   I can solve this this with 2 lines:        | eval test=replace(field1,",00","")        | eval test=replace(test," ","") But I want to create a new field with Calculated fields. How can I do that in one line of code?
January 2023   Splunk Security Essentials (SSE) 3.7.0 Release The free Splunk Security Essentials (SSE) 3.7.0 app was released in early December and includes some great new updates: ... See more...
January 2023   Splunk Security Essentials (SSE) 3.7.0 Release The free Splunk Security Essentials (SSE) 3.7.0 app was released in early December and includes some great new updates: The ability to push MITRE ATT&CK and Cyber Kill Chain attributions to the ES Incident Review Dashboard Metrics and visualization on how many data sources are enabled from corresponding originating apps The ability to search for content using free text in Content Mapping Learn more about these new updates and more in our blog, and download SSE to get started today. Tech Talks: Security Edition | Now On Demand   Machine Learning in Security   Splunk customer Saudi Aramco recently presented on how their organization uses the analytical power of Splunk to hunt for cyber and insider threats and how they also utilize the Splunk Machine Learning Toolkit (MLTK) for novelty and outlier detection. View the recording here.   Fusing Intelligence into Splunk SOAR     Watch this session to learn how Splunk® Intelligence Management ingests, normalizes and prioritizes intelligence from over 70 sources to simplify Splunk® SOAR playbooks. Watch Now   Essential Guide to Risk-based Alerting   This new guide shows how risk-based alerting in Splunk Enterprise Security can reduce the number of overall alerts while increasing the fidelity of alerts that do arise. Download your copy here, and watch this video to see a demo of how to work with risk-based alerts in Splunk Enterprise security.   Detections & Analytics from the Splunk Threat Research Team The Splunk Threat Research Team (STRT) has had three recent releases of security content in the Enterprise Security Content Update (ESCU) app, with the most recent being v3.55.0. These releases delivered 29 new detections and 6 new analytic stories, which are all available in Splunk Enterprise Security via the ESCU application update process or via Splunk Security Essentials (SSE). The Splunk Threat Research Team has also published the following blogs to help you stay ahead of threats: Detecting Cloud Account Takeover Attacks: Threat Research Release, October 2022 From Macros to No Macros: Continuous Malware Improvements by QakBot Inside the Mind of a ‘Rat’ - Agent Tesla Detection and Analysis CISA Top Malware Summary   Splunk Data Security Predictions 2023 Splunk security experts have provided their take on the threats and strategies that will define 2023. Download your copy here and register to join SURGe team members Ryan Kovar and Mick Baccio for the webinar Staying Cyber Resilient in 2023.   Splunk Named a Leader for SIEM and Security Analytics Platforms Splunk is proud to have been named a leader in two recent analyst reports. Read more and download the reports from our blogs: Splunk Named a Leader in the Forrester WaveTM: Security Analytics Planforms, Q4 2022 Splunk Named a Leader in the 2022 IDC MarketScape for SIEM   Finding Value in Macro-level ATT&CK Reporting Knowing that security teams are feeling overwhelmed by the increasing number of attacks on their network, SURGe (Splunk’s strategic cybersecurity research team) recently analyzed three years of macro-level ATT&CK trends across public and private data sources to gain insight into what attackers are doing and to help inform defensive planning. Read the blog to learn more about this research.   Explore the Splunk SOAR Adoption Maturity Model We recently created an in-depth white paper to help SOC teams lay out a security orchestration, automation and response (SOAR) maturity journey using the SOAR Adoption Maturity Model. Read the blog or download the white paper to learn more.     Cloud Customers Add your “Security Contact” Today for Cybersecurity-based “Data Breach” Legal Notices We work hard to protect your data. In the event of a data breach incident, we need to act fast and be confident we’re communicating with the right people. Good news, we’re making it easy for you to add and manage this through our new “Security Contact” feature. Please take a few minutes to add one or more individual emails or email aliases as your Security Contact(s) through the Customer Portal. Learn more here.     Talk to Splunk Product Design Our product design team is currently looking for Splunk users to talk to about their experiences with Splunk products. Sign up here to participate in upcoming studies and shape the future of our products and roadmaps!       Lantern Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data insights, key use cases, and tips on managing Splunk more efficiently. We also host Getting Started Guides for a range of Splunk products, Product Tips, and Data Descriptor articles. This month we’re sharing a swathe of new articles written by fantastic Splunk partners. We’re also requesting help from Splunkers and partners to help us write articles on a range of hot topics requested by Splunk customers. If you’re a Splunker or partner with expertise to share, we’d love to hear from you!  Read on to find out more.     Education Register for a FREE Certification Exam, Now in Beta Are you ready to validate your knowledge of all-things-Observability? Then you’ll be happy to know that we have a New Splunk Certification: Splunk O11y Cloud Certified Metrics User. Registration for this new Certification exam is open NOW in beta.  As a beta, this exam is FREE for all candidates, is a bit longer, and the results are valid for those who pass,  but the results will not be available until May or June. If you feel ready and qualified for the challenge, practice for the exam using the test blueprint and register for a free exam appointment. All the details can be found on the Splunk Registration Page on the Website.   Until Next Month, Happy Splunking!
  January 2023 Peace on Earth and Peace of Mind With Business Resilience All organizations can start the new year with peace of mind if they prioritize business resilience. Ensuring your b... See more...
  January 2023 Peace on Earth and Peace of Mind With Business Resilience All organizations can start the new year with peace of mind if they prioritize business resilience. Ensuring your business and systems are secure, available and resilient is critical for a successful year of blooming business. Not sure where to start? We’ve been working all year long to make sure you’re prepared, protected and able to bounce back. Learn how in this blog post.       2022 Splunk Product Review 2022 felt like it went by in a flash. Checkout the highlights of product and feature innovations we released this past year, with a spotlight on the over 80 Splunk Ideas portal enhancements delivered at the suggestion of our user community.       Dashboard Design: Visualization Choices and Configurations New year, new dashboards? Learn how to level up your dashboards with our two part dashboard design blog series. In Part 1, we reviewed dashboard layout design and provided some templates to get started. In this Part 2, we’ll be walking through various visualization types and the best ways to configure them for your use case, and explain the best visualization color palette types to effectively communicate your story.     Cloud Monitoring Console You’ve probably heard of Workload Pricing, our cloud pricing model which is based on the workloads you run against the data ingested into Splunk. But how do you get the most out of Workload Pricing? Through the Cloud Monitoring Console, or CMC! Tune in to this video to learn how the CMC gives you visibility and control into how your compute capacity is used.     What’s New with Splunk Augmented Reality (AR) Splunk AR enables your workforce to access live data while working on field assets. This enables quicker troubleshooting on the job, and allows technicians to repair issues on the first try, saving companies valuable time and money. This past year at .conf22, we announced a powerful new set of features for Splunk AR, along with we also announced the launch of Splunk AR for Android Private Preview. We’re also announcing that the Splunk Edge Hub and Splunk AR now have a joint Splunkbase app. Let’s dive in!   IDC Report A Best Practice Blueprint from Customers on Successful Cloud Migration Moving to the cloud requires planning, well-defined processes, data conversations, and a clear vision for business outcomes. Managing hybrid and multi-cloud adds more to the complexity. In the IDC report, "What Makes a Cloud Migration Successful? A Best Practice Blueprint from Customers," IDC along with two large organizations offer best practices and recommendations for migrating self-managed Splunk Enterprise deployments to Splunk Cloud Platform efficiently to increase agility and security, empower innovation and accelerate return on investment realization. To learn more visit Splunk Cloud Platform Migration   Cloud Customers Add your “Security Contact” Today for Cybersecurity-based “Data Breach” Legal Notices We work hard to protect your data. In the event of a data breach incident, we need to act fast and be confident we’re communicating with the right people. Good news, we’re making it easy for you to add and manage this through our new “Security Contact” feature. Please take a few minutes to add one or more individual emails or email aliases as your Security Contact(s) through the Customer Portal. Learn more here.   Talk to Splunk Product Design Our product design team is currently looking for Splunk users to talk to about their experiences with Splunk products. Sign up here to participate in upcoming studies and shape the future of our products and roadmaps!     Lantern Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data insights, key use cases, and tips on managing Splunk more efficiently. We also host Getting Started Guides for a range of Splunk products, Product Tips, and Data Descriptor articles. This month we’re sharing a swathe of new articles written by fantastic Splunk partners. We’re also requesting help from Splunkers and partners to help us write articles on a range of hot topics requested by Splunk customers. If you’re a Splunker or partner with expertise to share, we’d love to hear from you!  Read on to find out more.   Education Register for a FREE Certification Exam, Now in Beta Are you ready to validate your knowledge of all-things-Observability? Then you’ll be happy to know that we have a New Splunk Certification: Splunk O11y Cloud Certified Metrics User. Registration for this new Certification exam is open NOW in beta.  As a beta, this exam is FREE for all candidates, is a bit longer, and the results are valid for those who pass,  but the results will not be available until May or June. If you feel ready and qualified for the challenge, practice for the exam using the test blueprint and register for a free exam appointment. All the details can be found on the Splunk Registration Page on the Website.   Splunkbase Did you join the recent Builder Tech Talks on getting the most out of the new Splunkbase user interface? If not, you can watch the replays and join the discussion in the Splunk Community.  With the new year come lots of new and updated apps in Splunkbase! Or maybe you want to see what’s popular among Splunk customers. Take a look and try a new app!   Community We are Happy to Share the Newest Updates in Splunk Cloud Platform 9.0.2209!  Analysts can benefit from faster troubleshooting, enhanced drill-down capabilities, streamlined viewing of Dashboard Studio and Classic dashboards on Splunk Mobile with a scannable QR code for each dashboard that automatically registers users and displays the dashboard on their mobile device, etc.  Admins can benefit from easier configuration with a user interface to directly set specific stanzas, improved security management with the ability to limit which domains can import images on their dashboards, etc. Read the blog post for more details!   Tech Talks Now On Demand Security Edition: Fusing Intelligence into Splunk SOAR | Watch Now Platform Edition: Splunk Cloud Platform Migration Lessons Learned | Watch Now   Until Next Month, Happy Splunking!
Hi All,  When using stats  to display values() of  fields , how can we have the values to align between the field names ?  For example My Data set Severity Status Count P1 New ... See more...
Hi All,  When using stats  to display values() of  fields , how can we have the values to align between the field names ?  For example My Data set Severity Status Count P1 New 1 P1 Open 2 P1 Unassigned 3 P1 Closed 5 When using | stats values(status) as status, values(Count) as Count by severity this is what i get.  Notice the count values are not as per dataset. Severity Status Count P1 New Open Unassigned Closed 1 5 3 2 i did like the results of Count to align as per their Status field. Expected Result Severity Status Count P1 New Open Unassigned Closed 1 2 3 5
Hello  I work for a company with max 12 workstations to monitor, and we only want to log critical logs from these stations. Is Splunk Free a good option?
Hi All, we wanted to upgrade Splunk Enterprise clustered environment from 8.2.2  version to 8.2.6 and have this question running in my mind what splunk precedence rules should be followed to upgrade... See more...
Hi All, we wanted to upgrade Splunk Enterprise clustered environment from 8.2.2  version to 8.2.6 and have this question running in my mind what splunk precedence rules should be followed to upgrade splunk clustered environment.   Can anyone guide me on what order should we need to upgrade the splunk instances. Sequence of order  1) Cluster Master 2) Indexer Peers 3) Search head captain  4) Search peers 5) Deployer  6) Deployment Server  7) Heavy Forwarders UF  Back-up SPLUNK_HOME/etc.