I have a Splunk Enterprise/Splunk Cloud deployment that's been on autopilot for a while. We've been adding data sources and use cases, but I think there's a lot more we can get out of Splunk, and I...
What are the Splunk requirements to receive the data from Syslog-ng server?
What are the Syslog requirements to get the data from the cisco network devices?
What are the Configuration requirement...
Hi, In the logs being ingested Splunk isn't automatically pulling out the action field, so I'm trying to create one for CIM compliance and so on. When I enter the eval command in the search function...
...o be for Splunk reasons. Started to think about that, and is there any reason why I shouldn't directly ask for CIM friendly key value pairs rights now in the source?
LogFormat
%t src_ip=%h R...
OK, I'm trying to improve performance by replacing some join queries with stats, but struggling on a filter. I have the below query, two sourcetypes where the common field between events is 'C...
...ollect. As an example some of the sourcetypes are: web proxy logs firewall logs from different vendors web application logs dhcp logs and many many more... All devices currently send syslog to t...
It's been a while since we implemented Splunk Enterprise, and user engagement has stalled a bit. We also have a lot of people who are new to Splunk. Do you have any recommendations for how we can eng...
This question has two parts: Macros vs. Tags Macros vs. Event Types Macros vs. Calculated Fields
To me, it seems that a Macro is almost always a better, more transparent option, so I'm w...
I am performing a sentiment analysis on RSS feeds over time and want to make a timechart zoom capability in my dashboard. Currently I cannot get this to work. I want the zoom to display in another ch...