I'm using Splunk Enterprise 9.x with Universal Forwarders 9.x on Windows 2019. All my forwarders are connected to a deployment server. I notice the following for example: I update a d...
Hello all,
since our Update to Splunk Enterprise 9.0.2 we experienced, that the Dashboard colors (Simple XML) changed completely. And the new colors are terrible! Did someone experience s...
...ll the new csv files show up in the cluster and are accesible from the GUI, however. This one file, the "lookupfile.csv" is not updated. So I can sort of guess that it may have something to do with t...
is there an option to update the value of a specific field within a specific artifact? I was able to update using phantom update_artifact action or with a REST call, but when the field is updated i...
I have a lookup file that contains two columns, ip and mac. I want to update this file daily by running a query that catches when either a new device is added or an existing device is moved. My q...
I run a search head cluster with Splunk Enterprise. Typically I update apps via the back end CLI, but am wondering if I can update via the GUI. My question is: does the GUI >> Manage Apps &g...
I have a Cluster Master with a couple of indexers in a cluster. I have a search head that obviously references the indexers. I need to update MMDB and have been able to download the file....
How can I get the my queries to update when I change the contents of the multiselect input (Select Users)? Right now, the data will only update the data with the updated $user_tok$ when c...
I am looking for SPL which we can check the who can update the whitelist in lookup table and also the what changes are done , compare with previous one.
Thanks,
Sahil