When you have more than a few forwarders to maintain, it becomes tedious (and error-prone) to install them one-by-one. Using the Deployment Server is great for keeping the configurations up-to-d...
I want my timechart to display other data on the x-axis aside from the time itself.
To be more precise, I would like the chart to represent data like this:
This is probably impossible to a...
Hello, Having defined multiple alerts before starting to use Enterprise Security, is there a way to convert the existing alerts to correlation searches ? Instead of sending emails as action, ...
Uploading Splunk-Enterprise-Security package (800MB .spl file) from user machine to deployer via deployer web UI results in the following exception: 413 Request Entity Too Large nginx environment:...
...erver classes however, this does not seem so trivial. The official documentation asks us to add apps to a server class manually, from the user interface. This I don't like much as it is errorprone...
Is it best practice to copy the /search/local directory to the new search head cluster members and not use the deployer? I used a deployer to set up LDAP, but per documentation, it says not to do the...
I have a search where I want to calculate total transaction volumes over time by transaction type. I'm populating results, but I notice there are some days missing. Here is a screen shot:
http...
In my splunk logs, i have 2 IPs in 1 field name.
I want to extract both IPs create a new field as IP1 & IP2. Please help here.
The user XYZ was involved in an impossible travel incident. The ...
...aving the VMware team routinely provide me with a get-vm output in CSV format to create a lookup, but that seems awfully manual and errorprone.
Any ideas? It's Monday, I'm feeling lazy and I don't w...
Hello,
I was wondering if it is possible to make a Splunk cluster (SH and Indexer cluster) using only two machines.
I was thinking of installing Splunk twice on each machine and configuring di...