Hi at all, I installed Enterprise Security 7.2.0 on Splunk 9.1.1 and I'm receiving the following message: Unable to initialize modular input "confcheck_es_bias_language_cleanup" defined in the a...
Hello 🙂 I'm wondering if warnings like "Local KV Store has replication issues" are shown to any admin user on any Splunk web (DMC server and any SHC member) ? Thanks.
Hi All
We have a couple of jobs that occasionally loop around same code returning same message/log - is it possible for a search string to pick up instances where the last [say] 3 logs are i...
hello all! I am trying to add field to an artifact with "update artifact" action (phantom app). i am trying to add a 'message parameter' in the 'value' at the cef_json field: for e...
...nd I'm using following query to separate different sections of the message, index=my_app_index AND source="**/my-app-service.log" AND sourcetype="app_v1"|rex="(?<mydatetime>^\S*)\,severity=(?&l...
Hello community. I'm trying to extract information from a string type field and make a graph on a dashboard. In the graph, I want to group identical messages. I encounter difficulties when grouping a...
I need to extract a string from a message body, and make a new field for it. <Junk_Message> #body | Thing1 | Stuff2 | meh4 | so on 1 | extra stuff3 | Blah4 </J...
Have a nice day! I have several Splunk instances and often see the message below: WorkloadsHandler [111560 TcpChannelThread] - Workload mgmt is not supported on this system. I k...
I have a below message. how can I only display ResponseID in output? thanks message: <?xml version='1.0' encoding='ISO-8859-1'?><Submission Id="12345" <LastName>XXX</L...
...enderAddress=*** RecipientAddress=*dl1@contoso.com* Status IN (*) subject="***" MessageId=*** | timechart span=1mon count
I have the below requirement please guide me with query.
How many email triggered to t...