...ltering only the FIRST instance in a record with embedded newlines is not. What are my options? SEDCMD in props.conf? strip out all newlines so sedcmd treats it all as one? (can't r...
...ubmit button and export the resulting PDF. This is a small part of a much broader workflow. We'd like to automate this Splunk portion to help streamline their investigation process. So I'm trying to p...
Hello, As everyone already knows the splunk commands like ./splunk status it is only possible to do it from the splunk OPT folder I saw a video where someone executes that splunk status command w...
Hello all, can someone help me to to extract field 'CmdSet' from cisco ISE accouting logs. string : '[ CmdAV=show CmdArgAV=license CmdArgAV=usage CmdArgAV=<cr> ]'
Hi,
I have a requirement to execute a query on different SPlunk instances (different environmet). Adding them as search peer is not an options (limitation), hence I was wondering if we have any options...
...nd after cca 5 minutes the search ends with an error message "Streamed search execute failed because: Error in 'lookup' command: Failed to re-open lookup file: '/srv/app/int/secmon/splunk/var/run/s...
After trying several NMAP commandlineoptions, including "nmap -A", it appears that Asset Discovery script does not capture the MAC address of scanned machines on the network. How can I get it u...
Hello Community, I am asking you today to ask you for help concerning a project that I manage in my company. This is the availability calculation: I carry out the availability calculation by retrievi...
in Splunk Enterprise version 7.2.1, Step 1. created a data input from "Files & Folders" | "New Local File & Directory" button. For example: D:\a4. Then, ran a search query from the D:\a...