×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
zamkov
Explorer
Member since: ‎12-29-2015
‎06-05-2020
Community Statistics
Posts 5
Solutions 0
Karma Given 1
Karma Received 3
Member Since ‎12-29-2015
Activity Feed
Topics I've Started
View All

Re: Error on Overview Pane - Failed to fetch REST ...

by in Deployment Architecture
‎01-03-2019 10:39 AM
1 Karma
‎01-03-2019 10:39 AM
1 Karma
You can edit savedsearch panel and change the REST Endpoint to the updated version From: /services/alerts/correlationsearches To: /services/saved/searches REF. https://answers.splunk.comn/answers/239437/how-to-get-a-complete-list-with-descriptions-of-co.html REF. https://docs.splunk.com/Documentation/ESHealthCheck/1.0.0/UserGuide/Releasenotes 2017-05-10 SOLNESS-12056, SOLNESS-12106 On instances running Splunk Enterprise Security 4.6.0 or later, the Get Enabled Correlation Searches panel does not show results. Workaround: Replace the search with the following syntax: | rest splunk_server=local count=0 /services/saved/searches | search action.correlationsearch.enabled = 1 | stats count as total, count(eval(disabled=0)) as enabled | eval op = enabled . "/" . total | fields op ... View more

Re: AWS Kenisis Data Stream Fails with "Could not ...

by in All Apps and Add-ons
‎01-29-2018 04:39 PM
2 Karma
‎01-29-2018 04:39 PM
2 Karma
I was having the same issue and managed to work around it by using an AWS ELB configured with an ACM certificate. I can confirm that AWS Firehose does recognize ACM generated certificates as valid. See docs at http://docs.splunk.com/Documentation/AddOns/released/Firehose/ConfigureanELB I cannot confirm whether AWS considers lets encrypt as a valid certificate (@bentysontcxn mentioned switching to a different CA solved the issue) BUT note that your HEC may use a different certificate than the web portal. In my case, my web portal was using Let's Encrypt, so I thought I was in the same boat as @bentysontcxn, but later realized the HEC was using a self-signed certificate. To check which certificate is used by the HEC, try https://your-domain.com:8088/services/collector/health/1.0, where 8088 is the HEC listening port. ... View more

Re: Group results by field

by in Splunk Search
‎12-30-2015 08:43 AM
‎12-30-2015 08:43 AM
Actually this doesn't seem to work even without real-time search - the results are displayed by time and not grouped by jobid at all. ... View more

Re: Group results by field

by in Splunk Search
‎12-30-2015 08:32 AM
‎12-30-2015 08:32 AM
This is close, but when I use this in a real-time search, the results no longer stayed grouped by jobid. ie. if I get a message for jobid 100 then 200 then 100, it will be displayed 100 .... 200 ... 100 ... The original search would display it as 200 ... 100 ... 100 .... Is there a way to keep it grouped by jobid with real-time results? ... View more

Group results by field

by in Splunk Search
‎12-29-2015 09:30 PM
‎12-29-2015 09:30 PM
I am trying to group a set of results by a field. I'd like to do this using a table, but don't think its possible. Similar questions use stat, but whenever a field wraps onto the next line, the fields of a single event no longer line up in one row. My data: jobid, created, msg, filename Currently, I have jobid>300 | sort created | stats latest(created) as last list(created) list(msg) list(filename) by jobid | sort last | fields - last But when msg wraps onto the next line, the msg's no longer line up with the correct timestamp. ex. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All
Karma given to
View All