About bnorthway_splun

bnorthway_splun · ‎04-22-2020

There is an updated dashboard tab example available here: https://github.com/LukeMurphey/splunk-dashboard-tabs-example

bnorthway_splun · ‎10-30-2019

this is really important when using post-process searches. Add | fields * to the base search. Thanks for the tip!

bnorthway_splun · ‎09-11-2019

could we get an example for exposing a POST endpoint to Splunk Web?

bnorthway_splun · ‎06-18-2019

try it like this: param.field1 = fielda

bnorthway_splun · ‎11-25-2018

With a little bit of guessing, I discovered that the parameter is "-force-change-pass true" A complete example is: ./splunk add user alice -password password123 -role user -email alice@acme.com -full-name "Alice" -force-change-pass true

bnorthway_splun · ‎11-25-2018

I need to create a user from the command line ("splunk add user") and require that user to change their password when they log in. The parameter for this option is not documented.

bnorthway_splun · ‎10-22-2018

that's great! Thank you for sharing.

bnorthway_splun · ‎05-03-2018

A disabled report cannot be viewed - you will receive the message "There are no results because the report is disabled." Unfortunately, it does not appear there is a way to schedule a report to run one time.

bnorthway_splun · ‎01-05-2018

According to Sanford, it is not recommended to change this setting for versions after 6.1, 6.2, etc.

bnorthway_splun · ‎11-14-2017

FYI this is no longer considered a "best practice" by Splunk Professional Services.

bnorthway_splun · ‎08-15-2017

Which version has this fix?

bnorthway_splun · ‎05-31-2017

Duplicate question: https://answers.splunk.com/answers/391260/dashboard-set-token-when-dashboard-is-open.html

bnorthway_splun · ‎05-30-2017

It is mathematically impossible to calculate an average where one of the numbers is infinity. In your case, it probably doesn't matter since you'll have events nearly constantly and samcogheil's solution is probably "good enough".

bnorthway_splun · ‎03-14-2017

I had the same issue in Chrome. Clearing the cookies was the solution.

bnorthway_splun · ‎03-10-2017

This error indicates that a POST request has an empty json body. Try this search to find the offending request: index=_internal sourcetype=splunkd_access batch_save status=500 In my case, Enterprise Security threat lists were failing to download and causing this error.

bnorthway_splun · ‎03-10-2017

ERROR KVStorageProvider - An error occurred during the last operation ('saveBatchData', domain: '11', code: '22'): Cannot do an empty bulk write This error is repeated in splunkd.log. The search head cluster appears to be functional but I am concerned about the cause of this error.

bnorthway_splun · ‎08-01-2016

In case anyone else is supporting an old version... You can work around the problem by following these directions: http://www.acme-dot.com/installing-splunk-on-el-capitan/ You may need to update the paths in the examples provided.

Posts	17
Solutions	2
Karma Given	114
Karma Received	5
Member Since	‎03-28-2016

Online Status	Offline
Date Last Visited	‎06-05-2020 02:04 AM

How to create a user from the command line and req...

In splunkd.log, why do I receive repeating error "...

Re: Create Tab in Dashboard

Re: How to get searches to run in Smart or Verbose...

Re: How to make a custom REST endpoint in Splunk?

Re: Splunk Enterprise Security: Is it possible to ...

Re: How to create a user from the command line and...

How to create a user from the command line and req...

Re: choose all Multiselect values by default witho...

Re: Schedule search to run one time only

Re: dispatch.finalizeRemoteTimeline taking a long ...

Re: dispatch.finalizeRemoteTimeline taking a long ...

Re: replication was unsuccessful. failed_because_R...

Re: How to set a default value for a token with In...

Re: Info_max_time and info_min_time issue

Re: No cookie support detected. Check your browser...

Re: In splunkd.log, why do I receive repeating err...

In splunkd.log, why do I receive repeating error "...

Re: Anyone seeing 'libmongoc-1.0.0.dylib' errors w...