×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
rodneyjerome
Explorer
Member since: ‎10-26-2016
‎07-02-2021
Community Statistics
Posts 16
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎10-26-2016
Activity Feed
Topics I've Started
View All

Email user and get response back

by in Splunk SOAR
‎07-01-2021 11:01 AM
‎07-01-2021 11:01 AM
Hi,   I am looking send an email to user with simple yes/no response which I can then use to handle the case. I know Palo Alto’s soar has some integrations to handle this. Do we have similar func in Splunk or any idea on how to implement them.   Thanks in advance  ... View more
Labels

Re: Filter events while sending data from Heavy Fo...

by in Getting Data In
‎02-19-2021 12:26 AM
‎02-19-2021 12:26 AM
Thanks. This worked great! ... View more

Filter events while sending data from Heavy Forwar...

by in Getting Data In
‎02-08-2021 10:26 PM
‎02-08-2021 10:26 PM
Hi, I have an HFW and indexer in my environment. I'm looking to filter certain events from the log source in HFW based on REGEX while indexing in the indexer.  Please find below the config files. Not sure where I'm going wrong.   props.conf [testing] TRANSFORMS-routing = conGroup   inputs.conf [monitor:///var/logs] disabled = false index = main sourcetype =. testing host = HFW     transforms.conf [conGroup] REGEX = ^(((?!i-)(?!sample)).)*$ DEST_KEY=_TCP_ROUTING FORMAT=test   outputs.conf [tcpout] defaultGroup = nothing   [tcpout:test] server = X.X.X.X:9997   Any help will be. much appreciated. Thanks in advance ... View more
Labels

Output value required while creating Splunk Versio...

by in Splunk Search
‎07-17-2019 01:24 PM
‎07-17-2019 01:24 PM
hi, I am trying to create a simple splunk custom command using Intersplunk. Its a simple code which displays the events as is. However im getting this error A value for "output" is required import json import sys import csv import splunk.Intersplunk json_events = splunk.Intersplunk.readResults(None, None, False) splunk.Intersplunk.outputResults(json_events) Could someone help on where I am going wrong ... View more

How to use Splunk to access an email client and in...

by in Getting Data In
‎01-19-2017 05:40 AM
‎01-19-2017 05:40 AM
Hi, I need to access an email client (Gmail or Outlook) and index the details in the CSV attachments. Any suggestions are appreciated Thanks in advance ... View more

Splunk DB Connect: How to configure VIP?

by in All Apps and Add-ons
‎11-23-2016 09:16 PM
‎11-23-2016 09:16 PM
Hi I would like to connect to my VIP from Splunk DB connect. Any suggestions on how to configure them? Thanks in advance ... View more

Re: After receiving "External search command 'json...

by in Splunk Search
‎11-18-2016 03:25 AM
‎11-18-2016 03:25 AM
Answer is in this link. https://answers.splunk.com/answers/474552/custom-command-for-json-event.html ... View more

Re: Custom command for json event

by in Getting Data In
‎11-18-2016 03:21 AM
‎11-18-2016 03:21 AM
That really helped. Apparently there were some errors in python scripts that I need to take care of. The logic works perfectly fine. Thanks. ... View more

Re: Custom command for json event

by in Getting Data In
‎11-16-2016 11:08 PM
‎11-16-2016 11:08 PM
Hi Flynt, still no luck. When try executing the command it just gives me an error External search command 'jsonfields' returned error code 1. I think there's no problem with the JSON. When I tried to run in pycharm with the sample json event as a File. I got it without any errors import json import sys import csv json_event = open(r'C:\Users\rodney.jerome.samuel\Desktop\sample_json.json') json_data = json.load(json_event) fields = (json_data['Fields']) extracted_fields = {} for f in fields: if not f['values']: extracted_fields[f['Name']] = 'null' elif 'value' not in f['values'][0]: extracted_fields[f['Name']] = 'null' else: extracted_fields[f['Name']] = f['values'][0]['value'] print(extracted_fields) This is the sample output i got as dictionary. So I don't think there is any problem with json event. {'user-template-29': 'null', 'has-change': 'null', 'user-template-28': 'MPT', 'user-template-05': 'SF'} ... View more

Re: Custom command for json event

by in Getting Data In
‎11-16-2016 04:46 AM
‎11-16-2016 04:46 AM
It's not working. Below is my sample json input. I want the fields extracted for example : ut2: null ut3:SF VS:2 I need the python script for extracting the fields in such a way. { "Type": "defect", "Fields": [ { "values": [], "Name": "ut2" }, { "values": [ { "value": "SF" } ], "Name": "ut3" }, { "values": [ { "value": "2" } ], "Name": "vs" }, { "values": [ { "value": "N" } ], "Name": "attached" }, { "values": [ { "value": "vh" } ], "Name": "pri" }, ], } I'm just getting the fields that are automatically extracted if I try your script. Not any change. Kindly help. I guess the json_events will have csv. Need to get _raw from that and then perform the json operations any suggestions? ... View more

Re: After receiving "External search command 'json...

by in Splunk Search
‎11-16-2016 03:55 AM
‎11-16-2016 03:55 AM
sure i will try that and get back to you ... View more

Custom command for json event

by in Getting Data In
‎11-13-2016 10:40 PM
‎11-13-2016 10:40 PM
Hi, I'm using the below line, while creating custom command for key value field extraction. My events are in json format. I would like to know the format in which the events are retrieved while the below line is given (string) or type of json_event. json_events = splunk.Intersplunk.readResults(None, None, True) I have also attached the entire script for your reference. I think I'm having problems while loading the json event import json import sys import csv import splunk.Intersplunk (isgetinfo, sys.argv) = splunk.Intersplunk.isGetInfo(sys.argv) json_events = splunk.Intersplunk.readResults(None, None, True) for json_event in json_events: json_data = json.load(json_event) fields = (json_data['Fields']) for f in fields: if not f['values']: json_event[f['Name']] = 'null' elif 'value' not in f['values'][0]: json_event[f['Name']] = 'null' else: json_event[f['Name']] = f['values'][0]['value'] splunk.Intersplunk.outputResults(json_events) Thanks in advance ... View more

Re: How to extract fields from JSON data in Splunk...

by in Splunk Search
‎11-08-2016 11:28 PM
‎11-08-2016 11:28 PM
Try using custom commands. This is very useful http://docs.splunk.com/Documentation/Splunk/6.5.0/Search/Writeasearchcommand ... View more

After receiving "External search command 'jsonfiel...

by in Splunk Search
‎11-08-2016 07:48 AM
‎11-08-2016 07:48 AM
Hi, I am trying to extract fields from a JSON input. I don't understand if I am making any mistake in getting the events or in output. Below is my python script: import splunk.Intersplunk json_events = splunk.Intersplunk.readResults(None, None, True) for json_event in json_events: json_data = json.load(json_event) fields = (json_data['Fields']) for f in fields: if not f['values']: json_event[f['Name']] = 'null' elif 'value' not in f['values'][0]: json_event[f['Name']] = 'null' else: json_event[f['Name']] = f['values'][0]['value'] splunk.Intersplunk.outputResults(json_events) and the below snippet is a sample json event. { "Type": "defect", "Fields": [ { "values": [], "Name": "ut2" }, { "values": [ { "value": "SF" } ], "Name": "ut3" }, { "values": [ { "value": "2" } ], "Name": "vs" }, { "values": [ { "value": "N" } ], "Name": "attached" }, { "values": [ { "value": "vh" } ], "Name": "pri" }, ], } I have stored them as dictionary (key, value pairs). I am getting error "External search command 'jsonfields' returned error code 1" any suggestions? Thanks in advance ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎07-02-2021 12:22 AM
Karma given to
View All
Top