Hi, I am trying to use this Splunk Add-on for Microsoft Cloud Services on Splunk Enterprise platform. I have followed all the steps mentioned in the splunk doc Configure a Storage Account in Microsoft Cloud Services - Splunk Documentation But Data is not getting indexed in Splunk unless i select the highlighted one in below pic in the Azure storage account  Due to company policy i cannot set it to "Enabled from all networks". I have tried raising microsoft support request but didnt get the solution. I am able to fetch the data from the storage account directly into Virtual Machine using azcopy command but using add on i am not able to index/fetch the data into splunk. Any help on troubleshooting this issue will be of great help ... View more

Hi, In place of count I want to show the server name, And change color based on condition if count is >250. I referred many links and docs but could not achieve what I wanted  index = webss sourcetype = webphesst earliest= -1d latest=now | where HTTP=500 | stats count by host | eval color=if(count>=250, "#dc4e41", "#65a637"), icon=if(count>=250, "times-circle", "check-circle") ... View more

I need to index only the lines which has .pl in the source file into splunk(highlighted below data). Regex expression is working as expected(tested in rex tool) . Now i am using below props and transform.conf to index the only required data captured in regex expression but my data is not getting index or it indexes completed log file. Please assit where am i going wrong props.conf [phone_access] TRANSFORMS-set= phone_access_extraction transforms.conf [phone_access_extraction] REGEX = ^(\d{1,2}\.\d\.\d\.\d - - \[\w+\/\w+\/\w+:\d+:\d+:\d+ -\d+\] .\w+ \/\w+.+\.pl.+) DEST_KEY = queue FORMAT = indexQueue Log file: 11.7.1.0 - - [27/Nov/2022:00:00:00 -0600] "GET /cgi-bin/phonedata.pl?pq=a1%3oGHK9416&names=a1%7Ca2&&attrs=a1a2&delim=%09 HTTP/1.1" 302 - 11.7.1.0 - - [27/Nov/2022:00:00:04 -0600] "-" 408 - 11.7.1.0 - - [27/Nov/2022:00:00:21 -0600] "-" 408 - 11.7.1.0 - - [27/Nov/2022:00:00:22 -0600] "GET / HTTP/1.1" 20 14497 11.7.1.0 - - [27/Nov/2022:00:00:23 -0600] "GET /mobile.html HTTP/1.1" 200 1001 11.7.1.0 - - [27/Nov/2022:00:00:24 -0600] "GET /PhoneOrgiChart/ HTTP/1.1" 302 - 11.7.1.0 - - [27/Nov/2022:00:01:15 -0600] "GET /cgibiWn/xml.pl?vk236e HTTP/1.1" 20 11.7.1.0 - - [27/Nov/2022:00:01:15 -0600] "GET /cgi-bFin/xml.pl?hv163t HTTP/1.1" 20 ... View more

Hello, I am trying fetch Azure Virtual Machine Metrics data using Add on 'Splunk_TA_microsoft-cloudservices' I have  created/added azure storage account and Inputs as stated in the doc in the add on. But i dont see any logs indexed in splunk for the same.When i check the internal index i see the below error. What does it mean and How do i fix this error?   ... View more

Hi, We are using Splunk add on  Splunk_TA_windows to capture CPU,Memory,Disk and other infrastructure log details.Through this add on we are getting cpu,memory,disk all other sourcetype in Splunk for windows servers. But for only two of our windows server, except CPU & Memory other sourcetypes are being captured in Splunk.In inputs.conf of the add on  monitoring stanza in present for CPU and Memory Why we aren't receiving CPU and Memory sourcetype in those servers? How do we get those details as well?Please suggest    ... View more