Such a useful list, thank you! ... View more

So to use the REST interface with python perhaps something like this. The below code is partially based on the "Splunk REST API is easy to use" blog post , and also on some other documentation on the Splunk website: import urllib import urllib2 import ssl import base64 #Send a request using a POST command to the required URL #SSL checking is disabled due to use of the self-signed certificates def sendrequest(values, server, url): ctx = ssl.create_default_context() ctx.check_hostname = False ctx.verify_mode = ssl.CERT_NONE data = urllib.urlencode(values) req = urllib2.Request(server + url, data) req.add_header("Authorization", "Basic %s" % base64string) response = urllib2.urlopen(req, context=ctx) the_page = response.read() username = "username" password = "<yourpassword>" base64string = base64.encodestring('%s:%s' % (username, password)).replace('\n', '') server = "https://localhost:8089/" url = "/servicesNS/nobody/<app...>" #Create the Oracle_SIEMUser_ChangePassword identity with username SIEM_USER values = {"parameter1" : "value1", } #Actually run the HTTP request sendrequest(values, server, url) I normally determine the endpoint by hitting: https://:8089/servicesNS/nobody And then determining where I should go, there is likely a better way to do it ! ... View more

Give this a shot (check the field names) your current search with timechart | streamstats current=f windows=1 values('Total Error') as prev_error values('Total Auth') as prev_auth | where (prev_error='Total Error' AND 'Total Error'!=0) OR (prev_auth='Total Auth' AND 'Total Auth'!=0) ... View more

Yes, you can write your code in the HTML panel, I mean it will use all the libraries imported by the page so you can use search managers. Also you can add some JS into appserver/static and use them. Try looking at http://dev.splunk.com/ ... View more

Hi kartik, this is the default SSL-Config for splunk. But I need only the add-on for ucs use http. The add-on connects directly to the ucs. The ucs is not connecting to any splunk instance... ... View more

HeHe, I have no problem at all if an OP selects @sideview 's answer to be the right one over mine, because @sideview will be for sure more right/correct/precise then I am ! This is also because I do not know Splunk © .... I'm still learning and I have no problem at all to admit that fact 😉 ... View more

That did the trick as far as making the config value appear (discovered this yesterday, but thanks for confirming), and values I enter still round-trip properly. Unfortunately, I'm still not able to get the behavior I want in terms of providing a default value. I can see why the data binding does what it does, to populate the previously-configured value; and that's why having the param name be the same works -- but it feels like a hack to name my default value config key the same as what it's a default for. The problem with this hack comes to the surface when I configure a new default, because that default then propagates to all existing alerts. I think it would work how I want if it would actually respect the value attribute in the case when the param is absent, but that's not how it works. Anyway, thanks. ... View more

Hello, I was the same problem with Mysql module that I was install on my Centos server Splunk didn't work with this library, because splunk has they own python library...then you can fix it only added on the begin your script all libraries of python and also you must to add the python Centos library too... as this way Find python packages [root@xxxx]#find / -name site-packages /usr/lib/python2.7/site-packages /usr/lib64/python2.7/site-packages /opt/splunk/etc/apps/Splunk_SA_Scientific_Python_linux_x86_64/bin/linux_x86_64/lib/python2.7/site-packages /opt/splunk/lib/python2.7/site-packages Find python binary [root@xxxx]# whereis python python: /usr/bin/python2.7 /usr/bin/python /usr/lib/python2.7 /usr/lib64/python2.7 /etc/python /usr/include/python2.7 /opt/splunk/bin/python /opt/splunk/bin/python2.7 /usr/share/man/man1/python.1.gz include all at begin your script import sys sys.path.append('/usr/bin/python2.7') sys.path.append('/usr/lib/python2.7/site-packages') sys.path.append('/usr/lib64/python2.7/site-packages') And that's it , you can run mysql module without any problem and create your alerts with this module. Mysql Connection import mysql.connector I hope that this fix will help you Joel Urtubia Ugarte ... View more

I'm glad that we've identified the problem! I can't be sure why your monthly search results are different. Did you get the chance to run through the troubleshooting guidance in the documentation links above? There might be an issue with the monthly search scheduling or timing, for example, that causes events to be missed. As part of checking the timing for the scheduled search, you might also want to check the time zone settings for the scheduled search, just to be sure the settings match what you expect. Please feel free to post more details! ... View more

Bingo !!!! that i was looking for Thanks ... View more

Thanks .. I found the solution ... View more

Thanks i later on figured it out 🙂 ... View more

any lead on this.Even i am trying to do the same thing .Any idea how to proceed. ... View more

Yes of course! ... View more

also <module name="ConvertToIntention"> <param name="settingToConvert">pref</param> <param name="intention"> <param name="name">addterm</param> <param name="arg"> <param name="pref">$target$</param> </param> </param> in this stanza when i add the term it is showing me the value but in the dropdown i am using tag which cannot be used after pipes any suggestions ... View more

Hi, If I understand you well you have a form with dropdown and you want the value of the dropdown to filter the query given by the eventtype. if I'm not wrong, What you have to do is: 1- create your dropdown populated by a search that gives you the appropriat values you will use to filter the eventtype 2- place the token in the query as you desire. THE FOLLOWING IS AN EXAMPLE OF FORM LIKE THAT(i'm using splunk 6.2): the eventtype is about source and i filter it with sources values from the dropdown. <form> <label>Dashb_test</label> <fieldset submitButton="false"> <input type="dropdown" token="source"> <choice value="*">all</choice> <search> <query>index=* source=* |stats c by source</query> </search> <fieldForLabel>source</fieldForLabel> <fieldForValue>source</fieldForValue> </input> </fieldset> <row> <panel> <event> <search> <query>index=* eventtype=source_eventtype|search source=$source$</query> <earliest></earliest> <latest></latest> </search> </event> </panel> </row> </form> ... View more

Can i use google map api to add some features through javascript .?? ... View more

Thanks I appreciate that ... View more