Questions tagged [splunk]

Splunk is a tool for collecting, monitoring, visualizing and analyzing machine data from any source. You may receive faster responses at answers.splunk.com which is actively monitored by Splunk employees

Splunk

You may receive faster responses at community.splunk.com which is actively monitored by Splunk employees

Splunk is a tool for collecting, monitoring, and analyzing log files from servers, applications, or other sources. The primary features of Splunk include:

Collecting logs from multiple sources into a single location to allow for use without needing to access individual servers.
Parsing of logs with arbitrary formats, including free-form logs with no defined fields
Advanced querying of logs, including
- combining results from different sources
- filtering based on identified field values and pattern matching
- analyzing records using statistical and mapping functions
visualizing real-time data
the ability to create dashboards of various visualizations

The name "Splunk" comes from a rewriting of spelunking, a cave exploring hobby.

Splunk is available as both an enterprise application that runs on your servers (with a free tier) and a hosted service known as Splunk Cloud.

Useful links

2246 questions

votes

1 answer

Creating a REST Handler for any of Splunk's REST endpoints

How to create a Persistent(or any for that matter) REST HANDLER for any given(inbuilt) SPLUNK REST API Endpoint? How to use PersistentServerConnectionApplication class ? I have gone through…

splunk splunk-sdk

asked Feb 13 '20 at 11:45

Yatharth Dholakia

votes

1 answer

Symbolic link is getting the permission error

I'm trying to get the symbolic link from other user. My file is located in /home/serviceA/logs/a.txt And I want to create a symbolic link to /home/centos/logs/a.txt. Here is my command I ran as root user: ln -s /home/serviceA/logs/a.txt…

unix splunk

asked Feb 12 '20 at 01:58

merry-go-round

4,533
10
54
102

votes

1 answer

Splunk rex: extracting repeating keys and values to a table

I have some logs in Splunk for which I'm trying to extract a few values. My log entries look like this: host-03.company.local:9011[read 3617, write 120 bytes] host-05.company.local:9011[read 370658827, write 177471 bytes]…

regex splunk splunk-query

asked Feb 10 '20 at 20:50

AWT

3,657
5
32
60

votes

1 answer

Splunk props config for AWS Cloudtrail json logs

I need to ingest AWS cloudtrail logs pulled from S3. The files contain a single json payload that contains individual cloudtrail events. However splunk is not recognising the individual events and not splitting correctly. its just one big lump as a…

amazon-web-services splunk amazon-cloudtrail

asked Feb 07 '20 at 09:42

nick fox

votes

1 answer

Merge my required files from DEV branch to QA in Azure VSTS

This is regarding Splunk Phantom playbook code deployment. Whenever we create a new playbook, in the repository it creates two files for each playbook (.json, .py). We have 3 different branches associated with one Repository (DEV, QA, PROD). In our…

git splunk git-cherry-pick

asked Feb 06 '20 at 17:24

PS036

votes

1 answer

Regex couldn't find presence of all failures

Status': 'Failure: DNS resolution failed: Rcode Domain(3)', 'CheckedTime': datetime.datetime(2017, 2, 1, 14, 47, 38, 382000, tzinfo=tzlocal())}}, {'Region': 'us-east-1', 'IPAddress': '01.000.2.12', 'StatusReport': {'Status': 'Success: DNS…

regex splunk regex-greedy

asked Feb 06 '20 at 15:45

RMish

votes

1 answer

Is it possible to make a dynamic splunk dashboard?

Pardon me if someone has already asked this question, but since I haven't found a satisfactory answer so posting this query . I am a beginner in Splunk. Just wanted to know if what I am trying to do is feasible or not . I am trying to make a Splunk…

splunk splunk-query

asked Feb 04 '20 at 06:15

Ashwini

votes

1 answer

Remove characters from Message field in splunk

I am searching for specific event codes in splunk, such that the first part of the message field starts with "A member was added to a security-enabled global group". After that, it has a whole lot more information which, for my purposes, I do not…

regex eval splunk rex

asked Jan 30 '20 at 20:47

ThisGuyUsesPowershell

votes

1 answer

how to export charts along with respective search query from splunk dashboard to pdf?

I have created a dashboard which has few input pickers and different panels. When I export to PDF, only the charts are getting exported. I need the URL getting generated on clicking the "Open Search" button available at the right bottom of…

splunk

asked Jan 28 '20 at 21:41

aruma

votes

1 answer

read splunk jsonArray with spath

Here is my set: | makeresults | eval _raw="[[\"A\",\"AA\"],[\"B\",\"BB\"],[\"C\",\"CC\"]]" |spath path={}{} output=data I would like to have 3 distinct tuple the A together and B together and C together, but i have all in one line with my…

arrays json splunk

asked Jan 28 '20 at 15:34

Raven

votes

1 answer

Splunk Load csv from GCP into a KVStore lookup using the Python SDK

We currently have a 45mb CSV file that we're going to be loading into a Splunk kvstore. I want to be able to accomplish this via the python SDK but I'm running into a bit of trouble loading the records. The only way I can find to update a kvstore is…

python python-3.x dataframe insert splunk

asked Jan 24 '20 at 17:28

Cdhippen

votes

1 answer

Install pyOpenSSL and boto3 manually? Drag and drop doesn't work because of missing dependencies

I have an app that I wrote for Splunk that has dependencies on boto3 and pyOpenSSL libraries. I haven't found a good way to get app dependencies into the apps bin folder other than drag/drop, which isn't working for boto3 and pyOpenSSL. To this…

python python-3.x dependencies boto3 splunk

asked Jan 24 '20 at 15:35

Cdhippen

votes

1 answer

Send spark driver logs running in k8s to Splunk

I am trying to run a sample spark job in kubernetes by following the steps mentioned here: https://spark.apache.org/docs/latest/running-on-kubernetes.html. I am trying to send the spark driver and executor logs to Splunk. Does spark provide any…

apache-spark logging kubernetes splunk spark-submit

asked Jan 24 '20 at 13:08

bornidiot

votes

2 answers

[Splunk][Security] Is a fake alert app useless?

preparing for my master´s thesis my supervisor at the uni suggested to create an app that produces fake alerts with suspicious log files in splunk to maintain admins´s attention on security issues. L like at the airport security where regularly fake…

security logging operating-system admin splunk

asked Jan 23 '20 at 16:31

einervonwenigen

votes

1 answer

Can I use a single regular expression to parse key-value pairs into named capture groups?

My data looks like this: [ REPORT_PROFILE = Some text ] [ TIME_GENERATED = 1579734865 ] [ RECORD_NUMBER = 131757058 ] My data might also contain [ SOME_KEY = Some value]. I'd like to extract: | Key | Value …

regex splunk

asked Jan 23 '20 at 01:16

gf131072

Prev 1 2 3

…

100