Questions tagged [splunk]

Splunk is a tool for collecting, monitoring, visualizing and analyzing machine data from any source. You may receive faster responses at answers.splunk.com which is actively monitored by Splunk employees

Splunk

You may receive faster responses at community.splunk.com which is actively monitored by Splunk employees

Splunk is a tool for collecting, monitoring, and analyzing log files from servers, applications, or other sources. The primary features of Splunk include:

Collecting logs from multiple sources into a single location to allow for use without needing to access individual servers.
Parsing of logs with arbitrary formats, including free-form logs with no defined fields
Advanced querying of logs, including
- combining results from different sources
- filtering based on identified field values and pattern matching
- analyzing records using statistical and mapping functions
visualizing real-time data
the ability to create dashboards of various visualizations

The name "Splunk" comes from a rewriting of spelunking, a cave exploring hobby.

Splunk is available as both an enterprise application that runs on your servers (with a free tier) and a hosted service known as Splunk Cloud.

Useful links

2246 questions

votes

1 answer

Splunk: Search SPL with multiple Stats

I have below events event_a has time_a and MAS_A fields event_b has time_b and MAS_B fields event_c has time_c and MAS_C fields sourcetype="app" eventtype in (event_a,event_b,event_c) | stats avg(time_a) as "Avg_Res_Time_a" BY MAS_A | eval…

splunk splunk-query

asked Mar 17 '20 at 20:31

skv

votes

1 answer

splunk: View the alerts created by another user

We are using splunk enterprise in our organization. Is it possible to view the alerts created by another user?

splunk

asked Mar 17 '20 at 15:12

user674669

10,681
15
72
105

votes

1 answer

Splunk: Stats from multiple events and expecting one combined output

splunk

asked Mar 17 '20 at 00:00

skv

votes

1 answer

How to filter data collected in Event Hub before sending to an external SIEM Solution which is IBM QRADAR here

One of my customer is trying to integrate IBM QRADAR SIEM with Azure. They would like to send all data from various sources to Event Hub and the data would be related to Azure AD, Azure VMs, Key Vault etc. But my customer only wants to send…

azure splunk azure-eventhub azure-log-analytics qradar

asked Mar 16 '20 at 23:49

Pallab

1,915
2
19
46

votes

1 answer

How to install Splunk Universal Forward as a service?

I need to install Splunk Universal Forwarder in our AWS EC2 instance. I need it to be installed as a service so that it automatically starts when the instance starts. The Splunk Docs do not seem to cover that:…

splunk

asked Mar 16 '20 at 22:33

fhcat

votes

1 answer

Querying about field with JSON type value

I've the follow log: INFO [http-nio-80-exec-30] class:ControllerV3, M=method, UA=ua, URI=/v3/transactions, QS=limit=21&offset=0&sort=-createDate, V=v3, P=3, RT=50, ET=25,…

splunk splunk-query

asked Mar 16 '20 at 19:03

Augusto

3,825
9
45
93

votes

1 answer

Splunk configuration for dot net

How do I configure log4net to push log message to splunk? I am using dot net 4.6 version. I have searched google a lot and not able to find any configuration for framework 4.6.

c# asp.net log4net splunk

asked Mar 12 '20 at 00:01

DealZaap India

votes

1 answer

how to send the local file using splunk forwarder docker image?

splunkuniversalforwarder: image: splunk/universalforwarder environment: - SPLUNK_START_ARGS=--accept-license - SPLUNK_FORWARD_SERVER=ops-splunkhead02.dop.sfdc.net:9997 - SPLUNK_USER=root …

docker docker-compose splunk

asked Mar 11 '20 at 22:45

merry-go-round

4,533
10
54
102

votes

1 answer

Extract Splunk domain from payload_printable field with regex

I'm trying to extract a domain from the Splunk payload_printable field (source is Suricata logs) and found this regex is working fine for most of the cases: source="*suricata*" alert.signature="ET JA3*" | rex field=payload_printable…

regex textfield splunk data-extraction

asked Mar 08 '20 at 08:21

Sebastien Damaye

votes

2 answers

drill down in azure sentinel workbook

In Splunk, we have the drill-down option in the dashboard so is that possible in azure sentinel workbook? consider I have one chart(tile or piechart) so when I click on that I want to open another tab. Is it possible in azure sentinel workbook?

azure splunk azure-log-analytics azure-sentinel azure-monitor-workbooks

asked Feb 26 '20 at 07:17

Utsav Patel

votes

1 answer

Read and write to same file simultaneously from Invoke-RestMethod in PowerShell

We have a program that controls door access on our premises. Whenever a person opens the door with their tag, an event is registered in the programs database. These events can be read by enabling a HTTP integration, which makes it possible to view…

powershell splunk

asked Feb 25 '20 at 09:29

tsvenbla

votes

1 answer

Not able to read nested json array in SPLUNK

I am using "spath" to read json structure from a log file. {"failure_reason":null,"gen_flag":"GENERATED","gen_date":"2020-02-15","siteid":"ABC","_action":"Change","order":"123"} I am able to parse above json. However, "spath" function is not able…

splunk splunk-query

asked Feb 15 '20 at 18:43

mukesh negi

votes

1 answer

Fetching the result based on sourcetype

I have written a query to fetch the all java exception count wise in splunk. But this query fetch across all sourcetype. java.*.*Exception NOT warn | rex "(?java*.*Exception)"| stats count by rexexption | table count,rexexption | sort…

splunk splunk-query

asked Feb 14 '20 at 13:42

dead programmer

4,223
9
46
77

votes

1 answer

how to speed up a splunk export?

I am using the python 3 splunk API to export some massive logs. My code essentially follows the splunk API guidelines: import splunklib.client as client import splunklib.results as results import pandas as pd kwargs_export = {"earliest_time":…

python splunk

asked Feb 14 '20 at 03:29

ℕʘʘḆḽḘ

18,566
34
128
235

votes

0 answers

Kafka Connect Splunk Sink Connector Issue

I am running into another issue with Splunk sink connector. When I use "splunk.hec.ssl.validate.certs": "true" the error I get is - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: …

ssl apache-kafka apache-kafka-connect splunk

asked Feb 13 '20 at 21:01

Anirban

Prev 1 2 3

…

100 Next