@tlmayesSorry for the misunderstanding, it is an unsupported add-on.       ... View more

@danielbb  Warm and cold buckets can be copied safely while Splunk is running. You don’t necessarily need to stop Splunk to perform the cold data migration.  Refer the below link:  https://community.splunk.com/t5/Deployment-Architecture/How-to-migrate-data-of-cold-and-thawed-path-to-different/m-p/580124  ... View more

@fabrizioalleva  Connecting Splunk DB Connect to an on-premises MongoDB instance requires some additional steps compared to using MongoDB Atlas. To connect to your on-premises MongoDB, you’ll need the MongoDB JDBC driver. You can download it from https://unityjdbc.com/download.php?type=mongodb  . Make sure to obtain the mongodb_unityjdbc_full.jar from the installation folder. Then, you can configure a JDBC Connection https://unityjdbc.com/mongojdbc/setup/mongodb_jdbc_splunk_dbconnect_v3.pdf  I hope this helps, if any reply helps you, you could add your upvote/karma points to that reply, thanks.   ... View more

@danielmtz Check the below links for more information.  https://community.splunk.com/t5/Splunk-Dev/Developer-License-request-form-not-working/m-p/669697  I hope this helps, if any reply helps you, you could add your upvote/karma points to that reply, thanks. ... View more

@verizonrap2017  I'm not sure what you're looking for; are you looking for Splunk components or the default indexes in Splunk? Please use the links provided below for reference.  https://docs.splunk.com/Documentation/Splunk/9.2.1/Indexer/Aboutmanagingindexes   https://docs.splunk.com/Documentation/Splunk/9.2.1/Capacity/ComponentsofaSplunkEnterprisedeployment   I hope this helps, if any reply helps you, you could add your upvote/karma points to that reply, thanks. ... View more

@tlmayes  The Insights App for Splunk (IA4S) at https://splunkbase.splunk.com/app/7186  is a developer app, not a Splunk-supported app. Check out the link below for further details. https://dev.splunk.com/enterprise/docs/releaseapps/splunkbase/optionsforsubmittingcontent/#Support-content  ... View more

@corti77  Is Splunk web running on the default port (8000)? netstat -ano | findstr 8000 Are there any firewalls or network configurations blocking access to port 8000? If the above solution helps, an upvote is appreciated.   ... View more

@corti77  Check the _internal index for the logs in web_service.log. Do you see anything prior to the stopping ? Location: $SPLUNK_HOME/var/log/splunk/web_service.log  If the above solution helps, an upvote is appreciated.      ... View more

@abhi04 Hello Abhi, Please use the below regex.  Does my answer above solve your question? If yes, spare a moment to accept the answer and vote for it. Thanks. ... View more

@JohnEGones  Here you go, https://docs.splunk.com/Documentation/Splunk/latest/Indexer/Configuresearchheadwithserverconf Does my answer above solve your question ? If yes, spare a moment to accept the answer and vote for it. Thanks. ... View more

@jaibalaramanIf the time is in milliseconds, microseconds, or nanoseconds you must convert the time into seconds. You can use the pow function to convert the number. To convert from milliseconds to seconds, divide the number by 1000 or 10^3. To convert from microseconds to seconds, divide the number by 10^6. To convert from nanoseconds to seconds, divide the number by 10^9. Date and Time functions - Splunk Documentation *** If the above solution helps, an upvote is appreciated. ***    ... View more

@NickNguyen Refer the below document.  Resource Usage: CPU Usage - Splunk Documentation  Solved: Example of how to measure server CPU usage? - Splunk Community *** If the above solution helps, an upvote is appreciated. *** ... View more

@keneyfofe Have you checked splunkd.log? Check the below link for reference.  https://community.splunk.com/t5/Splunk-Enterprise/SplunkUI-app-list-error-V9-1-0-1-SVA-S1-lab-instance/m-p/651872  If this helps, please upvote or accept solution.  ... View more

@jppasnak  Splunk team confirmed that is a bug on Splunk version 9.2.x. The Splunk Dev team is working on that. We can wait until they release fix version.    You should create a support/bug ticket to Splunk Support. ** If this helps, please upvote or accept solution. ** ... View more

@chanathipRefer the below link. How to integrate Splunk with SAP HANA? - Splunk Community     ... View more

@asakhaYou have to adjust your correlation search as per your fields.This is just a reference. Alert when end-users has logged onto the VPN entry point more than 5 times in a day. index=<indexname> sourcetype=<sourcetypename> status=success | stats count by user, _time | bin _time as day | where count > 5 | table user, day, count A fail-to-ban feature of IP address if their login fails more than 3times in 1hr. index=<indexname> sourcetype=<sourcetypename> action=failure | stats count as failed_login_count by src_ip, _time span=1h | where failed_login_count > 3 | table src_ip, _time, failed_login_count | eval ban_message="IP address " . src_ip . " exceeded failed login attempts (" . failed_login_count . ")." Weekly Report of End-Users’ IP Addresses Attempting VPN Logins index=vpn_logs sourcetype="your_vpn_sourcetype" | stats count as login_count by user, src_ip, _time span=1w | table user, src_ip, _time, login_count     ... View more

@sumarri    Kindly check the below documents for reference https://docs.splunk.com/Documentation/Splunk/9.2.1/Search/SavingandsharingjobsinSplunkWeb https://docs.splunk.com/Documentation/Splunk/latest/Security/Aboutusersandroles ... View more

@abhi_2985you can refer to the below documents. Splunk Web Interface SSL Certificates – Microsoft AD CA (yaleman.org) How do I configure an SSL cert for Splunk Web on a... - Splunk Community ... View more

@Mohd_Harahsheh9 Please find below the Tenable and Splunk integration documents.  Tenable and Splunk Integration Guide  Troubleshooting (tenable.com) Tenable Data in Splunk Dashboard  --- If this reply helps you, Karma would be appreciated. ... View more

@SCruz Follow the below document and go through your requirement to install the add-on or app in Splunk Cloud.  Install an add-on in Splunk Cloud Platform - Splunk Documentation  --- If this reply helps you, Karma would be appreciated. ... View more

@abhi04  @abhi04 Hello Abhi, To on-board the logs you have to use Splunk Add-ons not Apps. They handle tasks related to data ingestion, parsing, extraction etc. Splunk-certified or written TAs (technology add-ons) adhere to the Common Information Model (CIM) and are often used for data parsing. An app in Splunk provides a front-end interface for visualizing data. It’s like a user-friendly dashboard that allows you to explore and analyze information. If this reply helps you, Karma would be appreciated. !!!  ... View more

@pm2012Try this. We can do it in multiple ways.           ... View more