Upgrading a multisite indexer cluster from 6.2.x to 6.3, can I perform the...
I was reading through the upgrade documentation and came across a statement mentioning that I have to stop all peers and search head to perform the upgrade. My concern is that I will have to stop...
View ArticleLoglines with standard fields followed by kv pairs.
I've got a bunch of loglines that are very boring key value pairs - comma separated list of key=value. (So far, so good.) The first few (let's say three for example purposes) are always the same, and...
View ArticleScheduled searches running on all search head cluster nodes.
We are having intermittent issues where scheduled searches are running on all search heads. this is what we see in the logs. 2:11:28.731 PM 10-01-2015 14:11:28.731 +0000 ERROR SHPSlave - heartbeat...
View ArticleWhy is the splunkd.log reporting lots of "DistributedPeerManager - Unable to...
I have a very busy search head that complains : DistributedPeerManager - Unable to distribute to peer named slxxxxxxxxx:9089 at uri https://xxxxxxxx037:9089 because peer has status = "Down" The...
View ArticleHow to create 2 pie charts on license usage by index, one chart for...
Hi We are using a search which we got from Answers to calculate license usage: index=_internal source=*license_usage.log* type=Usage | timechart span=1d sum(b) as bytes | eval GB =...
View ArticleDistributed Search Replication Failure after 6.3 upgrade with error...
I've seen a few related issues on Answers, but not this specific error. I have a deployment with a single search head, two indexers, and a cluster master. After upgrading to 6.3, my search head can no...
View ArticleAverage sessions per hour
I am trying to calculate the average number of sessions per hour based on "off hours" 5pm to 9 am. I have the time range and events, I just need to do the math. This returns an empty result set:...
View ArticleCount identical messages as a total value in the results
Hi guys, What i would like to do is display as a count the number of times an identical message is seen in the Message.EventMessage field. If there was only one hit in the logs display 1. So far my...
View ArticleQuery SQL DB and ingest results to index?
We have a system that stores very valuable data into a SQL database. I'd rather not ingest the entire DB (because it's huge). I'm wondering what strategy I should go with to get just the results of a...
View Articleshcluster-config: Failed to convert mgmt_uri
Hello, Was just working on migrating our search head pool to a search head cluster today. Downloaded and installed Splunk 6.3 in the usual manner. I'm not sure if i'm doing something wrong, or there's...
View ArticleDetermining indexes.conf settings for all indexes combined
I've spent hours studying the documentation and articles outside of splunkbase about configuring indexing, and I'm still confused, and our indexing isn't working as expected. This shouldn't be that...
View ArticleWaiting for web server at https://127.0.0.1:8000 to be...
I am not able to start splunk after upgrade the app. Please provide me solution.
View ArticleHow many custom shapes does choropleth map support?
http://blogs.splunk.com/2015/10/01/use-custom-polygons-in-your-choropleth-maps/ Use Custom Polygons in Choropleth Map I have read the article above. Suppose I am working on a chessboard-like...
View ArticleWhy does the DMC setup fail when the admin account is renamed or deleted?
The DMC general setup does not work if you delete or rename the admin account (e.g. via user-seed.conf). http://docs.splunk.com/Documentation/Splunk/latest/Admin/User-seedconf In 6.2, the work-around...
View ArticleHow can I set a token to the current logged-in username in SimpleXML...
How can I retrieve the current username of a SplunkWeb user, and use that value in a token so that I can automatically customize subsequent searches on the dashboard to that username? I don't want to...
View Article