Setting default pageControls for results
Via the UI, in the view for flashtimelineI added values to pageControls for results and set the default to 50.While the new values do show up in the dropdown, I have searches (not all) that will come...
View ArticleSimple installation script for Universal Forwarder
When you have more than a few forwarders to maintain, it becomes tedious (and error-prone) to install them one-by-one. Using the Deployment Server is great for keeping the configurations up-to-date and...
View Articlecreate table for each application by each service
I am having 5 applications each having service names few are same. Ex : Application A - Services AA, AB, AC, Application B - Services BA, AB, BC and Application C - Services CA, CB, AC etc.. I want to...
View ArticleEnabling python log rollover in splunk
Hi,I need to provide the rollover policy for the python log file present in the /opt/splunk/var/log/splunk directory. I tried adding the following stanza in log.cfg:[python]splunk =...
View ArticleExtracting date
Hi, I have the challenge of pulling log files which come in m-d-yyyy format. Please advise how to advise the splunk forwarder to pull the above formatted log files. thanksRajeshwari
View ArticleHow do I use my credentials package?
When I download this file it's a .SPL file... I assumed the .MSI for the forwarder would find it in the directoryTrying to figure out how to forward to my splunk storm instance with a universal...
View ArticleSubsearch NOT in
I have two sourcetypes A and B - each has a column SERIAL_NUMBERSourcetype A has over 1000,000 records Sourcetype B has over 15,000 recordsI need every SERIAL_NUMBER in sourcetype A that is NOT present...
View ArticleMetadata results from this peer are incomplete: the peer has over 100000 entries
When I go to the dashboard_live I get the following warning:Metadata results from this peer are incomplete: the peer has over 100000 entries (see parameter maxcount under the [metadata] stanza in...
View ArticleIndex EVTX files on Splunk running on non-Windows box
I am running Splunk for Mac (Darwin) on my laptop. I have received handful of EVTX files for analysis from a project team trying to visualize events captured in these event files. I understand that,...
View ArticleInstalling SDK for python
I have easy_install installed in site-packages folder in python. My sdk folder is lying in python home directory. Please tell me the path settings required and how to install the sdk.Python version...
View Article日本語を含むタイムスタンプの設定方法
以下のような日本語を含むタイムスタンプをSplunkに認識させるにはどのような設定が必要ですか?金 3月 22 11:24:40 2013: Total time in the report period (60.000671s): 0.048412s 金 3月 22 11:25:40 2013: Total time in the report period (59.999630s):...
View Articleappend a variable to a search without results
I have a variable $var$, and want to display it a search result..Whe I make eval varSearch="test" | table varSearchThere are "no events found" how can I do that ?Same problem when having a variable...
View ArticleFillnull not working on my search
I've got a search that looks something like this:search | eval Minutes=case(field<120,"0 to 2", field>=120 AND field<180, "2 to 3 mins", field>=180 AND field<240, "3 to 4 mins") | chart...
View ArticleExtract fields using CLI
How do I extract fields using CLI.I want to know the method of extracting fields using CLI.I have extracted fields using splunk tool .Please can u guide me for how to extract fields using CLI.And...
View Articlegenerate pdf link is disabled
my generate pdf link is disabled. how can I enable it ?http://la-lu.com/thumb/uploads/pictures/8/a64f4222-648c-4f6c-b096-3c7a8b5694cb.pnghere is my splunk version 5.0.2, build 149561 here is my OS info...
View ArticleHow to Integrate other Visualisation tools in splunk
is it possible to integrate data visualisation tools like Flot, Raphaël, D3 with splunk? Which other tools can be integrated to improve visualisation? and how?
View Article某些用中文命名的搜索无法加入到导航栏
我用中文命名了一些搜索,但是有些可以显示有些却不行。比如用海口和三亚命名两个搜索,在导航栏里添加<saved name="三亚"/><saved name="海口"/>三亚可以在导航栏中显示,海口却不行。
View ArticleWhich indexes count towards the 500mb daily limit?
Hello,I was wondering which indexes are included in the daily 500mb limit of the free version?Is it just the main one or ALL of them including _internal and os etc...?Thanks,
View ArticleSending syslog from MachineA to ServerB..Thru port 514. Not successful.
Can anyone give me any hint about this? I have splunk installed in ServerB, Windows server 2008 and i have MachineA, XP. I hope to send the syslog from MachineA to ServerB thru port 514. To be make...
View Article