A BETTER ANSWER FORUM
just a suggestion for the Splunk team. a well organized vBulletin forum would serve the community much better.
View ArticleNetApp Add ons - Where do I find them?
Where can I find the Archive?"Two add-ons (located in the archive under appserver/addons): Splunk_TA_ONTAP7 - The Technology Add-on which can run on an Indexer, or a Forwarder Splunk_SA_ONTAP_KB - An...
View ArticlePalo Alto data not showing up
Running Splunk on RHEL x64 with the latest version of the Palo Alto app. On the over view screen I can see 1 pan reporting and events showing up nothing in the block-url and N/A on the top category...
View ArticleTurning a table
Is there a generic way to simply turn a whole table 90 degrees?For instance, if I had this:name b c d e f foo 1 2 3 4 5 bar 5 4 3 2 1 la 9 8 7 6 5 And I instead want this:name foo bar la b 1 5 9 c 2 4...
View ArticleHow to set a field value and leverage a lookup table?
I am attempting to use splunk to look up IP addresses that users punch in to our system. The reason for this is to find out what network they are on in correlation to our security policies. I am...
View ArticleLock files on Windows server
Does Splunk lock the log file while we’re reading it? This would be on my Windows server IIS and Exchange.
View ArticleTurning a table [Transpose]
Is there a generic way to simply flip a table around the top-left to bottom-right diagonal axis?For instance, if I had this:name b c d e f foo 1 2 3 4 5 bar 5 4 3 2 1 la 9 8 7 6 5 And I instead want...
View ArticleSplunkForwarder - Windows AD DC with Splunk Active Directory TAs
Hello, I'm wondering if anyone else has run into this. I consistent see about 60% of our DC's with Splunk Forwarders not properly restarting. This always happens when I adjust a deployment app to push...
View ArticleHow to limit the aggregate value like 'having' in sql
Hi, I want to filter the records after aggrigating it, almost similar to 'having' in sql. Here is search query:source="rest://Data" | eval limit = substr(CreationDate, 1,4) | where limit = 2013 | where...
View ArticleIs this Sparc system a good choice for my splunk indexer? If not, what is?
My hardware vendor just called and offered me a great deal on a Sun SPARC Enterprise T5120 Server, he said it would be perfect for something like Splunk, which uses lots of CPU cores. Is this correct?...
View ArticleOn windows, I sometimes get an error during log rotation if splunk is...
I do a rotate sql log frequently. Splunk is monitoring my log files There are sometime error on the SQL log file rotation processIs it really the Splunk process that cause the issue?
View ArticleAfter upgrading to 5.0.3, I can only export 100 lines of csv via UI.
Upgraded from 4.3.x to 5.0.3 this week and noticed that exporting from UI only produces 100 lines of CSV. Yes, I checked "Unlimited" and even tried checking the 10000 lines option.Using * | outputcsv...
View Articledbx running script jbridge_server.py a lot
Anyone know what this script is for and why it needs to run so often?
View Articlenode.js login error: no session key available
I am getting error: No session key available. Below is the node.js code in app.js. I'm getting the error at service.login() and then log the error. Please help. var splunkjs = require('splunk-sdk'),...
View ArticleHow do I create key/value pairs from a _raw field with only values?
I have a Symantec Messaging Gateway syslog input that provides syslog with no keys, only values. For example: 2013-07-11T13:13:16-04:00 appliance-name ecelerity:...
View ArticleUsing kv or extract ain't working
I have a McAfee Firewall Appliance log (Sidewinder for those of us familiar with the tool) that comes to Splunk by way of syslog and I'm trying to extract k/v from the log. Here's an...
View Articlesplunk add user non-interactive without logging in on command line
Hi,I am writing some scripts to manage the users on our Splunk environment. The scripts should be invoke in non-interactive mode from within another tool used for managing users in our company.The...
View ArticleSplunk DB Connect App not putting data in Splunk index
Hi: I'm trying to get SplunkDB Connect app to pull data from an Oracle database into Splunk.Working:Database ConnectionDB InfoDB Query with the SQL statement I'm usingNot Working: When I go to setup...
View ArticleWindows or Linux
We are purchasing Splunk and I wanted to see if there is any advantage on using a Linux box over a Windows box or vice versa.Thanks in advance.
View ArticleDo pool warnings cause violations?
I have:Current 1 pool warning reported by 1 indexer Correct by midnight to avoid violation Learn more Permanent 1 license window warning reported by 1 indexer 11 hours ago The license warning I...
View Article