content-length error
Hi, How long can a url be?I get the following error: command="importutil", 'content-length' Usage : importutil [config=<config>] [format=<format>] <protocol> <url> My url is 79...
View ArticleUCS App, Splunk on Windows
Has anyone get this to work? Does python need to be installed on the Windows Server?Also, in the readme file it says to perform all of this configuration to the credentials.csv, managers.csv file...
View ArticleNot able to restart splunk instance
Hi I am not able to restart splunk processI am getting Can't unlink pid file "/opt/splunk/var/run/splunk/splunkweb.pid": Read-only file systemerror . can anyone help me?
View ArticleAccess to Splunk app
Hi,Upon downloading a Splunk app I get AuthorizationFailed message:AuthorizationFailed: [HTTP 403] Client is not authorized to perform requested action;...
View ArticleApplication Icon did not appear
Hi everyone.I am in the midst of creating an app and I have been wanting to upload an App Icon (logo) so that it could appear in my Home page. However, it does not work. The method I used is as...
View ArticleDNS_Type regexp not working
I am trying to use the Splunk for DNS App. Most of the saved searches work based on a regexp which searches for a "DNS_Type"-field. I guess it's trying to match the type of log-message (client query,...
View ArticleCitrix Xenapp showing incorrect perf data
Hello,We have the Citrix Xenapp App deployed in our environment but its reporting in the wrong available memory. It says it is in MB but it is in just bytes and is misleading. Any idea how to fix this...
View ArticleRemove old forwarders
How can I remove forwarders that no longer exist, ie the server has been decommissioned? I am using Splunk Storm and cannot delete any of the non-reporting forwarders.
View ArticleHelp on top10 search with variations
Hi community,let's say we have a online shop which is selling products which could appear in different variations - colors for example. So we have the fields productID and variation. Now I'd like to...
View ArticleUpgrading Universal Forwarder on Windows Via CLI
I am trying to upgrade UF from 5.0.3 to 5.0.4.Documentation says the following: Note: You do not need to stop the forwarder before upgrading. The MSI will do this automatically as part of the upgrade...
View Articleindex time SED from props.conf
Are the SED commands in props.conf excuted in order? In other wordsNote: (All the following is under [default])Can I write a test to set a field so it will fail a SED test SEDCMD-callid...
View ArticleLookup Table for all Sourcetype
Hi All,Quick question, in Manager » Lookups » Automatic lookups » Add New on Apply to drop down box, we can select from SOurcetype, source, or host. If I choose any of the choices, can I put * on the...
View ArticleSplunk_TA_nix startup typo Error
Anyone else get this typo error with the eventgen.conf`Checking: $splunk/etc/apps/Splunk_TA_nix/default/eventgen.conf Possible typo in stanza...
View ArticleWhat does this splunkd.log event mean? 07-19-2013 04:19:02.641 -0400 INFO...
I'm seeing a repeated pattern of events in splunkd.log, relating to several .dat files in the MAXMIND app. What is the event trying to tell me?07-19-2013 04:16:57.956 -0400 INFO Archiver - Archiving...
View Articledashboards via email
How do you send a dashboard via email, not with the link that appears when you save it! It's possible? Thank you
View ArticleField Name/Value Pairs - Searching with a Lookup Table
I'm looking to read in a set of field name/value pairs from a given lookup table (using inputlookup) and then use that as a set of parameters in a search. Specifically, I'm looking to search for...
View ArticleData input sql - latest indexed time
I created a data input from Manager. The input is a sql query that retrieves data from database. The refresh type is full dump and happens every hour. The dump retrieves around 250+ rows (the count...
View ArticleUpgrade splunk from 4.3 to 5.0.3 not working
Hi,I upgraded splunk from 4.3 to 5.0. What i did.place the tar.gz achive in the folder where splunk folder is. stopped splunk untar the file , it replaced my older splunk directory. I changed the perms...
View ArticleAdvanced Chart Drilldown Question
I have a chart which I want to be able to click and drilldown to another chart. My problem is that I want to be able to define a hidden search criteria and don't want the click to add any terms to the...
View Article