Difficulty getting -auth option recognised in query via Python subprocess.call()
Hi, I am experiencing difficulty entering credentials via -auth on a CLI query, when invoking via Python subprocess.call()If I run the following via terminal after restarting the Splunk daemon:splunk...
View ArticleAdd a clock to the header
Anyone have a suggestion on how I can add a digital clock or even a world clock to the header in the default view for my APP?
View ArticleRemove string from _raw if it appears as a field
I want to remove a string from _raw if it appears as a field say host. For example if I have [--T::] sched: _slurm_rpc_job_step_create: StepId=. hype usec= As my _raw message and hype is a type of host...
View ArticleClik here to view.
splunk is trigerring duplicate events from syslog.
Hi I have been using syslog to store my server logs and splunk will be monitoring the syslog.log file located at /opt/splunk/var/syslog-ng/ path. Now while splunk montoring the files i could see...
View ArticleThe lookup table does not exist for new user.
Hi,I created dblookup and used in a saved search as admin, which is working fine. However when I run same saved search as different user, I get following message: The lookup table 'abc_Lookup' does not...
View ArticleDB Connect tailing inputs fail after a Splunk restart
Indexer – 2K8R2-64, Splunk 5.0.3, DB Connect 1.0.9, Latest JDK, ojdbc6,Oracle 11 Server – 2K8R2-64The problem is that after a Splunk restart (from manager, CLI, server power button) the tailing inputs...
View ArticleDo pool warnings cause violations?
I have:Current 1 pool warning reported by 1 indexer Correct by midnight to avoid violation Learn more Permanent 1 license window warning reported by 1 indexer 11 hours ago The license warning I...
View ArticleSideview Utils 2.x and ES 2.4
In the documentation it states that ES is not compatible with Sideview Utils versions 2.x.What specifically are the problems. I've got ES 2.4 installed, and accidentally installed the 2.6.3 version of...
View Articlesnap to 5 minute increments in timerange
I have data that needs to evaluated over periods that end on 5 minute boundariesI would like to be able to snap to a search end time that ends on an even 5 minute increment like this: search ABC...
View Articlesnap to 10 minutes
Hi , I want to snap to 10 minutes. I know how to snap to an hour for example: ... | eval _time=relative_time(_time,"@h")However, this doesn't work for 10 minutes time. Is there any other way to do...
View ArticleSnap to half hour?
I fairly often schedule my searchesearliest=-1h@h latest=@hso that I know that whatever time it actually ends up getting run, it will always cover exactly the 60 minutes of the previous hour.Is it...
View Articlehow to snap to time unit of 5 minutes
for example: if the current time 5:23:20 PM, how can i get the time 4:55:00 PM. and if the current time 5:26:12 PM, how can i get time 5:20:00 PM, and so oni know splunk provide one minute time uint....
View ArticleHow to log Performance layer 4 traffic?
Hi,I installed the SplunkforF5 Networks application in my environment, it works when I log http traffic from a VS with a Standard Type. But all traffic my customer wants to log comes from a VS with a...
View ArticleSplunk for Cloudwatch
Hi Folks,I was wondering if you ladies/gents could help me. I'm trying to integrate Splunk for Cloudwatch to pick up message that are in an SQS. I have created and SNS and test alarms and I can see...
View Articleforward _internal index from deployment server
Hi, I have the following outputs.conf set in deployment server but the _internal index doesn't seem to be forwarded to the Indexer. What do I miss?outputs.conf[tcpout] autoLB=true autoLBFrequency=30...
View ArticleSideview PostProcess returning no results
Firstly, see my pastebinBase search:sourcetype=applog source!=*jboss-*GA/* | transaction transactionid keepevicted=t | fields _time, ResponseType, RequestType, PlatformName, ErrorMessage, exception,...
View ArticleBlueCoat Reporter And SplunkAppForBlueCoatProxySG
Hello,Currently the ProxySG's send the logs to a BlueCoat Reporter, and as a one off I need to import the information in to Splunk. With this in mind I thought that it would be best to use app for the...
View Articleip address and hostname from fowarder
I am using a host segment to set a 'hostname' (we have multiple hosts on one box) as set out below:[monitor://c:\logs\node-21\*.log] host_segment = 2 index = node_logs sourcetype = node_logs I would...
View ArticleUse of Splunk C# API under heavy traffic
Hi there,Please forgive the questions from a Splunk n00b, but I have not been able to find what I need thus far.I am writing an A/B testing framework for our site. Originally we thought we'd use StatsD...
View ArticleSimple XML Drill down Search
Hi Everyone, I have a simple xml with few charts, I am able to do a drill down with the clicked value and get was able to get the search results as events. But I am trying to see if there a option to...
View Article