getwatchlist - url with space or %20
Can you tell me why I get an error when my URL includes this? command="getwatchlist", Error getting settings: '%' must be followed by '%' or '(', found: '%20Documents/list.csv'"
View ArticleHow to disable splunk launch messages
Take the sh out of ITThe splunk launch messages on the console are so cool but the sense of humor is not universally shared in my company.Is there a way to turn them off ?
View ArticleWhere does a search process consume its run time?
We have performance problems. Looking at one of the search logs, I see that it ends with08-16-2013 14:00:55.172 INFO NewTransam - Finalizing. Committing all open txns withheld 08-16-2013 14:01:26.542...
View ArticleTabs Within Tabs
I have a number of views with Sideview tabs that work well. In these instances the view shows the same four sets of information, one for each tab. Those are very straight forward and easy to...
View ArticleDB Connect Column Aliases
Is anyone having an issues with assigning column aliases in a mysql db?SELECT DISTINCT issuestatus.pname AS "Status" FROM issuestatuspname 1 Open 2 Assigned
View Articlevariance betweeen _time and date_* fields
I've got a situation where different date elements are providing inconsistent results for the same time data. I suspect this is a result of index time vs. search time processing and timezone...
View Articlesplunk clean all problem
I have been trying to wipe out an eval instance of splunk to start again, but I keep getting errors. I then upgraded to the latest version of splunk and tried again. I tried stopping all splunk...
View ArticleTable Drilldown into a defaut flashline
Hi,I have a dashboard panel showing data in a tabular structure. Here i just wanted a drilldown into a default flashtimeline on click of table's row(any value of a table). Here is the advanced xml...
View Articlegenerating regex
hi , in my log files their is field known as CPU TIME..which has values:- Jan 16 12:51:35 Phase 1 ended (674 seconds) CPU TIME status skew vertex 0.127 [ :12] 0% DLY_INT_Aggregate.abc 3.648 [ : 1] 0%...
View ArticleSearch auto-finalized after time limit (30 seconds) reached on running SubSearch
Hi,I have a search query which includes subsearch as follows:host="sharepoint" | rex field=msg "\sMore\sinformation:\s(?<EventCode>[\dxA-F]+)" | rename EventCode as output | eventstats count by...
View ArticleTrying to use the useragent lookup from the Exchange app outside the Exchange...
I'd like to use the useragent external lookup that is part of the Exchange app in other apps. Even though the lookup is marked as global I get the message: Error in 'lookup' command: The lookup table...
View ArticleIIS 8.0 logfiles
I can't seem to get Splunk to injest IIS 8.0 logfiles. I've installed a universal forwarder on a Windows Server 2012 server with IIS 8.0. IIS is configured to log in the w3c format. The UF is...
View ArticleSplunkd.log Moved to /var/log/splunk
My splunkd.log file moved to ./var/log/splunk/ this file is recording a lot of unusual log entries and rolling over quite often. Attached is an image of the log files.I have two questions. 1) How do I...
View ArticleWhere are tracking alerts stored for alert manager?
We have an odd use case to potentially create a large number of alerts using the alert "tracking" option. We would like to know how/where these "alerts" are stored to plan for disk or other...
View Article500 -Splunk Daemon is not responding:
I am getting this error when I load some of my dashboards:500 -Splunk Daemon is not responding:([Errno 73] Connection reset by peerIt seems to do it when my dashboards have searches that go back 3 or...
View ArticleCisco Firewalls/IPS apps update, now I get lookup table error
I recently updated Cisco Firewalls and Cisco IPS apps to the latest versions (2.0 and 2.0.0). Now when I perform a search I receive errors similar to this: "The lookup table 'err_code_lookup' does not...
View ArticleInline drilldown from HTML Module
Ist it possible to make an inline drilldown from an HTML module (using a div/link ..) instead of using a SimpleResultsTable or a Table Module?The HTML Module is used to emulate single values. When a...
View ArticleHow to escape double quotes in SideView Utils Textfield Module
I have a dashboard that uses two SideView Utils TextField modules. The set up is as follows:view textfield checkboxes checkboxes textfield button search table view The problem I'm having is in the...
View ArticleStep by Step to receive email alerts on Splunk
How do i configure Splunk so i will be able to receive email alerts from other servers? Is there any step by step procedure that i should follow. I have Splunk on Linux machine and never did that...
View Articleauto-finalized after time limit ( 30 seconds )
I am getting the following warning while running my big query : auto-finalized after time limit ( 30 seconds ) reachedcan you please let me know what to do if I get this warning, and how does it effect...
View Article