Can Splunk be used to sort through emails?
Can emails be sent directly to a Splunk server so it can go through and alert on emails of interest?
View Articleclearing the jobs automatically using batch file
Hi, I want to clear the jobs every 30 mins and refresh the jobs immediately after clearing the jobs in windows, can anybody help? I think we can do by using batch file but I do't know the batch...
View ArticleTime is always off and need to select past 4 hours or All Time to see Flow data
Great app so far aside from it not being able to read IPFIX which is required for VMware vSphere NetFlow collection on the vDS.Other than the IPFIX problem, I have run into one other problem - I have...
View Articlecan a php code be excuted if we keep it in appserver folder of splunk app ??
Hi..I am interseted in creating a feedback form for my splunk app. i had the html page and the php code for the same . can you pls help where i can place this php file and excute the form ??can splunk...
View ArticleNesting the main App menu
Is there a way to create a nested App menu for Splunk (the default App menu)?
View ArticleBug in splunk 5.0.4 with pdf generator
It seems that if you use the <html> tag in a view the pdf generator fails with the error "'NoneType' object has no attribute 'strip'"Unsure where to file this bug, sorry if this is an off topic...
View ArticleAdvanced XML softwrap simpleresultstable module in sideview Utils
I am using sideview utils to create advanced XML Dashboard.Search module push the result to pager and then pushed to simpleresultstable. i want to assign softwrap to simplereultstable so dashboard...
View ArticleCitrix XenApp farm data not returning
Hello,We are running the Splunk Citrix XenApp app but in some cases the scripts are not returning back farm data including the name and the citrix servers located there. Has anyone else seen this and...
View ArticleCan anyone help clarify why splunk sometimes indexes duplicate events from...
I've been all over related questions in Splunk base, but I have not found out why exactly Splunk will sometime index duplicate events. A simple dedup will help mitigate this issue but does not get to...
View Articlewhat's the correct format for multiple email addresses in an alert?
If I run a manual search and then create an alert, modal dialog wizard that walks me through the alert setup requests a semi-colon seperated list of email addresses. However, when editing an alert via...
View ArticleDomainSelector.csv invalid while using Splunk for Active Directoy
Get the error DomainSelector.csv invalid when trying to run Splunk for Active Directory. The csv file is there but empty. After other article about similar issues it sounds like there should be data in...
View ArticleTransactions within transactions
I have a set of two logs that share a common field (RID). One log contains the "user" actions while the other log contains the java, odbc, etc., actions (ibatis log).What I need to do, is figure out if...
View ArticleSplunk DB Connect App not putting data in Splunk index
Hi: I'm trying to get SplunkDB Connect app to pull data from an Oracle database into Splunk.Working:Database ConnectionDB InfoDB Query with the SQL statement I'm usingNot Working: When I go to setup...
View ArticleIs restart required after making changes to Props.conf and Transforms.conf?
Do I need to restart Splunk after I make changes to Props.conf and Transforms.conf for the changes to take effect?Thanks
View ArticleOnly 100 Results return with python API query
Hello there, I'm still newer to Splunk (and python which doesn't help). I used the code from the search and poll results code on the sdk page. I can't seem to figure out how to get more than 100...
View Articlewhat does perc95 and all those stats functions perc*
In stats calculation, I use average avg() and median but I saw other people using "percentage Xth" like perc95(). What does it do exactly ?see docs...
View ArticleNot able to restart splunk instance
Hi I am not able to restart splunk processI am getting Can't unlink pid file "/opt/splunk/var/run/splunk/splunkweb.pid": Read-only file systemerror . can anyone help me?
View ArticleHow can I remove text from _raw if it appears as a field in Splunk
I want to remove a string from _raw that appears as a field in Splunk say host. For example if I have the _raw message:<ConMan> Console [hype33] log at 2013-08-15 00:00:00 PDT. 2013-08-15...
View ArticleSearch cluster operator drill down issue
I searched the error events and use the "cluster" operator as below:error | cluster | table cluster_count _raw I got a list of clusters with the size of each cluster as below:1 98 192.168.11.37 - -...
View ArticleError when configuring LDAP authentication over SSL to Active Directory
I have installed Splunk on a Windows 2012 server. I am able to configure unsecured LDAP to a Windows domain controller, but as soon as I enable LDAP over SSL and change the port, I receive the error in...
View Article