(javascript) Context setter : Problem with sideview
Dear all,I've tried to set a token for a $foo$-variable in javascritp using the context.set-method, but it doesn't work as expected - here is an example, what I've done (simplified).var context =...
View ArticleCheckboxes dynamic list only show less than 100 checkboxes populated from a...
Hello, I have a saved search with more than 100 values that i would like to show in checkboxes modules of sideview. How to do that?<module name="Search" layoutpanel="panel_row2_col1" group="Select a...
View ArticleSideview Utils and Splunk 6 Beta
I am evaluating Splunk 6 Beta and have installed Splunk App Sideview Utils 2.6.1. I am unable to use the editor to modify/create views. I can make changes to views in the Sideview Utils editor however...
View ArticleHow to reload the previously selected form for modification Splunk...
Hi, My question is next step of http://splunk-base.splunk.com/answers/73727/how-to-use-multiple-checkbox-instead-of-multi-select-dropdownI have used multiple check boxes and given them a custom...
View ArticleDynamic Baseline for Timechart
I need help building a chart that has a dynamic baseline based on the last 30 days of data. Over that baseline, I would put values from the last ten days.I dont have the karma to post the mock-up image...
View ArticleHow to convert a Splunk Universal Forwarder in intermediary syslog server
I am trying to send syslog data to Storm, but I have 2 issuesI cannot specify another destination than UDP 514 on my servers.The IP of my servers is not static, and I cannot maintain them in the...
View ArticleWhat is the expected behavior for slow writing log files?
I believe I have an application that is unusually slow in writing its events to a log file. Events are multi-lined but the application (I believe) takes several seconds to write each line.If I were...
View ArticleHow to force rex to extract a field with numeric type
(Splunk 4.3.2, in case it makes a difference)I'm using rex to extract a sequence of digits, and I'd like Splunk to treat it as a numeric field, rather than categorical - so the automatic summary data...
View Articleクラスタ構成におけるバケツのコピーについて
クラスタ構成の動作について以下の2点について教えていただけますでしょうか。Q1 クラスタ構成にてファイルのコピー方法はクラスタマスタがソースピアに指示すると理解しています。 その際、ソースピアからターゲットピアにどのようなルールでにコピーさせるか教えていただくことは可能でしょうか。 また、直接フォルダを確認する方法以外にバケツのコピーを確認する方法はありますでしょうか。...
View Articledeploying Dashboard apps, search apps(search phase) etc in Clustered envrionment
Looking to leverage Index replication but still unsure on how to deploy apps with views,search time apps to participating indexers?,search headsonline documentation suggestes there are some limitation...
View Articleregex syntax clarification
The following search returns results: "context"But this one does not: regex "context"And neither does this: regex _raw="context"+Why not?+I am using Splunk 4.3.3 and according to...
View Articlecompression rate of indexed data: 50gig/day in 3 weeks uses 100gig HDD space
Hey,we just set up a indexer 3 weeks ago. By now we are indexing about 50gig/24h. If I go to Manager -> Indexes I can see that our main index only has a size of about 100gigs. Mostly just eventlogs...
View ArticleScaling out splunk environment
Hi!I would like to ask question for the scale-out process for splunk.I am considering to build the splunk on single server but bit concerned when to scale out server as search-head and peer node.Are...
View ArticleHow to remove "received event for unconfigured/disabled/deleted index" messages
Due to some mistake, I am getting this messages:received event for unconfigured/disabled/deleted index='2013-03-10 19:53:34_stats' with source='DatabaseQueryMonitor' host='host::Counts@PROD'...
View ArticleRegex to log will not contain anything
Hello. Appreciate your support, in the file transforms.conf REGEX try to make a log of all without "webfilter" and sent to nullQueue. I tried to do something like this [discard] REGEX=!webfilter...
View ArticleCisco Firewalls/IPS apps update, now I get lookup table error
I recently updated Cisco Firewalls and Cisco IPS apps to the latest versions (2.0 and 2.0.0). Now when I perform a search I receive errors similar to this: "The lookup table 'err_code_lookup' does not...
View Articlemany results in subsearch?
Hello, newbie here...index="prd_stats" sourcetype=appman:linux host=foo* attribute=CPUUtilization earliest=-1month@month latest=-0month@month | stats avg(value) by host When I execute this search I get...
View Article"DM sourcetypes too much data" and "DM missing sourcetypes"
HiWe are getting following Alert and wondering if you could tell us what does this mean and what can we do so that we are not using up licensing quote.1) DM sourcetypes too much data 2) DM missing...
View ArticleError 'Could not find all of the specified lookup fields in the lookup...
This is a fresh install of Splunk 5. I have satisfied all required dependencies of the Splunk for Cisco ASA app. However, when I select the app, I am getting this error.Error 'Could not find all of the...
View Article