Compact indexes after piping search results to 'delete'
Is there a way to compact the indexes after a search that is piped through to the 'delete' command so as to recover disk space? If so how? I haven't been able to find it in the docs or from searching...
View ArticleRetrive configured Index name via sendemail.py
Hi All,I have some set of dashboards created and i have added some search queries as part of the dashboard.I need to schedule the dashboards for every 1 hr. Hence i make use of the option "Schedule PDF...
View ArticleHow to specify x-axis intervals on timechart
Hi When doing a query like so * | timechart span=1d count I would expect the intervals on the x-axis to be 1 day per tick, but instead it is 2 days per tick.Is there a way to format the x-axis to...
View ArticleClik here to view.
splunk is trigerring duplicate events from syslog.
Hi I have been using syslog to store my server logs and splunk will be monitoring the syslog.log file located at /opt/splunk/var/syslog-ng/ path. Now while splunk montoring the files i could see...
View ArticleFree version - splunk, font setting seems not work
How to set font size and color with free version of splunk... It seems that the update in xml does not work <option name="charting.backgroundColor">0xF00000</option> <option...
View ArticlePager displaying before Table module with a Button to show results
I have a panel that displays a count of results, but in order to save space, I included a button to display the results in the table when clicked. This currently works fine, but if I have enough...
View ArticleHide drilldown panel when click on different pie chart.
I have dashboard with some panels. like, panel_row2_col1_grp1, panel_row2_col1_grp2, panel_row2_col1_grp3. All this grp contains pie chart. now from this pie chart i have created drilldown, which shows...
View ArticleWhere can I get the Web Intelligence documentation
Hi there,Could anyone tell me where can I get the Web Intelligence documentation?Thanks, Alice
View ArticleDB Connect tailing inputs fail after a Splunk restart
Indexer – 2K8R2-64, Splunk 5.0.4, DB Connect 1.0.11, Latest JDK, ojdbc6,Oracle 11 Server – 2K8R2-64The problem is that after a Splunk restart (from manager, CLI, server power button) the tailing inputs...
View Articlemvexpand gives "mvexpand output will be truncated due to excessive memory usage"
I give my splunk 50GB Mem with max_mem_usage_mb = 50480 in the limits.conf but splunk 5.0.3 gives me a "mvexpand output will be truncated due to excessive memory usage". THe job inspector shows that...
View ArticleA Chart with Total values and then an average Value
So I have a some data that I've put into a chart. For the purposes of this question lets say the data is in the form "Username Purchases"userA 400 userB 800 userA 150 userZ 900 userA 350 userB 700 How...
View ArticleDo pool warnings cause violations?
I have:Current 1 pool warning reported by 1 indexer Correct by midnight to avoid violation Learn more Permanent 1 license window warning reported by 1 indexer 11 hours ago The license warning I...
View ArticleDashboard Panel HTML location
Hi,I wrote a simple search and created a dashboard panel using the Create --> Dashboard Panel option available in flashTimeLine.The dashboard panel is saved as xml file and i know its location....
View ArticleFind changes that require a restart of Splunk?
I logged into Splunk today, and got the dreaded "Splunk must be restarted for changes to take effect" message. The thing is, neither I nor anyone on my team made any changes that require a restart. So...
View ArticleClik here to view.
Why is the chart so large
I have notice lately that the charts on my browser are showing up too large.is this a browser problem? what can I do about it?See Attached :-)
View ArticleTryign to Setup RADIUS Authentication
I was not able to do a succesful test but I decided to save the configurations anyways.I am seeing the following in the logs:08-22-2013 16:16:32.299 -0400 ERROR ScriptRunner - stderr from...
View ArticleClik here to view.
Restoring archived indexed data
Hi,I've archived indexed data into location "D:\Program Files\Splunk\myfrozenarchive" and now myfrozenarchive folder has to folders db_1364755264_1356979773_16 db_1364971832_1364756312_15 Both these...
View ArticleUse query $foo$ in html module : error with whitespace
I have a search module, after that module I want an html module with to links : - one link pointing to flashtimeline/?q=| loadjob $searchid$ - one link pointing to the search itself :...
View ArticlePostProcess ViewRedirectorLink
Hi, I am trying to figure out a way where for a PostProcess search, ViewRedirectorLink popup displays exact search instead of base search in the new window. For e.g. take a look at below snippet:Both...
View ArticleLine breaking does not work for events with the same timestamp
Help please! Our data looks like the one below....1377190800,ANAQUA_VMs,52940532,987100964550,Normal,0,161792,50,18623,4.29447,3.02706 1377190800,ANAQUA_VMs,ANAQUA_VMs-ETC,P,166810,47232,33,8 And here...
View Article