New App Site - Sorting by Newest Doesnt Work
For the past few weeks I have been checking out the new apps site and doing a sort by newest but the list never changes. I used to check it at least once a day and the list was always being updated...
View ArticleDB Connect: When do dbmon and dbtail do the indexing?
Couldn't find the answer to this is the Splunk Docs, but since using a DB as the source is different than sourcing a file to be indexed, the question arose.
View ArticleUploading a > 100Mb file
I am trying to upload a > 100Mb file (gzipped is just 17Mb). There is no support for the upload of zipped files. How can I put my file on your servers?
View ArticleSplunk for Squid sourcetype
Hi Guys,after installed the Splunk for Squid app no data is showing, further looking and found out that it search for sourcetype=squid. i have 1 sourcetype for all of my servers - syslog that run with...
View ArticleHow to fix conflicting Sourcetypes
My Splunk instance had a sourcetype called Netstat (csv format), when I downloaded the Nix App (which also has a Netstat sourcetype) all the data was reformatted based on the NIX Netstat sourcetype...
View Articlepassing search result to empty python file
hi, i am running a query index="dataload" in search and i want to transfer it result in empty python file ..For that i hv uploaded a python sdk and created an empty file in aap-search-bin folder..but i...
View ArticleRow Click Custom Simpletable
I'm building an collapsible table using bootstrap or jquery ui. Basically, when a user clicks on a row in a simpleresultstable it will use an accordion to then show additional details of an event. I...
View ArticleEstimating volume requirements for internal indexes?
Hi Splunkers!So as part two of my storage estimation (part one HERE), I have to allow for the growth & storage of the internal indexes in the following environment: - 100GB/day - 90 days data...
View Articledbconnect returning data from 2 db's with same field names
Splunk doesn't seem to work with the AS operator in SQl, but rather expects you to RENAME after the query. But what do you do if the query returns the same field name in 2 dbs like this? When I try to...
View ArticleNot indexing
We have just set up Distributed search with 2 indexers and one search node. Our data source is a folder with log files. The splunkd.log show many lines with the following WatchFile - using folow tail...
View ArticleHigh Availability Hadoop Cluster problem
Hi i run a cloudera high availability cluster.My management and data networks are seperate which is fine for all over applications however hadoop connect makes the assumption that the Namenode mgmt...
View ArticleCalculating percentages for source and destination IP data by source count...
Good Day!Given the following data...srcdst1.2.3.49.8.7.61.2.3.49.8.7.61.2.3.49.8.7.64.3.2.16.7.8.91.2.3.45.6.7.8I'd like to display a table showing the percentage of events by src and then breakdown...
View ArticleDB Connect App Encryption
What password encryption scheme does DB Connect App uses for encrypting database passwords?
View Articlebucket error "Leaving it in PendingDiscard state."
I'm looking for documentation about the following error:"Discarding bid=foo~0~60F537A5-5D22-4F24-81FD-000544991297 on peer=8E98E68C-5240-4298-9B79-AAFC9C42B2A7 failed. Leaving it in PendingDiscard...
View ArticleCorrelation Searches - timing, scheduling, and throttling question
When you create or edit a correlation search, you can configure the Time range, Cron schedule, and Throttling. I have several correlation searches configured like this:Time range: Start: -15m | Finish:...
View ArticleSimpleResultsHeader include intention field in chart title
I have a form that displays metrics on a single host. The url can include the hostname, or the user can put the hostname into a input field on the page. My "intention" name is HOST and I would like to...
View ArticleSyslog UDP data filtering to index
We have data that comes into UDP port 514 on a heavy forwarder that we than send to our indexers. The data looks like the below:Aug 26 12:23:19 10.142.102.50 Aug 26 12:23:18 pl-wlmuatdp4...
View ArticleSearch time - xpath command namespace handling
Splunk: 5.0.4Anyone know how to give the namespace to the xpath command? When looking at the xpath command and other discussions they always speak to simple examples without namespaces. For example...
View ArticleSplunkd process on the indexer in clustering using too much RAM
Hi, Splunkd process running on the indexers in using more RAM memory . With in last 7 days it has increased the usage from 9.8% to 70% on 20 GB RAM. It is killing the Splunk process after reaching the...
View ArticleChanging the Master node ip
Is it possible to change the Master node server ip? I have to change the current Master node with a new machine but I can not reuse the same IP. Which problems I will meet with a new ip? Thanks a lot.
View Article