Chinese Can't Be Displayed Correctly In DB Connect
Hello, Now,I just use DB connect to load my Mysql.But I have some difficulties with the charset.There are some Chinese in my DB and they can't be displayed correctly.I already write 'charset = gb2312'...
View ArticleDebugging filter strings used with role-based access
I'd like to restrict a certain group of users to only see a specific set of hosts within an index. I can set up the filtering strings using the Roles page of the Splunk Manager. Now I need to change...
View ArticleGetting Started Question: Finding failed Windows logon attempts
Ok, Great! So we just got splunk running. Now what. I've gone out and told it to grab AD data, so I thought Hey, how do I find failed logon attempts on the network? Even better, can I set a trigger to...
View ArticleSplunk Logging or forwarding its Raw Messages
For demo purposes, I plan to set up a single box (all-in-one) instance of Splunk and would like to configure Splunk such that all inputs that splunk ingests are stored in a local log file.Is there an...
View ArticleHow to test a correlation search?
So this is the pre-configured correlation search called "substantial increase in port activity". I'd like to tweak it to our needs... but to tweak it I need to test it. When I copy and paste the actual...
View ArticleNeed to return a field in a search even if it doesn't exist
Hi,I have a problem with a query which runs on an hourly basis as the fields that need to be returned can vary. The simple query isindex="test" | fields app,action,category | fillnull value="unknown" |...
View Article1 saved search for 2 panels
Hi. I have a dashboard with two panels (PC- and mobile site visits, for example, and they are divided by field src [src=mob vs. src=NULL]). I want to make ONE saved search that aggregates all needed...
View Articlesort and calculate the total of "other"
Hello, I would appreciate a hand with this case, I'm doing the following: ... | chart sum (valueA) AS MB by service | sort-count 5 The result, sort gives 20 rows, I would like the sum total of the...
View Articlejava bridge is not running - Splunk dbx app
java bridge is not running. Have installed Jdk 7 , also environmental variables are defined properly. What are possibilities for java bridge not running ?anybody could help in this ?
View Articleconcatenating fields at search time in props.conf and/or transforms.conf
I have a bunch of existing regexs that operate on an HTTP URI (E.g., "/foobar?x=1&y=2"). I have logs of two different source types, one in which the URI is reported as a single field, and another...
View ArticleSideView Utils ValueSetter Module Delim: Can you use newlines from a...
I'd like to use the new line as a delimiter in a ValueSetter module. The end goal is users, who are afraid of normal syntax, could add search logic per line and I'd use the ValueSetter Module along...
View ArticleForwarder Installation Script
I have created the script below to deploy forwarders to Linux servers. Hopefully it is of use to others in the community.If you execute the script it will tell you which parameters it expects to...
View ArticleDate comparison with if statements
I need to use an if statement to set the dates in startDateFrom and startDateTo if not specified in the selectedStartDateFrom and selectedStartDateTo variables.I then want to use startDateFrom and...
View Articlesplunk add oneshot behavior
We have loaded a 16GB file using oneshot from the command line of a universal forwarder. When the UF was restarted, the data load stopped and did not resume after restart. Is this the behavior of...
View ArticleIdentify start of new transaction when previous one hasn't finished
I need a search that can identify when a new TCP session from an IP Address is established but the previous TCP session hasn't closed. Below is a mock up of the raw event data. Line 1 & 3 are the...
View ArticleHow can I identify rarely used saved search for deletion?
We have accumulated about 1200 saved searches and about 90 dashboards over the years. I think it is time to do some clean up. I'd like to target searches that are no longer being used and not part of...
View ArticleXML event being truncated?
We have XML events that seem to be getting truncated by splunk and we are not sure why? We are feeding the data through a UDP burst and it just cuts off:Aug 29 16:14:22 10.142.102.50 Aug 29 16:14:22...
View ArticleQuestion about forwarding data from Splunk to 3rd party systems
Good day fellow Splunkers,I have configured to forward data from a Splunk indexer to a 3rd party system (doing index and forward). My questions would be:Upon checking UDP connections shows that Splunk...
View ArticleSearch causes Splunk to crash
I have set up a table in a view. However, with the search in place, over time, the memory on the Splunk server is consumed and eventually Splunk crashes. The server has 75 Gig of memory, and there are...
View Articlesummary indexing blocked and binary file warning
I noticed that my summary indexing stopped working. The summary results files are being generated in the spooler, but are not indexed.my /opt/splunk/var/spool/splunk/ folder is full of file like...
View Article