Splunk JSChart truncation message not being displayed
According to the documentation, an error message should be displayed when exceeding the 1000 or 2000 object limit for charts rendered by JSChart. I have not seen this error message using Firefox...
View ArticleAdd new servers
Hi:How can I add a new server to splunk, I have 20 new servers and I need to this servers send the informaiton like, windows logs, systems, security, etc...
View ArticleWindows上のUniveral Fowarderの監視ファイルの一覧の場所
Windows7にUniveral Fowarderをインストールし、監視を行っています。インストール時にデフォルトで設定を行ったため、Splunk側でいくつかのソースに関して監視が可能になっています。監視しているソースについて知りたくなったので、Linuxと同様にUniversal Forwarderをインストールしてある端末のC:Program...
View ArticleArcSight and Splunk
Hi,From you earlier post, I understand that you have integrated Splunk with ArcSight and so I would request if you please help me to understand a few question here,What should be the SIEM architecture...
View ArticleBackup Index 'rawdata' only (exclude 'index files')
Hi All,If i wanted to only backup the rawdata, and exclude the 'index files', is it just as easy as excluding *.tsidx, or do I need to do more?Assuming that when you restore it, it'll go "oh, I don't...
View ArticleSplunk ES - lookup_expander - assets.csv - not handling IPv6?
Hello Splunk ES users :)I'm using the latest Splunk ES (2.4.0) and since the upgrade from 2.0.2, I have the following error:lookup_expander: Some lines in the input CSV contained bad data (file:...
View Articlelookup table 'dhcpd_cef-lookup' and 'dhcpd_mac-vendorname'
I am new to splunk and had been seeing the following error messages for the Linux dhcpd app. The look files exists on the SH server. So I opened the localtransforms.conf file. Every thing looked good....
View ArticleClik here to view.
transaction duration between subevents
Is it possible to calculate all the duration between subevents in a transaction? For example.. Here's the search:index=citrix source="C:\Temp\tslogon_log.txt" | transaction UserName host...
View ArticleDoes the Splunk for XenApp app need three different Indexes?
Hi Every one, I am doing a POC with the xenapp in out environment. I am able to install and get all the charts tables populate with data. But it uses three different Indexes, my question is does it...
View ArticleSplunk 5.0.4 migration - Should the forwarder be stopped while migrating the...
Hi Everyone,First a few words about my setup. I have a distributed setup with the following nodes IndexerSearch HeadForwarder (Lets call this the 'Light Weight' forwarder )Job SchedulerI have some...
View ArticleDashboards - Panels within panels
I am trying to build a master dashboard that will display multiple single alarms. I would like to use a panel to group 2 or 3 similar panels. There are a few comments indicating panel limit or...
View ArticleClik here to view.
50 page PDF report not fully rendering (4.3.4)
I have a large report that generates about 50 pages in PDF. The report is generated from a dashboard that contains 6 panels, all scheduled searches.For the most part it works, but since the report has...
View ArticleSSO sometimes fails with "deeper" URLs
Hello,I am trying to troubleshoot an SSO issue with "deep" URLs. SSO is configured with a reverse proxy which handles the CAS authentication via auth_mod_cas on Apache. It usually works.I noticed that...
View ArticleHadoop Connect - how to change the polling frequency of HDFS file lists, to a...
I'm using HadoopConnect. But, its creating pressure on name node with too many frequent requests for listing of files with -lsr recursive. How do we change the frequency to say every 5 or 10 minutes...
View Articlemvexpand gives "mvexpand output will be truncated due to excessive memory usage"
I give my splunk 50GB Mem with max_mem_usage_mb = 50480 in the limits.conf but splunk 5.0.3 gives me a "mvexpand output will be truncated due to excessive memory usage". THe job inspector shows that...
View ArticleIssue in sideview utils Pulldown
Hi,We have an existing dashboard that makes use of sideview utils Pulldown and TextField modules. The layout is as following:Pulldown1 TextField Pulldown2 SubmitButton Our requirement was that any...
View ArticleRiverbed - rbsh_process and rbsh_err_reason_failed
I am seeing a lot of below messages in the splunkd.log, for latter message I think I will have to re-write the regex. how do I fix the first warning message?09-03-2013 11:54:03.773 -0400 WARN...
View ArticlePie Chart data labels
How do i get to display the data labels within the Pie Chart. In general the data value and percentage is visible only when mouse is hovered over the chart, but i want that to be displayed always....
View ArticleUpgrade splunk from 4.3 to 5.0.3 not working
Hi,I upgraded splunk from 4.3 to 5.0. What i did.place the tar.gz achive in the folder where splunk folder is. stopped splunk untar the file , it replaced my older splunk directory. I changed the perms...
View ArticleIntentional stopped service in MSExchange
The "MS Exchange" app does a good job at reporting on services that are down; however, what if the service is down intentionally? What is the best way to tell the app NOT to alert on an intentionally...
View Article