Moving DB files during Migration
Hi,We have a setup which is running on Splunk 4.3.1. We have a new setup running on Splunk 5.0.4.We have diverted all our traffic to new setup. Now we want to move all the warm dbs from older setup to...
View ArticleJoins, Eventtype and Global eventtype interference - oh my!
I have created a few very straight-forward eventtype (ET) definitions. Example: ET1index=myindex sourcetype=myst1 ET2index=myindex sourcetype=myst2 I noticed that when I use a join that combines the...
View ArticleSplunk indexer is trying to establish connections on forwarder systems on...
I have had a number of systems set up with a splunk forwarder. The forwarders are sending data, and our main splunk instance is happily indexing it. But today the person who runs the firewall that sits...
View ArticleOnly include events that match a list of 2000 different users
I have some logs that can include any one of 50,000+ users. But, i only need to index and keep a subset of that -- approximately 2000 users.. I'm looking for the most efficient way to only include logs...
View ArticleTimechart not showing all events with small spans
I've got a timechart hooked up to a particular source in my indexes, generated by a script which logs events looking like this every five minutes:Ready,205 Not Ready,108A field extraction has been set...
View ArticleFresh install - cannot login
Hi,I really don't get it. I just install (for the first time) Splunk (Splunk 5.0.4 build 172409) on my debian server. I try to login with username: admin and password: changeme. I always get : Invalid...
View ArticleSearch for multiple strings and put into one line chart.
I have a search that currently has 3 search terms...host="s2a*" "Command Aborted" OR "Internal queue full" OR "Aborting CMD" I want to put this into a line chart by number of occurrences returned. One...
View ArticleWildcard for Custom WinEventLogs
Our programmers code events to custom logs stored in the WinEventLog viewer. Instead of having to update the inputs.conf file for each new application and it's corresponding custom event log, is there...
View ArticleWMI:WinEventLog:Security - Discard events older than "x" months?
I've been able to start pulling AD logs via WMI which is nice and all, but I come in this morning and have 28 some odd million events in WMI:WinEventLog:Security. And a very unhappy splunk server after...
View ArticleDBconnect Database name with date
I am trying to connect to Forefront Threat Management Gateway (ISA/TMG) SQL server database. I have succeeded to connect to database, but there is environment specific barrier that I came across. TMG...
View ArticleDashboard HTTP user agent vs Time
Hi Everyone, I trying to created a Dashboard that will only shows Allowed traffic from a specific sourtcetype (ie. squid), with the MIME Type anything related to java ONLY and the x_wbrs_score <...
View Articleauthentication.conf multiple authType values
I am wanting to set up multiple authentication types, both LDAP and scripted. I would thus need to somehow set multiple authType values in the authentication.conf. However from reading the...
View ArticleCalculation based on field matching counts of a value
We have a CSV fields set defined (shortening it here), Txn,Destination,Status test1,NY,Pass test2,NY,Pass test2,NY,Pass test2,NY,Pass test2,NY,Fail test1,NY,Pass test2,NY,Pass test1,NY,Fail...
View ArticleNew App Site - Sorting by Newest Doesnt Work
For the past few weeks I have been checking out the new apps site and doing a sort by newest but the list never changes. I used to check it at least once a day and the list was always being updated...
View ArticleGet-WmiObject : Invalid class error in Citrix XenApp
In the Citrix XenApp app, there is no session information displayed.Upon running the script manually, the below error is given:C:\>powershell.exe -command " &'c:\program...
View ArticleDB Connect hangs when attempting to connect to MSSQL using SSL (ssl enforced...
My DB Connect app has no problem connecting to a non-ssl enforced MSSQL instance. However, when connecting to a ssl enforced MSSQL instance, db connect appears to hang.One interesting observation is...
View ArticleDoes batch processing of large zipped files require more memory than unzipped...
I'm just wondering whether more memory might be required for batch processing of zipped (gz and Z) files. It would make sense if that were the case.
View Articledb connect jbridge won't start
Hi,I installed and configured splunk db connect, but the java bridge won't start. I've installed it on other servers without any issues. I noticed the following in the jbridge.log:2013-09-04...
View ArticleHelp deleting data input via REST API Please
I am successfully utilizing the Splunk API through .Net and using GET, POST, and DELETE for many actions and all are working.Working until I got to delete data inputs.When I copy the exact url from a...
View ArticleSourcetype not changing for windows application logs
I have a universal forwarder sending the application logs for a windows 2003 server we have that only runs one application.Here is what my inputs.conf stanza looks like:[WinEventLog:Application]...
View Article