Difference between last(X) and latest(X)
Hi,What is the difference between last(X) and latest(X) functions for stats. I tried both in searches and i get same output. The difference is not quite clear in splunk documentation...
View ArticlePie chart Legend Problem
Is there a problem with having a pie chart legend (simple XML)?Just trying a simple pie chart with a legend from docs and it is not showing up. When I make it a bar chart it shows up.Just a simple...
View ArticleSideview Checkboxes Bug?
Hi, Ive noticed that the checkboxes module doesn't appear to work anymore in the latest version of sideview utils. In the checkboxes1_intro view if you check off one of the examples the value doesn't...
View Article'Embed Splunk dashboard elements in third party software' Has anyone done...
Hi Splunk'ers,I've now tried a lot of avenues to display my dashboard on a website but have had no luck.With reference the documentation:http : // docs.splunk.com /...
View ArticleError: "Could reach host, but login failed" for VMware 2.0 configuration.
I need some assistance on the setup of the Vmware app. I am receiving an error, which is below, however we have validated credentials etc. and they are correct. How do we get past this?"Could reach...
View ArticleSMI error converting MIB to Python egg
Hello, new to Splunk here. Having some issues converting a SonicWall MIB to the python egg format. Here was my input: "#build-pysnmp-mib -o SONICWALL-FIREWALL-TRAP-MIB.py...
View ArticleStatus of Forwarders using Deployment Monitor
I have been going through some of the searches in Deployment Monitor. I would like to get an idea on the health of our forwarders. I see the macros for all_forwarders which expands out to a nice long...
View Articleextracting year from directory name & date/time from file
I have syslog files that are in the directory structure of system/Hosts/year/month/dayI've been able to get the indexer to list the file date as date time (Aug 13 2:00:01) based on input to...
View ArticleJoin 2 large tstats data sets
I need to join two large tstats namespaces on multiple fields. For example, I have these two tstats:| tstats count(dst_ip) AS cdip FROM bad_traffic groupby protocol dst_port dst_ip and| tstats...
View ArticleCan Splunk index an Outlook Inbox?
Is it possible to configure Splunk to monitor an Outlook inbox?One solution I have considered is configuring the inbox to forward the mails to a file that Splunk would then index - would this work? Has...
View ArticleHow can I monitor two access logs at once without using the regular...
Hi,Lets say I have 2 environments(TESTPROD), And in each one I have 2 brands with 2 diffrent access logs: access-brand1.log, access-brand2.logI'm trying to monitor them both but I'm already using my...
View ArticleCan I use environemnt variable as host in inputs.conf of forwarder ?
Is it possible in inputs.conf in windows machine to use host=$<env_var> I tried using: host=$computernamebut in the indexer the events show 'host=$computername' and not the value of $computername
View ArticleJSON is truncated
Hi together,I am trying to get data via REST API input, but I'am getting this message in splunkd.log:Truncating line because limit of 10000 has been exceeded with a line length >= 62248It seems to...
View ArticleMonitor File shows GMT not local time
I am collecting syslog using syslog-ng. the events collected in the file are showing GMT.When I setup a file monitor for the events they are indexed in the future.What is the best way to handle this...
View ArticleOutput scheduled searches' results to syslog?
I'm trying to output an alert via syslog to our Orion server. Any suggestions on how to do that?
View Article4.2 License reports exceeded, but stats don't back it up
The license master License Manager interface showed me thisMar 31, 2011 12:25:57 PM (just now) This pool is over quota=3196059648 bytes, please correct before midnight >...
View ArticleChecksum for seekptr didn't match, will re-read entire file Checked with diff
Trying to watch SAP work logs. With some of the development logs, I continually get Checksum for seekptr didn't match, will re-read entire file. Doing a diff on the log files I get an error about the...
View Articleinputlookup with database lookup
Is there a way to use a database lookup in the way you would using inputlookup? If I wanted to just dump the contents to be searched against? I can do it with dbquery but wonder if there is a way to do...
View Articlepassing previous result fields to localize and map
Say I have a search like this, trying to find all the events that occurred on hosts around the some_text event: index=_internal host=host1 OR host=host2 source=splunkd.log some_text | localize | map...
View Article