Year month day only time stamp
Hi, I'm wanting to investigate daily log in csv format using splunk. The timestamp of log is in the format YYYY-MM-DD. In default, splunk fails to generate timestamp since there is not hour, minute,...
View ArticleDBConnect output to distributed indexers
I am struggling getting the output of my dbx application to send to distributed/load-balanced indexers. I can get output to go to a locally defined index fine, but am unable to get it output to...
View ArticleCustom Condition Search for Alert for HTTP status code report
I have the following search in an alert that triggers every 15 minutes:source="C:\logs\path\*.log" | chart count over http_status_codehttp_status_code is a custom field. The search works well, and...
View ArticleSplunk App for NetApp Ontap issues
So, I cannot get ANY data from the NetApp simulator (8.2 7-Mode). I am using VMware workstation as a proof of concept.....Caveats - 1 I am NOT a Linux guru. 2. I am new to Splunk. 3. I like to follow...
View ArticleInline Drilldown & PostProcess
Hi I have a dashboard where I am drilling down based on user selection. I have a table which displays top 10 users based on their UI activity. Upon clicking, a timechart based on his runTime should...
View ArticleCan i restrict users to use only one index from my indexer server ??
Hi ..I was doing the splunk Configuration for Security Appliances..Now my scenerio i have user SeachHead (SH) and a Indexer ( IN) . This Indexer is having multiple indexes in it say "A","B","C" and "D"...
View ArticleHow to completely remove remote data functionality in Splunk for Palo Alto...
Environment: Windows Splunk 5.0.4 Splunk for Palo Alto Networks 3.3.1I am looking to install the Splunk for Palo Alto networks in an environment where Splunk has no access to the outside world. That...
View ArticleConfiguring Hunk Beta
I am trying to configuring Hunk beta using Splunkbeta 6.0 to connect to my hdfs node(hadoop .20.0.203) . I am follwoing link hunk-intro-part-3. Once i configured as per the link, and i run search...
View ArticleBest way to verify that sourcetypes are being reported by all systems with...
We have several Windows servers with the light SplunkUniversalForwarder installed. Recently we discovered a few servers weren't reporting a sourcetype. I want to verify that each of the servers with a...
View ArticleClik here to view.
Chart visualization
hi, this is my query index=tm_idx host="server" sourcetype="TM_Test_10" | rex field=msg "(?i)TM1sserversloadstimes(secs)s=s(?P<timetakentostart>w+)" |where timetakentostart!="" | timechart...
View ArticleSplunk search head issues running on a VM (memory leak?)
All,I have a search head running on a VM that reads from two search indexers (also on VMs). I've been having issues with the search head's virtual machine.About once every week or two, we can no longer...
View Articleprops.conf not recursing all directories
I'm trying to go down a line of directories to get the syslog files. The recursion works for year 2013. To make sure it works for other years copied 2013 files to 2012 and changed year in all in all...
View ArticlePlanning Cluster Total Storage Capacity (when no one peer holds entire...
Hi,I've read several cluster deployment references but still have no clearly answer for one question.I need to store 50 TB of data in a cluster with 30-50 typical peers which have 1-2TB RAID1,10...
View ArticleSearch index using search values from database
I want to be able to do a search of an index with search parameters returned from a database lookup. An example would be a table like:User Name | Employee ID Jim 1234 Joe 2345Then my search could...
View ArticleIncomplete LOOKUP results
Hi,I read about many similar issues here, but I was not able to get a satisfying answer. I am trying to use a lookup table, lut.csv, to add information to some events. That LUT is written over daily...
View ArticlePass login id to query
I am looking for the simplest way to pass the login name to a variable in a query. I want the $formMgrVZID$ to be the id that was used to login to splunk.This query has the variables...
View ArticleAre there any plans to add compaction of the internal index databases? and...
Hi,I was just curious to know if adding the ability to compact the index databases is on the product timeline. It would be very nice to be able to compact the indexes of deleted data when neeeded....
View ArticleHadoopOps Version Support
Hi,Does HadoopOps App supports Hadoop 1.1.2 version ?? Appreciate your help.
View ArticleDefault app vs role indexes
I have begun an investigation into best practices for default index configuration.So far I have found two options:Setting the attribute "defaultDatabase" in the indexes.conf at the app level. See here:...
View ArticleCustom Alerting
I am currently sending all cisco ace load balancer syslogs to my splunk server.Within Splunk, I have two separate real-time alerts - one alert notifies me via email when a certain server goes down and...
View Article