If I log into the Splunk UI on a cluster peer (indexer), why don't I see all...
I have a 5.0.4 cluster environment with search factor (SF) and replication factor (RF) set as 2. Since SF=2 both peers should have searchable copies of the hot bucket therefore I was expecting to get...
View ArticleUnable to count error events by source IP
Granted I am new to splunk, and while I am utilizing the tutorials and help, it seems that I can not get something as simple as a error by IP report to work. I have loaded data into splunk, and I can...
View ArticleOrganize "Searches & Reports" and "User Interface/Views" with subfolder...
Hi,I have quite a big number of searches and views within an app, and manage them within the "searches & Reports" panel of the manager is not very convenient. I would really like to create...
View ArticleSplunk forward on Windows server 2008, Exitcode 4
I'm trying to install the splunk forwarder for Windows server 2008 R2 and I keep getting the same error. The error is:Splunk installer was unable to start Splunk Services. Please make sure you have...
View ArticleCisco Security Suite Summary Map
I'm having issues with the Cisco Security Suite Summary page map. When the map is plotted with results, I'm unable to click the results (a specific CityState) to see the IP addresses. But if I run a...
View ArticleESS error with conf 'oracle' lookup table 'oracle_action_lookup'
Dear expert:When I installed ESS, I found a ERROR on the top of splunk's web.Error 'Could not find all of the specified destination fields in the lookup table.' for conf 'oracle' and lookup table...
View ArticleIs there any way to print reports to PDF on Windows?
I'm evaluating Splunk and have the server running on Windows. I'd like to be able to send emails with PDF results, but this appears to be a linux-only feature.Is there any workaround to this...
View ArticleRename results doesn't work
HiI have a feeling I'm missing something simple here. This is my search:sourcetype="ContributionWebApi" DbQuery=* | chart count by DbQuery And this are my results:...
View ArticleCisco Security Suite/Splunk for Cisco Firewalls
I'm having some trouble with Cisco Security suite and the associated firewalls addons for Splunk. Cisco Security Suite First of all, how does the dashboard define a 'security event' (e.g. Cisco...
View ArticleCisco Security Suite Map issue
I'm having issues with the Cisco Security Suite Summary page map. When the map is plotted with results, I'm unable to click the results (a specific CityState) to see the IP address. But if I run a...
View ArticleHow to monitor clustered Windows boxes?
I was informed this morning that I need to use Splunk to gather logs from individual boxes within a Windows cluster. I initially installed the forwarder on these boxes individually and didn't...
View ArticleShared realtime searches possible?
I have 4 dashboards each of which use 2-3 real time searches.Now watching the dashboards with firebug I can see that all my visualizations call Splunk with the realtime search ID to get the latest data...
View ArticleAutomatically Refresh Dashboard
HiThe xml for my Dashboard consists of multiple chart tags within a dashboard tag. What can I add to it to make the Dashboard automatically refresh? I don't have a view tag to add the refresh parameter...
View ArticleSearchhead Pooling: Failed to lock sentinel.txt while saving/deleting search...
Red banner message in GUI (below) regarding sentinel.txt file lock is preventing updates from the GUI.Error fixing dangling data: Failed to lock /mnt/search_head_pool/etc/apps/sentinel.txt with return...
View ArticleQuestion on shell script for linux
Hi i am new to splunk and recently just setup a forwarder (Ubuntu system) and a indexer (Window 7). Would like to use shell script to forward data to indexer but not too sure how i should code the...
View ArticlePlotting duration on chart
hi,I want to show time taken by a process to complete in seconds on time chart.sample log entries4432 [e0] INFO 2013-04-18 05:58:46.764 TM1.Process Process "TI_1" executed by user "Admin"4432 [e0] INFO...
View ArticlePerfmon:Memory no data even though local performance monitor displaying...
I have a Windows 2003 Server that is able to report memory stats when running the Windows performance monitor locally on the server. Unfortunately I do not see any data in Splunk for memory for this...
View ArticleCan a single forwarder instance can connect to two deployment servers ??
Hi ..I have a Single Universal Fowarder instance running in my machine . i want this forwarder to interact with two different machines , i.e two different deployment servers. i.e as defined in the...
View ArticlePlanning Cluster Total Storage Capacity (when no one peer holds entire...
Hi,I've read several cluster deployment references but still have no clearly answer for one question.I need to store 50 TB of data in a cluster with 30-50 typical peers which have 1-2TB RAID1,10...
View Article[Splunk with satellite link environment - Traffic log ]
I am currently working on a POC where I came across a question:My client has a Satellite communication link between HQ and remote branch, where the main data traffics. I'm worry to generate impact on...
View Article