Reload transforms.conf without restarting splunk
Is there a way where I do not have to restart splunk to enable a new indexing? How to reload transforms.conf without restart...Thanks
View ArticleREST API realtime searches with output_mode set to json
Not sure if this has been raised before but I couldn't find anything.curl -k -u admin:changeme https://localhost:8089/services/search/jobs/export -d search="search sourcetype=sometype" -d...
View ArticleSplunk Support Portal
Does anyone know when the Splunk Support Portal is going to be fixed? Been this way all weekend.
View ArticleSpecifying today's date in the source file on a search
Is there a way to specify today's date in the filename of the source on the search? I'm thinking in the same way you would put it in a bash script....
View Articlesourcetype override
I am new to splunk and i am now going to receive syslog from multiple devices on UDP514, so i cant define a specific sourcetype to UDP:514, right? And I installed the Fortigate apps and edited the...
View ArticleSub-search Where a>=b AND a
Am trying write search across two sourcetype so that the customer event value has a multiplier for each day in the from/to date range.For example,sourcetype=CustomerEvent Cust from-date to-date value...
View Articlepassing previous result fields to localize and map
Say I have a search like this, trying to find all the events that occurred on hosts around the some_text event: index=_internal host=host1 OR host=host2 source=splunkd.log some_text | localize | map...
View ArticleMultiline Interleaved Transactions
I have a log file that contains multiple transactions. These transactions can span multiple lines. Since this is a multithreaded application, the transactions recorded for each user is interleaved....
View ArticleSet Default App by Role?
Hello, Is there a way to set default app based on role? I know I can set default app through user-prefs.conf or through the GUI per user; however, this seems a little tedious if users are being mapped...
View ArticleSplunk Enterprise Security on Windows XP Laptop?
Was requested that I do development on my laptop, and to install Splunk ES 2.4 on my laptop (along with Splunk Enterprise 5.02, SideView Utility 1.35). Laptop is on Windows XP SP3 and has only 2 GB of...
View ArticleDB Connect tailing inputs fail after a Splunk restart
Indexer – 2K8R2-64, Splunk 5.0.4, DB Connect 1.0.11, Latest JDK, ojdbc6,Oracle 11 Server – 2K8R2-64The problem is that after a Splunk restart (from manager, CLI, server power button) the tailing inputs...
View ArticleCompare two counter values in time
Hi,I want to write a query to compare performance counter's values over 20 min span where the counter values change more than 1000.Your help is appreciated!
View ArticleREGEX to filter out event records
At the indexer, we are trying to exclude event records from incoming windows logs that have Logon_Type=3.Below is the configuration that we have, but doesn't seem to work. Also, is there a way to test...
View ArticleRSS Feed for Reports
Another question :) I would like to configure RSS feeds for the reports - there are 100s of reports that are beig delivered to multiple folks and becoming problem in order to the size. I can have...
View ArticleCustom search by Date on results pulled from DB
Hello Splunk Community,I am very new to splunk and am currently having a small issue. I have a search query which pulls results from a database, the date field returns an epoch encoded date string...
View ArticleToo many streaming errors to target on cluster
I've got a cluster with three identical indexers. One indexer consistently generates the "Too many streaming errors to target". I've checked the network adapter on the server and there are zero errors...
View ArticleHow to send the matching value in the log file , in the email that we send as...
I had a query in Mind till now I only know that Splunk only sends the count of the events happened during the time duration , is there any way we can send the actual matching content in the email...
View ArticleClik here to view.
Report to show missed schedule searches duo downtime
Hello,i have some scheduled searches. Some run every 5 minutes, some 15 minutes some hourly etc. Some of those searches are there to generate a summary index, a few other to exportcsv to feed it into...
View ArticleChecksum for seekptr didn't match, will re-read entire file Checked with diff
Trying to watch SAP work logs. With some of the development logs, I continually get Checksum for seekptr didn't match, will re-read entire file. Doing a diff on the log files I get an error about the...
View Articlecontrolling access to dashboard and search capability
I think this is a typical Splunk use case wherein, we want to give access to users who can only VIEW dashboards but should not query or issue search commands.I see some documentation on this:...
View Article