Splunk DB Connect MS SQL DB - Connection refused
I am getting the following error while I am tring to connect Microsoft SQL database,Encountered the following error while trying to update: In handler 'dbx-databases': Error connecting to database:...
View ArticleDB Connect not parsing timestamp properly
Hi ir-respective of what timestamp is present in timestamp column of my Oracle DB, the timestamp in the event is replaced to "1970-01-01 00:59:59".In oracle DB the timestamp column contains data like...
View ArticleSplunk DB Connect - dbquery inline search and time filtering not working
Hi all,I am currently working on various Dashboards for my company, for some of them i need to request data from local databases using DB Connect (data are nmon monitoring of AIX Lpar).As i am using...
View ArticleWhy are forwarders refusing connections to my indexers and my indexing...
The total indexing throughput per indexer was reduced significantly after upgrading to 5.0 or 5.1 from 4.3.x. Splunk is spending considerable amounts of CPU time on service_maxSizes. Due to this issue,...
View ArticlePalo Alto App - Traffic Dashboard
I have a question about a query within the Palo Alto App. As shipped the app displays total traffic grouped by egress and ingress interfaces. I just want to see the total egress traffic and the total...
View ArticleConnect to another server via ODBC
We are attempting to integrate a QuickFill (QF) database with Splunk for reporting purposes; by default QF prefers ODBC for database connections. Our QF database lives on one server while the Splunk...
View ArticleIssue with Summary Indexing, saved searches runs fine but summary index data...
I have a set of 10 saved searches which are doing summary indexing. These searches are running every minute. All the searches run fine and returns data when runs manually. They also return data when...
View ArticleConvert a string into a number
I extracted some values into a field using the field extractor and now I need to convert it into a number to use sum() and avg(). It seems that this field's values is being recognized by Splunk as a...
View ArticleES (Enterprise Security) | Correlation Searches | Cannot Remove
Hi - Am having problems removing a "correlation search". Have tried this via the SE UI from inside the editor and within the "correlation searches" list/page. Can't find a delete or remove button or...
View Articleevents are broken in the middle of the line
I am monitoring with a forwarder logs file that are being written. And sometimes the events indexed are broken in multiple events in the middle of the line :example : Thu Sep 19 17:13:32 PDT 2013...
View ArticleSimple Form not displaying results in form
Below is the xml for my form, once the search is executed, the results are not getting displayed in the form:<form> <label>Username</label> <searchtemplate>index="beast_db"...
View ArticleReference to web.conf in login.html
Below is my web.conf [settings] serverName = lower_environment_3 I want to display the above serverName detail in login page. Tried this way and it doesn't workhostName =...
View Articlewindows Event filtering
HiWe are trying to discard some noisy events from a windows server with specific event ID and wanted to do this from index server(not from forwarder).we are not sure if we can use the conditional...
View Articlecharacter limit on text boxes?
Is there a character limit for input into freeform textboxes in dashboards? I've entered tens of thousands of characters without apparent truncation, but I'm not sure how it's implemented on the back...
View ArticleDBTail issue.
HelloI am trying to us dbtail to get a query working and its not working. The rising column name is modifiedTime. I dont know where the mistake is. Any help please. SELECT...
View ArticleAny way to fix incorrect line break without reindex?
A line breaking RegEx change was mistakenly made to one of our sourcetype. We caught the error a few hours later but now we ended up with multiple events indexed as one. We have since fixed the RegEx...
View Articlesearch field for many values
I need a search which returns events where a specific field contains any one of many values. Typically this is done with the "OR" logical operator. However, I need to search for thousands of values...
View ArticleHow long does Deployment Client continues to poll to Deployment Server ?
Hi Splunkers, I'm considering about the configuration of Deployment Server (and Client). How long does Deployment Client continues to poll to Deployment Server when we stop the deployment server or get...
View ArticleExpand json messages by default
We have json data being fed into splunk. How can I instruct Splunk to show me the JSON object expanded by default. If default expansion is not possible can I query such that the results are expanded....
View ArticleLook up table question
Hi, We have a filed called BOTs which extracts all the legitimate BOTs (which have +http://.... in the user agent). I want to add the other BOTs into the same field which does not follow the standard...
View Article