twitter spluk
please tell me which symbol we should use for seperation and there is another box for confirm password which password we should use for confirmation..please reply me as soon as possible.
View ArticleRegex error
I am trying to validate that the user has entered their phone number in this format (555) 555-5555. I keep getting this error: Unmatched ) in regex; marked by <-- HERE in m/[([0-9]) <-- HERE...
View Articletesting new regex
Before really putting my custom regex in transforms.conf, is there a quick way to test and debug it?
View ArticleCan I format a table in reverse (field headings by row, not by columns)?
I have a number of fields formatted into a table. For example: results | stats count(results) as Field1, stats count(results) as Field2, stats count(results) as Field3This will display two rows, with...
View ArticleRemoving Sites
This is a great app ... But I need to know how to remove sites from monitoring.I have one I mistyped and another one I do not need to monitor any longer. No matter what I do, the sites that are no...
View ArticleColor in a table based on cell values on 6.0
Does anybody know how to configure the necessary .js and .css in an app to color the backgrounds of cells in a table based on their values?I found this great question/answer for coloring in cell...
View ArticleCan I use summary index in Hunk environment for report performance improvement?
Hi,Running a same search in Hunk to get a report in a dashboard is slow. I would like to use summary indexing by gathering calculated results from data in HDFS.To store pre-calculated result, what...
View ArticleOutlook Launch Time query issue
We are currently using Event 45 to calculate the average load for Outlook: Microsoft KB & Sample DataWhat we have for a search is this using Splunk 6: index=win_desk EventCode=45...
View ArticleClik here to view.
Native Chart Format Limitations
I'm trying to build a timechart (line graph) over 13 years using a 12 month span.My search to generate the visualisation looks like this:sourcetype="ec_com_donations_CSV"| bin _time span=12mon|...
View Articleerex or IFE with comma
How do I use the IFA or even better erex and specify mutiple values that contain a comma? I've tried putting them in quotes etc but doesn't seem to work.I really just trying to extract a date from our...
View ArticleSplunk web not loading unless specify port 8000, now going down all together
So I'm very much not an export on these things, but I think something has gone horribly wrong with my ports....about a week ago my splunk we stopped loading unless I explicitly specified the port in...
View ArticleAdding results, fields from two different queries
I have two completely different queries which of them output fields like belowThe output of the fields will be just one valueQuery 1 - ...|table total1 Query 2 - ...|table total2 Now I want to add...
View ArticleSA-ldapsearch issue?
I am working to set up a POC of Splunk with Active Directory, and so far have the UF installed on one DC. Data is coming in, lots of data in fact, and everything seems to be working except for some of...
View ArticleYou are low in disk space on partition "/opt/splunk/var/lib/splunk/audit/db"....
I am getting this message on my indexer and search head.First i set 5000Mb after getting this error i set this to 2000mb and some days same message seeing .I want to know what is mean of this ? Where...
View ArticleUnable to modify props.conf
Hi, When I am trying to modify props.conf in the local directory of my app, "Please check whether the file i opened in another program" dialog box is displaying. I tried restarting the splunk services...
View Articledata input from directory
Hi, I only have the option to add Data Inputs from single file. how do i load a directory full of logs?
View ArticleSplunk not receiving data from Universal Forwarder
In our splunk deployment, we have about 100 universal forwarders installed on PCs and forward data to a splunk server (port: 998) that will further forward the data to another splunk server. The...
View ArticleThe logs I'm searching do not contain a key - value format
I have log files that do not have a key - value format. The first part of each event is like this: 2013/11/25-17:09:08[32:31.928] however there is nothing in the log file setting this as "time" event....
View Articlesearch ends at 31.10.2013
Hi,i have an issue with the splunk search. Here is my query:host=secmailstd1 | eval tempQueue=coalesce(queue_id,amavisQueue) | transaction tempQueue | eval filterstatus=case(amavisStatus="Passed CLEAN...
View ArticleSplunk Light Forwarder - Maximum file size for a monitored file?
Hi, We have a splunk light forwarder monitoring a file that grows in excess of 5GB a day before rolling over. The roll over threshold cannot be changed. Splunk is having issues indexing this file and...
View Article