Field Extraction (Regex) When Column Is Sometimes Absent
Hi, I'm working on a Regex for field extractions of an alert log. The log has 1 line per alert in the following format:[11/26/2013 9:13:41 AM] Server1 LogTest: /var/log Ok Text Log test [11/26/2013...
View ArticleCombining files
I have different log files .I want to combine these log files into a single file .Is this possible in splunk and if so how to do? Can anyone give me some idea on it
View ArticleSplunk6 EventLog Parsing
I have splunk 6 running on a windows server 2008 r2 domain controller and a spunk 6 forwarder running on windows xp.These are used to read in evt files on xp and evtx on 2008r2. On both machines the...
View ArticleClik here to view.
Web Framework - django and 3dchart - Modifying default chart settings and...
Hi All,I have generated a view in html that uses Django and the all new (and very cool) Web framework.I have some issue to apply custom settings to my chart (actually a discretebar d3chart) using...
View ArticleBar Chart Splunk6
Hi!Is there a way in splunk 6 to change the color of the bar graph based on the search result like in rangemap??Thanks in Advanced! Jarize
View ArticleShare data betwen views
I have 5 views and each of them have date picker, is there any way to share date picker between all views, so when i navigate from one to other, time remain as i selected.
View ArticleClik here to view.
How can you restrict a timechart to display only weekdays?
HiThis has been asked before, over 18 month's ago, and there was no answer to it. http://answers.splunk.com/answers/44743/how-can-you-restrict-timechart-to-display-only-weekdaysHas anyone got any idea...
View ArticleSplunk Cluster Migration - keep legacy data searchable on non-clustered instance
I am planning to migrate from an all-in-one Splunk instance to a Splunk cluster. I am thinking about turning the old all-in-one Splunk instance into a search head in the cluster. So my idea is that the...
View Articlesplunkd keeps on crashing (crashing thread: archivereader)
Hey, i am currently experiencing severe problems with my splunk installation since splunkd repeatedly crashes right after starting splunk. Here's the output of the respective log file:[build 182037]...
View ArticleLog directly to Splunk with log4j
Hi, I'm doing some testing on how to use Splunk the best possible way. I have fallen in love with the method of using the Rest API and log4j, since it doesn't require any forwarder or anything to be...
View ArticleEvent filter
Hi to minimize the size of a index I would like to filter events for status 200This is my config files:inputs.conf [monitor://C:Logs*.log] disabled = false followTail = 0 host = CACA index = basura...
View Articleis there an equivalent to the back button in a search
sometimes I click on something I didn't mean to and it leaves the search results I was looking at. How do I get back to where I was?Thanks,
View ArticleTransaction and Duration
Hi all!Does transaction calculate duration per "transaction" or from the first event in the transaction to the last event in the last transaction (active - #1 to Inactive - #2)? I need to average the...
View ArticleSplunk SSO change - no longer works.
Hey Everyone. Been running splunk behind an apache proxy with NTLM for awhile. (Same host). Today, I decided to move the apache proxy to a different server, and use SAML2.0 as the authentication...
View ArticleField Extraction for Values with random keys
HiI am trying to extract a field named session_id (I have highlighted the fields in bold) from a log file, but there is no consistency with the position of the session_id. The only constant is the...
View ArticleHigh RAM usage on Splunk Indexer
At times I have seen users run searches like index=* and let it run, (this user only has restricted access to 3 indexes of our 35 total), this search take up to 7GB of RAM on the Splunk Indexer.How can...
View ArticleCan you go back to the previous query?
I was wondering if any thought was ever given to having a query back button similar to the browser back button but restoring state to the results of the previous query? The use case mentioned to me –...
View ArticleUpgrade to 5.x, some of my existing searches are taking longer to return...
After upgrading to 5.x, I noticed that some of my searches are taking a longer time to return results than prior. Search performance has slowed down and not as many scheduled searches are running on...
View ArticleCumulate counts in timechart for sw-rollout
Hi,I'm looking for a function to cumulate values in a timechart, so I can see a real-time development of a software roll-out - distincted by a UID. The result should look as a ramp.My search string...
View ArticleIs there a document about making a Syslog message stream "Splunk-friendly"?
I am responsible for an "agent" that sends Syslog messages to a variety of SIEMs and similar software. I have based on trial-and-error introduced some options that seem to make it more...
View Article