Managing a growing serverclass.conf
We're using Splunk's deployment server to simplify inputs.conf/app configurations on our Universal Forwarders.We're adding more servers to out environment, and the serverclass.conf file on our...
View ArticleCloudTrail data not showing in Splunk
I'm using Splunk 6 with the Splunk for AWS app and trying to configure it to show CloudTrail data. I've created the SNS topic and SQS queue and can see messages in the queue but nothing is coming over...
View ArticleBlank Forwarder Management page on Splunk 6
I was using the Forwarder Management page just fine, and at some point found the page had gone blank. Any ideas? I am seeing the nav panel on the top and the About, Support, File a Bug, Documentation,...
View ArticleDeployment server - deleting apps- determine on client which apps have EVER...
How can i determine if an app has ever been managed or is being managed?I added a deploymentclient.conf to a dev HWF server and created serverclass etc on DS with only one test app. The deployment...
View ArticleClik here to view.
Displaying two visualizations in one dashboard panel
All,I have a dashboard panel that I want to display two visualizations on. The first is a stacked area graph that displays the amount of time spent processing in browser vs network vs server. The...
View ArticleDeployment client (occasionaly) fails to restart after removing app via...
All Servers are - windows 2008 R2 on virtualized hardware. All Splunk components running - Splunk: 5.0.3It appears that when you remove a well defined App (contains both the local.meta and app.conf),...
View ArticleGrouping Alert objects
Is there a way to group and show all alerts as a dropdown. I can create a group of Saved Reports the following way ... <collection label="Saved Searches"> <saved source="unclassified" />...
View Articlehow to display more entries from history
hi, how can I display the last 20 or so of my previous searches in the web gui?Thanks,
View ArticleSource Time Zone Searching
I'm not sure if this is possible, but I'm trying to figure out if there is a way to see what the unadjusted original time stamp was on an event. I'm trying to search across global time zones (CST, PST,...
View ArticleSplunk Search and Iterate over a log
Can I do the following in Splunk:Search for a line using a query.Iterate from that line onwards in the log.search source=log.txt "search value"log.txt Line 1 Line 2 Line 3 "search value" Line 4 Line 5I...
View ArticleCreation of deployment app folder through GUI
Hi,to create app in deployment-app folder we have to create folder and files manually.Is there any other way through GUI, we can achieve this ?
View Article| pivot and eval
Hi there,is there any way to combine table creation using an eval expression in combination with the accelerated pivot command?What i am looking for is a query similar to this, which, unfortunately,...
View ArticleExtract information via regex
Hi guys,I need some help to split the field below:xyu_0987|123456:123456|123456:123456,before the first pipeline(xyz_9807) displays the information about one rule; after the first...
View ArticleSplunk App for VMware
Is there any timeline on when the Splunk app for VMware might be compatible with version 6?
View ArticleDuplicating events on .txt log file
HiWe have a Windows machine that writes events on a log with the .txt extension, monitored by the Splunk Universal Forwarder (monitor stanza). Every time the file changes, Splunk re-read it all and...
View ArticleSame page drilldown, Splunk 6 Simple Xml
Hi,I am looking for options to do a drilldown from a table in one panel to another panel in the same page. I am using Splunk 6 simple xml.Panel 1 - Table shows list of all the transactions Panel 2 -...
View ArticleSupport Portal Error
In the QueryString (url) it says https://na2.salesforce.com/_nc_external/identity/saml/SamlError?ErrorCode=23&ErrorDescription=Invalid+contactLogin Error Your login attempt using single sign-on...
View ArticleHow exactly does upload file for one shot indexing work?
I am clear of steps needed for uploading a .tar file but I have a question about how does it work. Splunk indexes the file eventually and stores it in the database which isn't easily human readable....
View Articlemultiple search in a single graph
I am trying to display the below mentioned search using append command in a single graph index=rxconnect method =process |timechart span =1m avg(responsetime) by method append[index=rxconnect method...
View ArticleWhat sourcetype should be used input MySQL data
I am using the DB Connect app to connect to a MYSQL database and input the data from a table. What sourcetype should I use for MySQL data in the Database Input:dbmon:kvdbmon:mkvor some other?Also the...
View Article