Line breaks in log vary depending on job - How to break with props.conf?
I haven't seen an example of this so far so I'm going to ask.I have Backup Exec 10. There is a daily job and and then a WEEKLY job I have scheduled. The thing is, doesn't matter what the job is, the...
View ArticleSetting host to hostname vs IP address
I have different devices sending data via syslog. Current Stanza Example:[udp//IP:PORT] host = hostname sourcetype = syslog However, events still show up as host = ip address. Is there another place to...
View ArticleHow can I alter the searches being executed by *NIX app?
Based on other questions submited, it looks like I might be able to change the inputs.conf file but need to make sure.what I want to do is limit the data pulled in on 'top' & 'ps'. I want to add "...
View Articlerealtime searches canceled
I keep getting a message on top of my search app, that says:"The running job "rt_1367002880.1350" was canceled or remotely expired"I assume that this is because there was a realtime search that kept...
View ArticlePRINT AND SAVE AS PDF SKIPS HALF THE OUTPUT
Hi I have a Splunk App and I want to create a link so that I can export my Splunk dashboard in advanced XML to a pdf file. But when I am using the print option in Splunk inbuilt , I am not able to...
View ArticleIs there a way to backup/export a dashboard
I have a couple of dashboards that I want to migrate from one splunk instance to another.Is there an easy way to backup/export a dashboard and recover/import it again?
View ArticleExtract Field URL
How to do rex to extract field URL eg.: http://www.gnookcooki.com.br1366974288.183 102 178.19.3.199 TCP_REFRESH_HIT/200 174 GET http://www.gnookcooki.com.br/images/hat_orange_big.gif teste@teste.com...
View Articlesplunk for facebook app error "Access denied"
Hi, after placing the app in the directory, I tried to make it work with the Facebook login. It creates the app in facebook and apparently authorize the app but after thata I always get a blank screen...
View ArticleProcess to create a certificate using Microsoft Certificate Services locally...
We have a Splunk installation which when opening in the browser we get a certificate error, what is the process to prevent the certificate error if we create a certificate using Microsoft Certificate...
View ArticleCan SideView Search module wait for submit button?
I'm using sideview utils to dynamically populate dropdown boxes when I load a view. The first second box will update based on the value of the chosen for the first dropdown box. However, I don't want...
View ArticleMSI DEPLOYMENT_SERVER Flag not working
Hello I am trying create an completly unattended installation and the DEPLOYMENT_SERVER flag doesn't seem to generate a deploymentclient.conf. All other flags seem to work just fine. Below are the...
View ArticleUsing report-acceleartion/summary-indexing for searches on extracted KPIs
Hi there!I am trying to extract certain values (KPIs) into a separated 'area' (now trying a summary index) to be able to do quick searches on them. The daily indexing amount is huge and comes from only...
View ArticleIs there a way to find out how each of the search commands work?
Is there a way finding how each of the search commands works? I mean to see the code? For example, can I know how the convert commands works and edit it for my certain requirement?
View ArticleClik here to view.
unable to use $foo$ value containing xml, in html module
I have a xml field in a table, when the user click on a row, I want him to see the xml field in a HTML Module... but there is something in the XML that prevent this to work, even when using...
View Articlescrub IP only
I'm tasked to provide apache logs to a third party for their analysis, but the IPs must be replaced to hide the browsers' identity. Sounds like a simple splunk job: select, piped through scrub, then...
View ArticleCan We add diffrent search timing
Hi,Is it possible to run the same search with diffrent search time?My requirement to have the count of transaction for particular hour in last 5 weeks , report looks as below:Tran Type 25/Apr/13 07.00...
View ArticleDBConnect, DBx, Database Connect JDBC.log errors.
I've setup a database connect input, but it keeps failing with a "table or view doesn't exist" message. I am using the same user and password and I can see the table when I login viaOracle Developer...
View ArticleBar Chart Scale
I have a search that is showing 18 results over 30 days. on the days that I find results I get either one or 2 count. Yet when I show this on a bar chart I get a scale across the bottom in _time and a...
View ArticleMultiline field extractions
I have an event which looks like this"USERNAME HOME_DIR USER_INFO root /root root ec2-user /home/ec2-user EC2 Default User test_user1 /home/test_user1 Testing User test.user2 /home/test.user2 Test User...
View Article