PDF rendering leaves big gaps
Hi, I've got a pretty large dashboard which is split up into 4 sections. Each section looks like this:1st Row : Title 2nd Row : Left - Single Value | Right - Single Value 3rd Row : Column chart 4th Row...
View Articlewget and upload
dear all, how do I use wget command to post event or upload a file into splunk? for some reason, the host is not allowed to install any program, even splunk forwarder.Thanks & Regards,
View ArticleReal-time search
Hi,If a search is scheduled with a start and end of "rt" - what does that mean? Does the job ever end? Does it get re-run every xx seconds? What data would they get? How does it affect other jobs?...
View ArticleSideView Utils - Automatically drilldown on first row in Table Module
I have a dashboard that uses the Search Module ---> Table Module ---> Gate Module. The Gate module transports tokens to another Gate Module that sits idle waiting for the 'row.fields.ext_refid'...
View ArticleSomething like ResultsHeader in simple-xml
In advanced xml I was using a lot the ResultsHeader module, amongst others it is showing nicely the "earliest" and "latest" in human readable format. How could I reproduce something like that in simple...
View ArticleSwitch off all warning message by removing capability
Hi, I am using splunk 5. When viewing splunk, user with admin role will see warning message bars on the top. On the other hand, non admin users won't see it at all. What's the capability I can...
View ArticleCorrelate data from two sources
We have two separate logs for errors from different programs. I am currently running two separate searches: source="*bsf0003.stdout" "error" sample of data: [12/04/13 14:13:37:150]...
View ArticleWebknight Field Extractions and Header Exclusions
If anybody uses WebKnight ISAPA filter in your environment you will probably have spotted that the log file formal can take a bit of cajoling to import neatly.As I spent a few long hours getting the...
View ArticleSearch to find higher that expected volume from a UF
I have a very simple question. I’m using one of the Deployment application search’s, which shows hosts with higher than expected volumes. I would like for the search to only show the instances where...
View ArticleInline table query terms escapes quotes in email alert
Below is a snippet of the query terms in an email alert with an inline table. The Query Terms has the quotes escaped. When a user tries to copy and paste the search into Splunk, it always fails. I do...
View ArticleMissing icons for Splunk App for Active Directory
I was able to install "Splunk_for_ActiveDirectory-1.2.1-172679.tgz" using the Splunk Web but icons seems to be missing in the launcher home page and from within the app. The texts are there but not the...
View ArticleXML Input / first character is missing
Hi together,I'am trying to get some XML input into Splunk, but everytime the first character ("<") is missing. Due to this, Splunk cannot read XML correctly: (on two different sources)from...
View ArticleERROR DispatchThread - Error reading runtime settings: File does not exist -...
I upgraded from Splunk Enterprise 5.0.5 to 6.0 and this error is showing in logs. Is it anything to worry about ?file : splunkd.log 10-04-2013 12:40:29.441 +0100 ERROR DispatchThread - Error reading...
View ArticleSplunk App for Exchange
Current Exchange environment:3 node DAG Exchange 2013 Server 2012My issue:I have started off with only installing the Exchange TAs on the passive node in the DAG which has a copy of all databases. Once...
View ArticlePerformance Monitoring not working on windows app?
Hey everyone. I have deployed the most recent windows app to my search heads, indexers, and the TA to all of our windows server (all windows 2008 server). In the TA I have added a local/inputs.conf...
View ArticleShowing error message when using Generating Streaming Custom Search Command
I currently have a custom search command that works fine and returns results back to Splunk as desired. However, when calling out exceptions (say the python script encounters an unexpected error), I...
View ArticleSplunk 6 with Splunk for Unix Add-on: Setup Dashboard goes 404 not found
New to splunk... getting to know my way around.Installed the Splunk for Unix Add-on App, but the Dashboard doesnt work. Navigating to the Dashboard Setup gets you a 404 error.The app is collecting...
View Articlerealtime dashboard monitoring for a different timezone
My realtime dashboard on splunk head has an option to select which country will the source be coming. Example is when i clicked Brazil, the realtime search on the splunk head is still using my...
View ArticleConditional Join/Subsearch
So I have two log sources-- one that stores values X and Y together in the same index, and the second which stores value X in one index and value Y in another. I need to figure out a way to have Splunk...
View ArticleError: "[EventsViewer module] local variable 'rs' referenced before assignment"
What on earth does that mean?!It occurred when I finalised a search which appeared to have stalled, possibly because the server was under other load.
View Article