Deployment client (occasionaly) fails to restart after removing app via...
All Servers are - windows 2008 R2 on virtualized hardware. All Splunk components running - Splunk: 5.0.3It appears that when you remove a well defined App (contains both the local.meta and app.conf),...
View ArticleFails to install Stormforwarder
For this step in the Stormforwarder: $SPLUNK_HOME/bin/splunk install app <path>/stormforwarder_<project_id>.spl -auth admin:changemeIt fails to install....
View ArticleFireEye and Syslog Server
Is it possible to use the FireEye Splunk app with the following configuration:FireEye sending data to a syslog server in XML format. Universal forwarder on syslog server monitors file and sends data to...
View Articlemultiple deployment servers - checksum mismatch among instances of apps
we have 3 deployment servers (DS1,DS2,DS3) in our splunk instance. DS2 and DS3 are deployment clients of the deployment server on DS1 to provide for synchronization of deployment-apps.From a...
View ArticleNormalize data from Window
I am pretty new to Splunk. I am collecting performance data from a Windows Server and this data will be input to Splunk enterprise running on Linux. This data from Windows needs to be normalized? Why?...
View ArticleIs 1w ago the same as this week in the timewrap app?
In the timewrap app. is 1week ago the same as current week? at least i think so if i look at the log data that feeds timewrap. Maby it should say "current week" then instead of 1w ago
View ArticleHow I visualize my data mentioned
Hello ExpertsMy script written in perl is returning output in following format12/5/13 4:10:05.000 AM SERVER INBUFFER OUTBUFFER Server9J 6 0 Server3 0 0 Server1 6 0 Server4 0 0 Now I wanted to visualize...
View ArticleSafest way to upgrade a deployment server?
What is the safest way to upgrade an deployment server which has a large number of clients?I just tried an upgrade our deployment server from v5.0.4 to v6.0 and due to an issue with tenants.conf (an...
View ArticleHow to use $ symbol in a view
Hi,How to escape/ or use $ symbol from (?PERRORs-s[^nr]+?(?=s[0-9]|$|[nr])) regex which is in below viewView : <module name="URLLoader" layoutPanel="panel_row1_col1" group="Details"...
View ArticleWeblog add-in not finding the AWS s3 sourcetype
I have search on the s3 logs working, and Weblog add-in can find the source, but the sourcetype dialogue is empty when trying to add a new field extraction (first time for sourcetype).
View ArticleHow to Chart Average of Last 4 Thursdays vs Today in a Timechart?
ok well replace Thursday with whatever "today" is. I am looking to track my bandwidth today with a timechart that also has the average of the last 4 "todays". There are some searches in the ES app that...
View ArticleError Spamming Splunkd.log Error Process_Search
I'm getting the following spammed hundreds of thousands of time in my log splunkd.log fileERROR ProcessDispatchedSearch - PROCESS_SEARCH - Error opening C:\Program...
View ArticleMerging results from two different searches in one fill chart
My company is currently trying to archive a large amount of older files; however, new files are coming in daily. We would like to know our percentage of files that have been archived is versus the...
View ArticleList of properties aggregated by event
Hi there, I am new to Splunk. I have data with the following structure, where each entry has an event name and a variable list of properties associated with that event: {event=eventA,...
View ArticleIssue with Hortonworks Yarn Sandbox (HDP 2) and Hunk
It seems that HDP 2 Sandbox from Hortonworks does not work as it is with Hunk running on it. The data preview stuff works perfectly fine but Hunk gives you error when you want to run Mapreduce jobs...
View ArticleInstallation error
I am a domain admin and during installation I chose "other user" and enter a domain admin login and credentials. Error reads, "please re-launch the installer as an Administrator"
View ArticleSplunkforSymantec installation question
The documentation for SplunkforSymantec state:After downloading the app and going through the set up process, you still need to install either the Symantec 11 Technology Add-on or Symantec 12...
View ArticleHow to troubleshoot Syslog-ng -> Splunk issue?
Hello,My Splunk installation is configured to ingest data from many different sources. Approximately half of the sources are direct (device -> Splunk) and the other half are indexed from a syslog-ng...
View ArticleSplunk6 Django app -- Importing SQLite
Hey Splunk Gurus, I'm writing a Splunk 6 app, and need the ability to persist settings. I did a simple mock-up writing/reading JSON to a file, but now I want to use SQLite. The problem comes when I go...
View ArticleSplunk is getting confused Australian Timestamps thinking its US when Days...
*Please Note: This works fine with Splunk V4 but not Splunk V6.*If the day of the month is below the 10th digit as the DD of a timestamp splunk will assume the date to be in US format (MM/DD/YYYY),...
View Article