Host attribute for com.splunk.Index.upload in java SDK
Is there a way to pass host attribute value for oneshot upload in java sdk for splunk?The example on splunk documentation shows that valid parameters for oneshot upload include both host_regex and...
View Articlechanging fishbucket location
Is there a way to manually define the location of the fishbucket directory? We want to put this on a share where two clustered forwarders can assess it.
View ArticleReduce fishbucket size
Hello folks, My forwarders monitor several thousand oracle logs daily that rotate out at a high frequency. As such, my fishbucket index is growing at a steady pace. Currently it sits at 200MB+ on my...
View ArticleSplunk Cisco IPS App - no data being pulled?
We are currently attempting to use the Splunk for Cisco IPS App (http://apps.splunk.com/app/528/) to pull data from our IPS devices into Splunk. However, we have run into the following problem: while...
View ArticleWhy is Universal Forwarder not forwarding? Standard install and all default...
My installation of the Spunk is right out of the box, standard. I followed all the documentation to the letter, used all recommended settings, groups, names, ports, etc.In the Splunk interface I...
View ArticleClik here to view.
V6 free splash page display bug
Demonstrated below:Black text on dark grey background - totally useless from an accessibility perspective. What happened to the clean crisp, visible, and functional displays of previous versions?The...
View ArticlePorts between splunk and universal forwarder
Which ports need to be open between splunk and universal forwarder for remote windows data monitoring. I want to push my logs from a apache server where splunk forwarder has been installed to another...
View ArticleUsing result of one search in another reach
I have two logs:Log 1: 12/5/13 3:29:14.000 peter is a dog 12/5/13 3:30:14.000 paul is a catLog 2: 12/5/13 3:30:14.000 Name:peter 12/5/13 3:29:14.000 Name:maryI want to extract the field Name from Log2...
View ArticleBest practice to give deployment server detail in universal forwarders
Hi,In my enterprise I am adding 50+ universal forwarders. But give deployment server information what is best practice. Give DS details at Universal forwarder installation time or adding...
View ArticleCant search real time and last 15 min on search head
Hi Newbie here,I setup a distributed search,and it successfully run, but when i search realtime (realtime 5min or 30mins) on search head it didnt show any results, i changed it to last 15 mins but no...
View ArticleDBconnect update error
I use DBconnect, when I update the data in the database, a fault occurs, the inside of the Splunk display information and database display different.In the database.mysql> update updatetest set...
View ArticleAutomatically source is getting deleted after 24 hours
I added source file (.csv file) to splunk using below command,./splunk add oneshot /root/project/2003.csv –sourcetype sfpdI can see that 1,50,902 events got indexed.But exactly after one day, all...
View ArticleTimeRangePicker times in nested HiddenSearch - how?
I had a simple XML Dashboard form with a company dropdown and a time range<?xml version="1.0" encoding="UTF-8"?> <form> <label>Excel Export dashboard Simple 2</label>...
View ArticleDB Connect Rising Column
Hi Everyone,Im having a problem right now ,tail in db connect is not working, Does the rising_column needs to be unique ? Please Help..Thanks in Advance, xisura
View ArticleRunning one part of search if first part is true?
Hi guys, just a quick and hopefully simple question. Trying to figure out how to do this if possible but can't seem to figure it out. Im running a search which returns how much splunk has currently...
View ArticleEvaluate json boolean value with if statement
Hi all, I am trying to run this simple search:SourceType=FooMonitoring |eval isSuccess=if(Test.TestIsSuccessful=="true","Yes","No") | table isSuccess Test.TestIsSuccessful I am getting the following...
View ArticleSaved search deleting older records from Summary Index
A very strange behaviour has occurred, we have defined a saved search that gets stored into its own Summary Index, below is the saved index stanza we have defined,[Unique GroupId Type]...
View ArticleWhy is Dashboard Performance So Bad?
I've got a few lengthy dashboard load times that I'm trying to improve. Short of professional services, I'd like to poll the Answers audience for performance improvement suggestions. Is a 30+ second...
View ArticleEvents Being Passed to Custom Commands More Than Once
I've been working with custom commands for a while, and I've noticed some weird behavior regarding how events are passed into commands. It is my understanding that regardless of whether a command is...
View ArticleHow can I monitor resource of VMs on Openstack by Splunk?
I would like to get resource information of Virtual Machine on Openstack? Has anybody ever tried this? I am not sure how can I get such information from Openstack. It may be done by API or command...
View Article