How do I improve loading time of my dashboard with many scheduled searches...
(asking this on behalf of another user)I have one issue while creating dashboards in my app. To improve loading time in dashboard, I am using lookup created from scheduled searches which are running...
View ArticleNeed help with splunk query with aggregation over repeated pattern.
I am trying to construct from my log which logs sla tracking metrics like below: Message="Metric1=11887,Metric2=179544,Metric3=157892,Metric4=61,Metric5=3438"Here's the query I am trying with....
View ArticleUse subsearch to calculate stats as well as provide input to main search
Hello Splunkers - I have phishing data that we would like to report on. I have two sourcetype - clickers (people who clicked on a particular campaign) and recipients (list of people who were sent the...
View ArticleIs it possible to use dedup to grab the oldest events rather than the newest?
I would like to dedup a series of events and save the oldest event for each host. Is it possible to use dedup for that? From what I gather, dedup will use the _time field to decide which events to...
View ArticleAnyone else notice that Splunk 6 univeral forwarder SSL does not work on 32...
Looks like splunk universal forwarder fails to create server.pem on new install. As a result, no communication can occur between Universal Forwarders and Deployment Servers or Receivers.
View ArticleI hope use "if rule same" than difference in time
Hi sir: I have make search language "index=abc reason="login successfully" OR msg="SSL user failed to logged in" | stats count(user) as logincount by user,remote_ip,reason | eval Login_status = if...
View ArticleHow would one use Splunk with Cassandra or other non-relational DB data?
We have a set of applications and infrastructure on the order of thousands of nodes whose statistical, diagnostics, and log information is written to geo distributed Cassandra DB cluster. We have a...
View ArticleC# search does not return all events
Hi,I've installed and am using Splunk C# SDK v1.0. Querying Splunk, I get only part of the events that the same query returns when I place it on the web interface. I've been using the example presented...
View ArticleHow to pass tokens in url using the new web framework
I have built a app using django & js in splunk web framework. The home screen gives running status of servers.On click i should pass that server name to a different view .I know to use it using url...
View ArticleLDAP Authentication Splunk Free broken since update to Splunk 6
Hi. I am currently running Splunk Free. In order to provide some access control, it is proxied through Apache on the same server, with LDAP authentication. This was working perfectly until I updated to...
View ArticleSetup.xml dropdown list
Who knows, how to implment dropdow for setup.xml, i can se in documentation that there is type "list", but here shoud i pupulate values for it?
View ArticleLearning gone wrong
So I have clearly messed up a setting somewhere. Every time I start splunk I get MANY!Done Checking filesystem compatibility... Done Possible typo in stanza [csv-19] in...
View ArticleSaving sub-search to speed up Searching
Hi,I have a number of searches structured where I'm comparing again summary indexes and lookup tables or results I don't want. From the docs my searches are formatted like:index=some_index NOT [search...
View Articlehelp with CSV inputs - utf16-le and header input problems
I have a utf-16 CSV file with a 0xFFFE byte order mark and the csv field names in the first line.I have defined the charset for that input type to be utf-16le, which is fine, however, it extracts the...
View ArticleExtract date from a varying source name
Hi Guys,My log files has events with the time stamp on it, just the time not the date but luckily the source name has the date in it and splunk automatically identifies date from the source name and...
View ArticleTransactions - finding missing event, but problem with ordering
I'm trying to write a simple transaction that looks for redis disconnection errors (python/celery), with the intent to alert if it doesn't reconnect.I thought this would work: transaction host...
View ArticleHosts got deleted from Indexer
Hi, I have 9 hosts (5 windows hosts, 3 linux hosts, 1 AD server(windows)) which forward data to one stand alone splunk instance(search head + indexer). The 3 linux hosts were not sending data to the...
View ArticleMS SQL APP without data
Hi all, I am new here. I just using Splunk App for Microsoft SQL Server but without any data. 1 My splunk server version is 5.0.6 2 windows 2008 server sp2 + MS SQL 2008 server enterprise 3 I followed...
View ArticleAccelerated search results not updating for deleted data
I have some saved accelerated searches that generated graphs that are displayed on some of our reports to alert users of gaps and overlap in summary indexes used to generate the results of their...
View Articlemost frequent eventlogs challenge
Here is the custom event log format:field1 field2 field3 FREE_TEXTHow would one query, say Top 10, FREE_TEXT ignoring first 3 fields which are space separated. FREE_TEXT can be any application level...
View Article