DBConnect duplicates data
In DBConnect I configured a tailed database input and is working fine. I use a true incremental field to track inserts and updates. But every update is added to the index as duplicated events.Is there...
View ArticledbConnect restore deleted data
I had a database input which was getting data from a table. I had to clean it up so that i can only get a subset of the columns. So I deleted the records on Splunk by doingsourcetype="dbmon..." |...
View ArticleStreamed search execute failed because: User '' could not act as: XXX
Hey, All my users except admin are getting this error: Streamed search execute failed because: User '' could not act as: XXXWith XXX being the user in question. I've checked all the permissions and...
View ArticleLooking for a simple (emphasis on "simple") way to revert to v5 UI...
I REALLY do not like the new v6 UI. It is too kludgy. Too much time-wasting back and forth.I don't like the fact that the general navigation bar is always off the top of the window and that I have to...
View ArticleSpecifying class while reloading deploy-server not working in Splunk 6
/opt/splunk/bin $ /opt/splunk/bin/splunk reload deploy-server -class MyClass An error occurred: Argument "class" is not supported by this handler.Is this still supported in Splunk 6?
View Articlesearch using join command
Hello,I want to combine two different searches and each different field by using join command. However, I always get "No Results" whatever I tried. Please give me some advice.Thank...
View Articleset instance as a forwarder meanwhile an indexer
4 high performance PC server, I want them all to be INDEXERs Logs are uploaded to one of them, not by any FORWARDERI want set 1 server as forwarder, to distribute Logs to the other 3, 1/4 of the logs...
View ArticleRealtime Search backfilling and slowdown
So i am trying to find the bottleneck in our hardware layout as i am running into a lot of slowdown in realtime searches. They can sometime backfill for 2-3 minutes as i dont think my indexers can keep...
View Articlehow to create inpage drilldown in Django framework
Hi, how to create inpage drilldown in django framework.can u plz help me...........
View Articleline break couldn't work - HELP
For below list of data stored in a files, the first line is the fields name and exact data is started on 2nd line.However, after indexed, it merged to a single events instead of multiple events.How...
View ArticleHow to accelerate search in forms?
Is there any way to accelerate searches which are being used in forms. Since,we cannot save form searches as they contain variables, so we need to use searchstring only. So possibly there could be any...
View ArticleClik here to view.
Twitter Connection with REST API Issues
HelloI am trying to get a stream of twitter data for a string to analyze some results. However I have not been able to do that successfully. Here are the two inputs which I tried and issues with each...
View ArticleCombine multiple events for reporting
Hi,I'm using splunk for caching the log and reporting, now I need to query in splunk for user action and generate a report. My case will be showed as followingI had several events in a log like :e1:...
View ArticleDBconnect update data error
I use DBconnect, when I update the data in the database, a fault occurs, the inside of the Splunk display information and database display different.i think it is a bug..In the database.mysql>...
View ArticleSearch consuming large amount of memory
Hi!I would like to share my problem and if possible , request for a solution...I have a saved search that is consisted of 7 different searches and all are concatenated with append.search B [ sub search...
View ArticleTime format? data format? I want to change..OTL..help
I am using the "DB Connect APP." to connect to a MYSQL database and input the data from a table. but, something happened.original data is "2013-12-09 15:38:38",but it looks "1386571823.000" in the...
View ArticleLists of error logs to monitor
Hi!I would like to know if there are lists of logs that splunk itself writes when any kind of system error occurs.I am planning to monitor logs with other software but are there any such thing?Thanks, Yu
View Articlesplunkd crash
Splunkd has crashed a couple of times now. The only thing I see in splunkd.log is some log WARNS eg.12-09-2013 07:55:09.879 +0100 WARN HttpListener - Socket error from 10.101.11.1 02 while accessing...
View ArticleConfiguring Symantec for Splunk app and universal forwarder
Hi there, I've got a couple of issues that I need some help with.I'm trying to set up symantec endpoint app and also trying to set up the universal forwarded on the SEP manager so that it will forward...
View Articledynamic field value extraction
I'm trying to extract a field-value for comparison - in a dynamic fashion. First let me illustrate the problem with some sample data: DataType=2, MaxPower=10, MinPower=3, IdlePower=5 DataType=3,...
View Article