DATETIME field error
I am using the DB Connect app to connect to a MYSQL database and input the data from a table.the datetime fields in the MySQL data like "2013-09-24 21:31:13" appear as "1385819882.000" in Splunk.How...
View Articledynamic rex pattern
I'm trying to use rex to extract a value from an event.In order to avoid writing out the pattern too many times, I have decided to place the pattern inside a macro with a specified argument passed...
View ArticleHow do I make transaction if the start_time and end_time fields has time value?
Hello,Let me ask this simple question. I have following two fields; start_time and end_time. I would like to calculate the duration time by using these two fields. In my understanding, if I want to use...
View ArticleQuestion on accounting for blank fields in datamodel objects for pivots
I have the data indexed in splunk from a zipped up csv file and then created a Root Event in Data Models based on the sourcetype for the indexed data. But when I create a pivot I lose the count on...
View ArticleNeed Help With Simple NOT Search
I can't beleive I'm coming to Answers to ask this as I've done it many times before but I must be missing something that I'm hoping you can help me find.I have a list of events by user and date and I...
View Articledata need to control citrix users and sessions only
HI I setup trial splunk and app for citrix. The only thing i want to control overtime is how many concurrent users and sessions i have at a given time. I'm getting a lot of data (cpu , memory etc etc),...
View ArticleClustering and reassigning primaries issue
We have 2 peers that each forwarder load balances between so there is roughly 50% of the primary data on each one. The load on the peers is thus evenly spread. The replciation factor of 2 so each peer...
View Articlewhat is means of field "Pause indexing if free disk space (in MB) falls...
Hi,Please explain meaning and use of field "Pause indexing if free disk space (in MB) falls below" under General Setting?Where this free space are used ?
View ArticleHigh cpu usage on splunk forwarder
Hi,I've installed splunk and configured it as a forwarder on one of our windows DC/file server last week and has been experiencing high cpu usage as reported by our administrator..we had to disable...
View Articlejoin two event logs between two specific times
I have two indexes that I have successfully joined, they are indexA and indexB. There is a field in the resulting (joined) event FieldC. I have another index, indexY with FieldD. I need to join this...
View ArticleApp shipping with default directory deployed from DS
I have deployment client with same app with a local folder with some extra artifacts that is not present in the DS copy....the checksum mismatches but when its redeployed i still am able to see the...
View ArticleIndex not getting the whole log
Hi Everyone,I have a problem in indexing of logs. After i search by the source i found out that its not getting the whole content of the log file sample search => index="test" source="sourcepath". I...
View ArticleWhy is lsof_sos.sh not returning any data?
We have just deployed TA-sos to all search heads and indexers. Both inputs (ps_sos.sh and lsof_sos.sh) are enabled, but no lsof_sos source data is being received. Running the script manually, it...
View ArticleWeb Page hit count
Hi all,I am very new to Splunk.I need to get web page hit count and unique machines. I managed to create dashboard to show hit count per day within 30 days. I would like to add total hits and unique...
View Articlehow can I set $SPLUNK_HOME remotely?
Hi guysI am trying to deploy an app that contains a scripts that uses the variable $SPLUNK_HOME the issue comes when $SPLUNK_HOME is different on several servers, or even the variable has not been set...
View ArticleSplunk 6, not able to change sourcetype property (props.conf and...
This has frustrated me for 2 days now. What I want to do is that to monitor a folder containing multiple files and want to exclude first line of each file which has file header. To do so, I want to...
View Articlesourcetypes not working in Okta app
I just installed the new Splunk app for Okta. Everything seems to be working fine, except that I cannot query anything based on sourcetype alone. For example: a query for "sourcetype=okta:sso" does not...
View Articleextract multi lines fields
We are logging the following application network statistics. I want to be able to index the data into splunk so we can generate reports on it.The First line consists of the following fields: timestamp,...
View ArticleHow to Upload a dynamic CSV file into SPLUNK
Hi,I have a CSV file which is dynamically updated by a Macro (every 7 mins). This csv file is used as a inputlookup to search a list of domains in SPLUNK. Currently, if I have to update the csv file in...
View ArticleWe need to know does splunk have sales office in india
Hi Team,I would like to know does Splunk have an office in India, if yes, we need someone to contact us, we have one of customer wanting to buy the Splunk SIEM solution.Immediate response to this query...
View Article