Accelerating searches over data with millions of logs
Hi,Each day I receive millions of events of type "video_view". These logs are taken for hundreds of thousands of videos.index="main" action="video" | stats count as views by video_name | sort -views |...
View ArticleIgnore automatic lookup just for a search
Hi!do you think if there's a way to say Splunk to ignore automatic lookups just for a search? I'm configuring some custom reports on a Splunk installation with ES and PCI Apps. Those apps do an...
View ArticleRealtime Cached Charts In Web Framework
I have caching turned on for my searches within a dashboard using Django and Web Framework and when I switched my time picker to realtime within an amount less than the cache time, it appears to...
View Articleuser is not able to delete alert
What capabilities are needed for a user to delete alerts created by himself?At the moment it is not possible on our system, no error is given to the user when he selects delete but nothing happens.
View ArticleSpecifying class while reloading deploy-server not working in Splunk 6
/opt/splunk/bin $ /opt/splunk/bin/splunk reload deploy-server -class MyClass An error occurred: Argument "class" is not supported by this handler.Is this still supported in Splunk 6?
View ArticleHelp with regex
Greetings, I am trying to write a regex but am not successful as of yet. I am trying to match the:Bot: Mariposa Command and Control Suspicious user-agent strings Kelihos.Gen Command And Control...
View ArticleTroubles with creating a new source type
Hi there,I've been trying to create a new source type, but unfortunately - with no success.My data is uploaded from a CSV file (hold your horses, there's a small catch). I put all of the relevant files...
View ArticleSearch optimization and caching for forms
I'm building a BI analytics app and am trying to do as much caching as possible because of the huge volume of data that each report has to run against (roughly 350MB and upwards of 200,000-300,000...
View ArticleXML Form differences following Splunk 6 upgrade
This may be a long winded question ... After upgrading one of our search head pools from 4.3.6 to Splunk 6.0 I'm finding that I'm having to make XML changes to many of the forms that worked fine in...
View ArticleClik here to view.
Retro Old Single Value module
Is there a way to use the old single value:Instead of:In simple or advanced (still in 5.0.x)
View ArticleSplunk Host problem
Hi ,I currently have a problem with my reporting host. I am trying to solve a license violation issue but cannot find the search command in order to view the top reporting host based on how much space...
View Articleunable to set up java home
Hello i have just installed the dbconnect on splunk but it is unable to setup java home . There is problem of java bridge server not running . ############# # error # ############# Encountered the...
View ArticleCompare dates in splunk
Hi,I have the below query to compare the date I am extracting from logs with the current date:(sourcetype="XYZ") OR (sourcetype="ABC") | rex "\|Some String\|\w+\|(?<Field1>[AEU]\d{9})\|" | rex...
View ArticleConditional searching
I'm unsure how to do the following. In our environment, some clients receive private IP addresses (and are translated to public) and others receive public addresses. I need to be able to enter a public...
View ArticleScheduled dashboard jobs complete, but PDF is not created
Hiya,I cannot get the scheduled PDF delivery of a dashboard with 6 panels to work. The dashboard works when interactively run, but the scheduled run is failing for some reason. The panels search jobs...
View ArticleLicense Failover Testing
We are experiencing an issue with our failover scenario from one pool of search heads to our standby pool of search heads. When we point the DNS of the license server to the standby IP, we are...
View ArticleTransaction and Duration
Hi all!Does transaction calculate duration per "transaction" or from the first event in the transaction to the last event in the last transaction (active - #1 to Inactive - #2)? I need to average the...
View ArticleEmail Alert
GM I created an email alert, but my result comes back with the query and error code or it says "A PDF snapshot has been generatedm for the view" I would like to get a table or a chart in the email. I'm...
View ArticleHow do you chart a single data field?
I'm trying to just chart the NTP offsets from the Loopstats file. Here is a sample of the data source:Day Seconds Offset Drift Est.Error Stability Polling.Int 56639 6177.359 0.004032319 -25.301...
View ArticleTop 10 Failed Login
Hi I would like to find my Top 10 Failed login when I run this search. What should I add to get the right result? Here is the query I have to far. (this search gives me all the Failed Login, I just...
View Article