Using Microsoft Eventing 6.0 instead of Splunk;'s forwarder agent
This is a follow up for a conversation I had with Splunk engineers a year ago at SplunkLive! The conversation was about using Microsoft's Eventing 6.0 (native to Windows) which would eliminate the need...
View ArticleInclude zero-count items from lookup
I have a search that checks my connection logs so to track users who log into my website against a lookup csv with about 500 users listed:sourcetype!="*Private*" "Connected" "10.0.0.44" | transaction...
View ArticleIndex lag increasing for REST API event input
I have an event generator that simulates five servers running uberAgent. Data is sent to Splunk via the REST API. When I start the event generator, everything is fine. But while it keeps running, the...
View ArticleIncorrect Event Date Issue
We have Splunk free version protected by IBM Tivoli Access Manager. SPlunk indexes the access logs from access manager. There are no logs in the system before Sep 2013 since system is just implemented....
View ArticleSmokePing, Cacti results into Splunk?
Anyone tried piping SmokePing or Cacti results into Splunk?
View ArticleCounting xml tags in raw event
my event records are xml based as shown below coming in from one file, one sourcetype- <transaction><id>12</id>........</transaction>...
View ArticleCounting xml tags in raw event
my event records are xml based as shown below coming in from one file, one sourcetype- <transaction><id>12</id>........</transaction>...
View ArticleI configured inputs.conf,but my data can't indexed?
I configured inputs.conf,my data can't indexed,but on UI i can add the data./opt/splunk/etc/apps/$APP/localindexes.conf [_cpu] coldPath = $SPLUNK_DB/_cpu/colddb homePath = $SPLUNK_DB/_cpu/db thawedPath...
View Articlesplunk for squid bytes empty in requests search table
Hi,I'm trying to get Splunk of Squid working on Splunk v6. I am using squid v 3.1.20-2.2most of the stuff works, the only thing I can't seem to figure out is the table at the bottom of the requests...
View Articlesplunk indexes state
Hi,Is there a query to get the data found in this view?http://yoursplunkserver:8000/manager/launcher/data/indexesThanks, Lp
View ArticleInternal 500 Errors
Our single instance Splunk indexer/search host becomes unresponsive every week or so. Root cause has been determined to be the system running out of sockets. We increased the number of TCP ports to 55K...
View Articlersyslog for websphere application server
Hiwe are collecting the logs to splunk indexer via rsyslog,we've got quite a number of unix serves monitored in this fashion and it is all working well Now I want to include Websphere application logs...
View ArticleQuery with Thousands of "OR"s
Greetings,I want to know the least resource intensive way of searching thousands of URLs in one search. So what I am doing is taking the Infragard warnings and then building them into queries...
View ArticleQuality indicators for bars, charts
Is there a way to specify the color of a single value bar or column chart based on value ranges - green for normal, yellow for warning and red for critical along with a legend to specify the ranges?...
View ArticleDisplaying results table in tab switcher tab, BEFORE clicking on drilldown...
I have a dashboard with two panels. The first panel contains a table which is a drilldown table. When the value is clicked, the second panel has three tabs with different searches, for the filtered by...
View ArticleHow can an Indexer best utilize a combination of SSD/HDD storage?
Recent Splunk versions include many acceleration technologies to speed up common search scenarios using technologies like summary indexing (3.1?), bloom filters (4.3), report acceleration (5.0), and...
View ArticleClik here to view.
Splunk for bluecoat tstats searches
I have recently downloaded and installed the splunk for bluecaot app, and i'm having some difficulty adapting it. We are using the legacy proxySG (5.4) so I have usedthe bcreportmain_v1_old transofrm...
View Articlerestrict scheduled real-time searches?
Hi,Is it possible to give people the ability to execute, but not schedule real-time searches?
View ArticleAdd Credential error
Get the following error when Add new credentials for PAN devices: Encountered the following error while trying to update: In handler 'localapps': Error while posting to...
View ArticleConditional searching
I'm unsure how to do the following. In our environment, some clients receive private IP addresses (and are translated to public) and others receive public addresses. I need to be able to enter a public...
View Article