Splunk Single Sign-On With F5 Big-IP
I am curious if anyone has attempted to or is currently using an F5 Big-IP LTM as a reverse proxy for Splunk web. I've consulted Google U, but haven't been successful.
View Articlejoin two event logs between two specific times
I have two indexes that I have successfully joined, they are indexA and indexB. There is a field in the resulting (joined) event FieldC. I have another index, indexY with FieldD. I need to join this...
View ArticleSearch sourcetypes by forwarders
I need to collect list of sourcetypes for each forwarder using search query. i can get forwarders list from metics.log and sourcetype list from licence_usage log seperately from _internal index. Is...
View Articlelog4j truncating the log entry
We are noticing some of the log entries which are getting truncated. we are using the log4j sourcetype. actual log entry looks like below, however several times we will only see first two lines and...
View ArticleSplunk Duplicating IIS Log data
All,I've recently started forwarding IIS log data to Splunk, and there is at least one file that keeps sending duplicate data. This file is the log file in a W3SVC103 folder. The log file in W3SVC3 is...
View Articlewhere i have to add props.conf for indentify sourcetype based on filename
Hi,I want to create my own sourcetype on indexer based on file name coming from multiple forwarders.I read doc and findout that we can do that from props.conf file as following...
View ArticleIIS log file data duplication - "Checksum for seekptr didn't match, will...
I have a base install of 1 indexer and a few UFs. Both the indexer and UFs are version 6.0, build 182037 (UFs are Windows 2012, indexer is on Ubuntu).In the UF's .etcsystemlocalinputs.conf I have a...
View ArticleTime format in DB query result
I am using splunk DB connect to pull out some data to create a dashboard. But having difficulty in getting the time format corrected in search result. The time format looks like in seconds, how do i...
View ArticleUsing Stats Command
this search works great to provide me a list of hosts showing how much license usage over a 1 day period, but when I put it in a bar graph it does not work well because the stats command provides an...
View Articlepassing user id for lookup query
I am glad i found an app that gives me id of the user who logged in. That will help me some way.But my main goal is as follows:Display list of services whose owner is the person who logged in. the...
View ArticleGraphical email alerts
I created a bar chart of results using a saved search - I need to present the same bar chart view in my email alert. Pls help.
View ArticleAdding additional Fields?
Is there a way to add additional fields like File Owner or File Creation Date? Having difficulty finding the field names from DLP. Any help would be greatly appreciated.
View Articlewhen is it safe to delete oneshot input file?
Hello. I have a script that invokes the command line splunk tool on an single index/search head to oneshot index log files. Is it safe to delete the input log file after splunk oneshot returns with...
View Articlemanaging log.cfg through deployment server
I am trying to minimize noise level (across WAN) by splunk to greatest degree possible.. With review of index=_internal source=splunkd, I see that each of my universal forwarders is forwarding lines...
View ArticleExpand json messages by default
We have json data being fed into splunk. How can I instruct Splunk to show me the JSON object expanded by default. If default expansion is not possible can I query such that the results are expanded....
View ArticleTimechart Graph extends into the future
index=summary_security earliest=-1d@d latest=now orig_sourcetype=dhcp | timechart count by orig_sourcetype | eval marker = "today" | eval _time = _time+1800 | append [search index=summary_security...
View ArticleDuplicate IIS event logs | WatchedFile - Checksum for seekptr didn't match
I'm receiving duplicate events from IIS logs being sent through the universal forwarder.The forwardeds 'splunkd.log' is showing:10-24-2013 14:45:02.882 +1100 INFO WatchedFile - Checksum for seekptr...
View ArticleCan I upgrade Splunk from 5.0.5 to 6.0.1 without upgrading to 6.0.0 first?
I am upgrading my Splunk environment from 5.0.5 to 6.0.X. 6.0.1 was just released today. Can I upgrade directly to 6.0.1 or do I need to upgrade to 6.0.0 first and then from 6.0.0 to 6.0.1?
View ArticleReceiving data via Splunk Forwarder, I want to forward it as syslog
The original data is NOT syslog, and it's coming via universal forwarder, but I would like to forward it from my Splunk indexer onward to a 3rd party receiver as UDP Syslog. Can we take data that is...
View ArticleHow do I make a multi-dimension timechart?
I have a need to count up both failures and successes on a chart, split them by something, and then compare these values to the same time period in the past. Is it possible to do this all on one graph?
View Article