Is Splunk Supported on RHEL 6.4?
We currently are running Splunk 5.0.3 and will probably be upgrading to 6 sometime in the future. Just need to know if Splunk will work with RHEL 6.4.
View ArticleCan someone provide a report to get application usage statistics?
I am looking for an example report that shows application usage statistics and Top 10 applications. Can anyone help? I don't see this baked in.
View ArticleHow to pass tokens in url using the new web framework
I have built a app using django & js in splunk web framework. The home screen gives running status of servers.On click i should pass that server name to a different view .And then i should be able...
View ArticleSplunk for Citrix xenapp Missing some data
I have a Xenapp 6.5 Farm. PowerShell 2.0 with remote execution set on all servers. I am not getting any data in the following areas. We are running splunk version 6.0 and I have the latest forwarder on...
View Articlesplunk 5.0.5 tokens on forms are not getting resolved
In splunk 5.0.5, I am trying to create a form to pass in a set of input (user and times) and build a set of charts/tables. I pulled in the example from the inverted flow description on this page:...
View ArticleAdd button to view to call script
Hello all. I am working on a view to display accounts that are locked out in our AD environment, and it also shows the caller, which is the computer that caused the lockout. Basically, I want to add a...
View ArticleForward to Splunk indexer, then forwarded from Splunk server to another server
If I were to forward syslog messages to a Splunk server and then from there forwarded to another server, would my syslog messages be changed in any way (due to the indexing)? If so, is there any way to...
View ArticleOptional Field Extraction
Hi,I have log files for java stack traces I am trying to parse to get the names of the exceptions that caused them extracted into different fields. The log files are formatted in a way that gives the...
View ArticleConsuming XML Database
I have an XML database that contains up to fifteen different record formats. Many have a common set of fields but each also has its own unique set of fields. It's similar to combining the contents of...
View ArticleHow to configure access_combined_wcookie directly in the files props.conf and...
Hy guys,I have files in the format access_combined_wcookie, the last field called "other", has informations that are importants for business and us (IT). How to extract the information this field using...
View Articlecount list host count by sourcetype, sourcetype by index
Hi, This seems like it would be simple, but I can't figure it out for the life of me. I really like the stats list layout for dashboard panels where you can have a list of results as a subset of parent...
View ArticleThe files props.conf and transform.conf don't work
Hi guys,I did the following configuration in props.conf in the splunk:C:\Program Files\Splunk\etc\system\local [sctmainframe] NO_BINARY_CHECK = 1 SHOULD_LINEMERGE = false pulldown_type = 1...
View ArticleExtract date from a varying source name
Hi Guys,My log files has events with the time stamp on it, just the time not the date but luckily the source name has the date in it and splunk automatically identifies date from the source name and...
View ArticleHow to ignore a field during search so total count is correct
I have repeating error events that are identical except for a single id field value that is incremented for each occurrence. I want to have them be considered as the same, so i get an accurate total of...
View ArticlePredict command and custom alert condtion
index=symantec (virus OR "security risk" OR "web attack") NOT "Tracking Cookies" earliest=-30d@d latest=now | rex "(?i) name: (?P<virus_host>[^,]+)" | timechart span=1h count(virus_host) as count...
View ArticleJMX_ta app with Universal Forwarder
I want to be able to install the jmx_ta app on a Universalforwarder. I've read a lot of questions on here and the default answer seems to be "Install a python runtime and it "should" work. It doesn't....
View ArticleProblem installing TA-uas_parser
I am attempting to get this TA working but am encountering errors when trying to update the cache via the update_cache.py script. My Splunk servers do not have internet access so I installed this TA...
View ArticleRoles won't display in add/edit user/role page, "Failed to fetch data: Not...
In the web_services.log file I see this error at the same time:2013-11-14 17:46:44,232 ERROR [528552d33521c6990] eai:164 - Failed to fetch dynamic element content from the server for...
View ArticlePCI CGI vulnerability
We're getting PCI security alerts on the Cherry web engine. Is there some method of resolving this issue - i.e. install a later version of the web engine?Thanks,BillHere's the alert:Server IP =...
View ArticleActive Directory LastLogonTimestamp EVAL/WHERE Date Math
I'm attempting to locate systems that have not logged into AD for 90 days. I am using the following search;index=foo | where lastLogonTimestamp<relative_time(now(), "-90d" ) | dedup cn | table...
View Article