Splunk6 DB Connect 1.1.1 No handlers could be found for logger "spp.java"
Hi,I am having similar issue to that described herehttp://answers.splunk.com/answers/105605/the-java-bridge-server-is-not-running-dbx-110I am running Splunk6 and DB Connect 1.1.1 on a Linux VM. When I...
View ArticleHow can I audit users who are connected through REST API
I would like to audit users who are connecting through REST API. How can I achieve this?Is there a way to find out from internal logs whether the user has logged in through Splunk web or REST API.
View ArticleIndex from old Splunk Heavy Forwarder
Setup currently I have the newest version of Splunk (6.0) running as my main Splunk server with several universal forwarders v 6.0 sending logs to the server to be indexed.I have another box that the v...
View ArticleHow do you 'Tag' based on a search?
I'm almost certian I used the wrong lingo but I'd like to essentially create a field based on search or regex, but I want my own predetermiend label to be the field value, not any of the contents of...
View ArticleSplunk_TA_nix install from deployment server
Hi,I have 9 universal forwarders where i want to install Splunk_TA_nix from deployment server.Please let me know is it possible to install from deployment server or i have to go one by one to forwarder...
View ArticleSplunk for active directory app sending out massive rpc queries
we have a user recently installed Splunk for active directory app (Windows ) and it seems to be sending out massive RPC CrackName(Opnum=0xC) queries causing the receiving end high CPU usage. Does...
View ArticleHow to distribute TA_nix from deployment server
Hi,I have multiple forwarders and indexers and have want linix server activites from them. So I have to deploy my TA_nix from deployment server. Process is same as paste that in deployment-app folder...
View ArticleI upgraded my distributed environment to Splunk 6.0 and now my Indexers are...
I upgraded my distributed environment to Splunk 6.0 and now my Indexers are continually crashing. I looked in the log and the crashing thread is "FwdDataReceiverThread". Has anyone else seen this? What...
View ArticleRunning a saved search in splunk6
Hi,I am newbie to splunk still now I have configured forwarder, indexer and a splunk server.Now i created a dashboard and saved it in indexer/Searchhead how can i search it from my splunk server in...
View ArticleHow to modify the retrun value of stats count by search using eval
I am running a search query like thisindex=w3c host=web-a OR host=web-b ASP_NET_SessionId=* c_ip=x.x.x.* | eval cur=if(_time>relative_time(now(),"-15m"),1,0) | stats dc(ASP_NET_SessionId) by cur |...
View ArticleFile load hangs
Wanting to load a test text file. (It worked before). But I've edited the props.conf file to add:[commonlog] NO_BINARY_CHECK = 1 pulldown_type = 1and then during load, specified 'commonlog' the...
View ArticleField Extractor App V 1.6 with Splunk 6.0
We downloaded and installed the Field Extractor App Version 1.6 with Splunk Enterprise 6.0. We have two issues with using the app.Issue 1: We used the app to extract 10 fields from a single log file....
View ArticlePaid Work - Creation of Microsoft DNS Technology Addon
Hi,I urgently need at least a TA for MS DNS for some work I am doing. Doesn't need to be anything special i.e. no dashboard/views etc.I need field extracts for all field contained within event using...
View ArticleForward installtion issus on AIX 5.3 5700 but /bin/uname is needed
Hi expert: When I install the Forward on AIX system, there are some error. Splunk forward version:6.0 AIX version: 5.3...
View ArticleClik here to view.
transposeコマンドを利用するとカウント順に表示されない
添付の画像の様に、transposeコマンドを利用してパイチャートにすると、カウント数が無視されてしまいます。 こちらをカウントの多い順に表示するにはどうしたらいいのでしょうか。 ちなみにsort等を利用しても表示結果は変わりませんでした。
View ArticleHow to group log based of timestamp
Hi Guys, I want to group log based on the time stamp different (20 mins) and assign number to each group. E.g. 10:00 AM ... log message 1 10:10 AM ... log message 2 10:30 AM ... log message 3 10:35 AM...
View ArticleHiddenPostProcess - export of results
Hi all,I created the set of views where I use HiddenSavedSearch module along with HiddenPostProcess module. HiddenPostProcess does an additional filtering and formatting and the result of...
View ArticleUniversal Forwarder Server 2012 R2 Hangs
While trying to install the 6.0.1 x64 universal forwarder on an Azure Server 2012 R2 Datacenter VM that has the ADDS roles installed, the install just "hangs" forever. It gets through the copy process,...
View ArticleSpecifying the path to Splunk for splunkdj
On page: http://dev.splunk.com/view/SP-CAAAEN2 (Create the musicdashboard app) you're asked to enter: splunkdj createapp musicdashboard(and it says You'll need to provide your Splunk credentials to...
View Article