Matching two expressions to one field
I am trying to extract a field from logs that look like this:Apr 28 07:45:22.992 On [2:18]20.5.4.1:5070 sent to 102.11.130.135:50953 ... Apr 28 07:45:22.992 On [0:51]10.20.33.50:5060 received from...
View ArticleSplunk deployment - multiple A records issue
We have setup deployment server. It works pretty well but we have problem with one of our systems - We have four machines (windows) where splunk universal forwarders are installed and these four...
View Articlecharset issue
Hi, everybody.I want use splunk to index the data which contain chinese.Firstly, the base data will send to my spunk universal forwarder.Then,my universal forwarder will forward the data to my...
View ArticleCan I change role's searchable/default index by App?
Hi,I would like to set srchIndexesDefault to specific index by app currently users are using.For example, admin role is configured so searchable indexes = * and _*, and default index searched = main....
View ArticleSpreading transaction duration over spans
Hi, I have some data containing transactions that might take short (a couple of seconds) or very long (hours). I want to have a timechart that shows the duration of the transactions in spans of 15...
View ArticleDecode indexer name hashes (GUID) from license_usage.log
In license_usage.log the indexers appears as a kind of hash value (i=...):01-02-2012 16:56:16.516 +0100 INFO LicenseUsage - type=Usage s="udp:514" st="cisco_asa" h="172.16.22.7" o=""...
View ArticleSplunk DB connect (dbx) app is not working
jbridge LOGS :2013-04-29 10:01:05,665 ERROR Command output: None 2013-04-29 10:01:05,665 DEBUG Error waiting for process: Java process returned error code 1! Error: Initializing Splunk context......
View ArticleSSL certificate generation failed.
Hi,I am trying to start splunk for the first time and I get "SSL certificate generation failed." error. I did the following: 1. downloaded splunkforwarder-5.0.2-149561-Linux-x86_64.tgz 2. run tar -xvf...
View ArticleSplunk App for Exchange - Reputation N/A
I have the Reputation TA installed on a universal forwarder and it is continually reporting N/A when reviewing Exchange health overview. This is a test environment so I don't really have a need for a...
View ArticleF5 index not properly captured
How to check if f5 logs are getting into Splunk properly?
View ArticleIs there a how-to for Splunk for F5 Security?
Is there a How-to for Splunk for F5 Security?I want to make it go.
View ArticleVMWare App vs. vCenter Operations Manager
Does anyone have some experience with both of the tools?What Are Pros and Cons?Thanks in Advance
View ArticleSplunk for Vmware App index settings
Are there any recommendations for settings on the vmware indexes? Extra storage isn't a big deal but app performance is. Additionally as as our cluster changes and grows, I don't want old virtual...
View ArticleDiscrepancy between spike shown in metrics data in internal index and what is...
I have a search/alert that alerts me when certain indexes have more than the usual amount of event data using _internal metrics, and which runs once an hour. And then I have this search which I run for...
View ArticleVMWARE APP for ver 3.x - Which SDK do I need to download or enable
I downloaded, installed, and configured the Vmware app for splunk ver 3.x on my current splunk 4.1.4 server.IN the vmware.conf file the settings for the endpoint is https://myserver/sdk. I dont believe...
View ArticleVMware app 2.0- ESXi host authentication through vCenter?
I'm trying to use Splunk VMware app 2.0 and I'm trying to get data from ESXi hosts. I found a complication that the VMware app requires local accounts on each ESXi host to be able to perform...
View ArticleSplunk with VMware's SDR how does the forwarder work?
Splunk with VMware's SDR how does the forwarder work?
View ArticleF5 BIG IP'S Security iRule
Hello Splunkers, how have you been?We've been taking with F5 BIG IP Security (WAF) app and we've been observing some strange behavior on panel's dashboards, most of that connected with Attacks and...
View Articlecharting numeric files stored on a summary index
I'm creating a summary report based on a timechart that counts the number of eventcounts for a certain transaction.index=xpto | transaction maxspan=2m maxpause=30s fields=correlation | sitimechart...
View Articlewhy do you have to NFS mount the NetApp ?
Can someone clarify this step from the README?"4. Create an NFS mount to the system partition of your filer(s). Copy local/inputs.conf.sample to inputs.conf and edit this file. Specify path to the...
View Article