How to break events while indexing
Hi,I have events which logging user agents information,USR_AGNT="Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"In the above log events, we have...
View ArticleReport on users that excessively browse the internet
We currently have our web filtering logs forwarded to Splunk. I have been asked to provide a report that doesn't just show the top users browsing the web, but to show a list of users that browse the...
View ArticleThis visualization is configured to display a maximum of 1000 results per series
hi, I have following problem when creating a scatter chart, the search returned >1000 entries, how can I increase the maximum results of the graph??I got this message. This visualization is...
View ArticleConflicting Event count in Search App based upon time range
I executed this search on my data, over two different time ranges:"malware" | timechart count The time ranges were:1) Last 4 hours2) Last 60 minutesThe event count in the results, for a selected...
View ArticleSplunk 6.0.1 and OSX firewall
Hi everybody,On my OSX (mac mini) server I can connect to splunk (localhost:8000). When I want to connect to the splunk server from a laptop in my home network, I cannot connect. The connection is...
View ArticleHunk sizing
HiI am doing an application in Splunk that processes that processes 200K records per second fetched from Hadoop. What is the sizing that I need to look at for the licensing. I could see in Hunk that...
View ArticleHow to configure OSX Syslogd ??
Hi to all,I've tried to configure my OSX Splunk server so it will accept data from the syslog deamon (see: https://wiki.splunk.com/Community:HowTo_Configure_Mac_OS_X_Syslog_To_Forward_Data).I've edited...
View ArticleEnterprise Security 2.4.0 and Splunk 6 don't work together -- How long?
So, like other excited folks, I downloaded Splunk 6 on my dev box and immediately started using it. I had ES running on Splunk 5, and I figured ES would break on Splunk 6, and I was correct. Does...
View ArticleRefine Search, Create Alert, Search Time Range Changed!?
In Splunk 6 I am noticing that I when I refine a search and set a time range to Yesterday then save said search as an alert it saves the time range as Last 1 Day (no snap to) until now, instead of...
View Articleconvert verbose human readble time to splunktime
Hi, i got some results that contain a arbitrary amount of time (from Jira) that has a human readable structure which i would however like to convert to a splunk timespan so i can sort results.example...
View ArticleSend using TCP Socket not working
I am using Python SDK, I created an Index and TCP Socket connection using below## Create the index if it doesn't exist if 'kpiindex' not in service.indexes: if verbose > 0: print "Creating index...
View ArticleS.o.S and Sideview Utils Upgrade
We just upgraded to Splunk 5.0.5 and noticed that the indexers were periodically missing data. One of the first things I wanted to look at was our installed S.o.S app. When I brought it up and launched...
View ArticleSearch Returns Exit Code -2
Here's the situation. I have an international server. When trying to search it as a distributed peer, it exits with this message.[REMOTE_WAN_HOST] Search process did not exit cleanly, exit_code=-2,...
View ArticleUniversal Forwarder Server 2012 R2 Hangs
While trying to install the 6.0.1 x64 universal forwarder on an Azure Server 2012 R2 Datacenter VM that has the ADDS roles installed, the install just "hangs" forever. It gets through the copy process,...
View ArticleSplunk DB Connect
While configuring DB connect I get the following error message.Encountered the following error while trying to update: In handler 'localapps': The specified JAVA_HOME is invalid: Unable to determine...
View Articleunable to set up java home
Hello i have just installed the dbconnect on splunk but it is unable to setup java home . There is problem of java bridge server not running . ############# # error # ############# Encountered the...
View ArticleHunk or Hadoop connect for splunk
Hi!I am a beginner of BIG data analytics for splunk and would like to know the distinction between Hunk and Hadoop connect for splunk. It seems that hunk is completely integrated into Hadoop but Hadoop...
View ArticleScheduled dashboard jobs complete, but PDF is not created
Hiya,I cannot get the scheduled PDF delivery of a dashboard with 6 panels to work. The dashboard works when interactively run, but the scheduled run is failing for some reason. The panels search jobs...
View ArticleCreating a multivalue field from a result?
Hey everyone,So this feels like something I should be able to do with the standard search language, but I am failing at it.I have a result, coming from a custom command, that contains field like...
View ArticleI can not download this app.
I can not download this app , because the following files can not be loaded....
View Article