fieldformat not working?
I'm using fieldformat (Splunk 5.0.5, search head in a cluster, if that matters) in order to change how the time is displayed and to preserve proper sorting in tables, however it appears that it does...
View ArticleERROR DistBundleRestHandler - Problem untarring file
Running 5.0.1 on Linux, receiving this error over 500 times a day spread across 34 indexers. Using the splunk service account, I was able to untar the the bundle fine so I do not believe it's...
View ArticleGetting an error banner "[HTTP 404] (...) [{'text':'Unknown sid.','code':...
This error banner is displayed every time a search is run, whether from the search bar or for searches embedded in views :No search results are displayed from the UI, but CLI searches are working.What...
View Articlemax_content_length error
Does anyone know the cause of this error message, and how to solve/prevent it?Problem replicating config (bundle) to search peer 'servername:8089', error code '413' message from peer 'content exceeded...
View ArticleCategories/groups in Splunk app for unix and linux
Can I use Categories and groups defined in Splunk App for Unix in my custom search?
View Articlepython or python sdk example for adding data via services/receivers/simple rest
is there an example in the python sdk examples that i can follow to post data to a splunk index via the services/receivers/simple REST endpoint ? if not via python sdk, perhaps something using urllib2...
View ArticleUnable to recognize the correct timezone from Forwarder on Windows OS
Hi !I am having problem collecting logs from windows server 2008R2 . The timezone are always the same with the one on Splunk server (ver 5.0.5).I have tried to use TZ setting with host stanza but...
View ArticleSearch Across Multiple Saved Search Results
Currently I have three scheduled searches that run once a day to baseline possible APT on our network by showing the top 25 hosts for total bytes, connections and length of time for connections through...
View ArticleTransform/props not working.
I am trying to filter out Windows Event logs and only allow Errors and Critical event logs to be indexed and I want to drop everything else.Props.conf [WinEventLog:Application] TRANSFORMS-FilterEvents...
View Articleevent filtering using transforms and props
My event data contains the follPOST:.... ... <transaction>ffffff</transaction> ABCD EFG <access></access> WERT SDF ... and so onAs you see some lines are non-xml and some are...
View ArticleIndexing not working, how can I correct "BTree child has invalid invalid...
We recently had to move our splunk installation & indexes to a new AWS instance, which was somewhat complicated due to the size of the indexes. Since then most of the indexes are updating...
View ArticleAfter a Deployment Server outage, clients all reconnect at once. Any way to...
So our Deployment Server was down for some time, beyond that of the clients' checkin interval, and now that it is back up it is being overwhelmed by hundreds of clients checking in within a few...
View Articlemanaging log.cfg through deployment server
I am trying to minimize noise level (across WAN) by splunk to greatest degree possible.. With review of index=_internal source=splunkd, I see that each of my universal forwarders is forwarding lines...
View ArticleDeploy $SPLUNK_HOME/etc/log.cfg via deployment server?
Is it possible to deploy $SPLUNK_HOME/etc/log.cfg via the deployment server to my forwarders? I wish to reduce the footprint of my Lightweight Forwarders by reducing the log sizes as mentioned here:...
View ArticleFAILED_LOAD_DEPLOYMENT_SERVER__TENANT_default - keep seeing on restart
I keep seeing this on Splunk restarts in the GUIFAILED_LOAD_DEPLOYMENT_SERVER__TENANT_default Anyone know what it is or why I am seeing it ?I did upgrade from Splunk 5.0 to 6.0 a few weeks back, so...
View ArticleSend Alert if # does not = 4
What i am trying to do is send an alert if Alive_Iwalls does not equal 4. This will tell me if all of the firewalls are up and running. Any help would be greatly appreachiated....
View Articleerror generating pdf
Hi,One of my customers is trying to schedule a pdf for delivery, and it's generating empty pdf's. I noticed the following in the pythong.log What does "no job available" mean?2014-01-03 11:25:04,246...
View Article2 Sideview Checkboxes without interaction
Hi all,I have 2 sets of checkboxes in my dashboard, each one pre-populetd using ValueSetter like the example below.When I select some of the boxes in the 2nd set and after that change selection in 1st...
View ArticleData Import Question
So I have a log file that has a unique format similar to the following============================================== <timestatmp>...
View ArticleUser Permissions - Enforce Timezone
To avoid any miscommunication between users, I would like to enforce the use of a specific timezone for all users. I was thinking I could accomplish this by removing a user's right to change their...
View Article