Quantcast
Channel: Latest Questions on Splunk Answers
Browsing all 13053 articles
Browse latest View live

fieldformat not working?

I'm using fieldformat (Splunk 5.0.5, search head in a cluster, if that matters) in order to change how the time is displayed and to preserve proper sorting in tables, however it appears that it does...

View Article


ERROR DistBundleRestHandler - Problem untarring file

Running 5.0.1 on Linux, receiving this error over 500 times a day spread across 34 indexers. Using the splunk service account, I was able to untar the the bundle fine so I do not believe it's...

View Article


Image may be NSFW.
Clik here to view.

Getting an error banner "[HTTP 404] (...) [{'text':'Unknown sid.','code':...

This error banner is displayed every time a search is run, whether from the search bar or for searches embedded in views :No search results are displayed from the UI, but CLI searches are working.What...

View Article

max_content_length error

Does anyone know the cause of this error message, and how to solve/prevent it?Problem replicating config (bundle) to search peer 'servername:8089', error code '413' message from peer 'content exceeded...

View Article

Categories/groups in Splunk app for unix and linux

Can I use Categories and groups defined in Splunk App for Unix in my custom search?

View Article


python or python sdk example for adding data via services/receivers/simple rest

is there an example in the python sdk examples that i can follow to post data to a splunk index via the services/receivers/simple REST endpoint ? if not via python sdk, perhaps something using urllib2...

View Article

Unable to recognize the correct timezone from Forwarder on Windows OS

Hi !I am having problem collecting logs from windows server 2008R2 . The timezone are always the same with the one on Splunk server (ver 5.0.5).I have tried to use TZ setting with host stanza but...

View Article

Search Across Multiple Saved Search Results

Currently I have three scheduled searches that run once a day to baseline possible APT on our network by showing the top 25 hosts for total bytes, connections and length of time for connections through...

View Article


Transform/props not working.

I am trying to filter out Windows Event logs and only allow Errors and Critical event logs to be indexed and I want to drop everything else.Props.conf [WinEventLog:Application] TRANSFORMS-FilterEvents...

View Article


event filtering using transforms and props

My event data contains the follPOST:.... ... <transaction>ffffff</transaction> ABCD EFG <access></access> WERT SDF ... and so onAs you see some lines are non-xml and some are...

View Article

Indexing not working, how can I correct "BTree child has invalid invalid...

We recently had to move our splunk installation & indexes to a new AWS instance, which was somewhat complicated due to the size of the indexes. Since then most of the indexes are updating...

View Article

After a Deployment Server outage, clients all reconnect at once. Any way to...

So our Deployment Server was down for some time, beyond that of the clients' checkin interval, and now that it is back up it is being overwhelmed by hundreds of clients checking in within a few...

View Article

managing log.cfg through deployment server

I am trying to minimize noise level (across WAN) by splunk to greatest degree possible.. With review of index=_internal source=splunkd, I see that each of my universal forwarders is forwarding lines...

View Article


Deploy $SPLUNK_HOME/etc/log.cfg via deployment server?

Is it possible to deploy $SPLUNK_HOME/etc/log.cfg via the deployment server to my forwarders? I wish to reduce the footprint of my Lightweight Forwarders by reducing the log sizes as mentioned here:...

View Article

FAILED_LOAD_DEPLOYMENT_SERVER__TENANT_default - keep seeing on restart

I keep seeing this on Splunk restarts in the GUIFAILED_LOAD_DEPLOYMENT_SERVER__TENANT_default Anyone know what it is or why I am seeing it ?I did upgrade from Splunk 5.0 to 6.0 a few weeks back, so...

View Article


Send Alert if # does not = 4

What i am trying to do is send an alert if Alive_Iwalls does not equal 4. This will tell me if all of the firewalls are up and running. Any help would be greatly appreachiated....

View Article

error generating pdf

Hi,One of my customers is trying to schedule a pdf for delivery, and it's generating empty pdf's. I noticed the following in the pythong.log What does "no job available" mean?2014-01-03 11:25:04,246...

View Article


2 Sideview Checkboxes without interaction

Hi all,I have 2 sets of checkboxes in my dashboard, each one pre-populetd using ValueSetter like the example below.When I select some of the boxes in the 2nd set and after that change selection in 1st...

View Article

Data Import Question

So I have a log file that has a unique format similar to the following============================================== <timestatmp>...

View Article

User Permissions - Enforce Timezone

To avoid any miscommunication between users, I would like to enforce the use of a specific timezone for all users. I was thinking I could accomplish this by removing a user's right to change their...

View Article
Browsing all 13053 articles
Browse latest View live


Latest Images

<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>