Rotating Data to Frozen After Time Period
What is the best way to rotate events into Frozen OR delete events that are older than 18 months?I can think of a few off the top of my head but what is the best or indented way to do this?1)...
View ArticleJavascript sdk capabilities
I was recently introduced to splunk, and am currently trying to work on a prototype to see if we have the need for this product. I have taken a look at the documentation and it's a bit confusing to...
View ArticleBehavior of frozenTimePeriodSecs
In my indexes.conf I've set "frozenTimePeriodSecs" to "3888000" => 45 days. I've specified no coldToFrozenScript so I am assuming that any data older than 45 days should be discarded. The trouble is...
View Articlesplunk discard specific events
{[-] EventInfo : {[+]}, EventType : "INFO", Properties : {[+]}, TimeStamp : "2014-01-03T19:31:30.3319998Z" }How do i discard events that have EventType = INFO?Currently my transforms and props are:...
View ArticleSplunk DB Connect - DB2 - DBMON TAIL
I am trying to setup a dbmon tail from a table running in DB2 ZOS and unsuccessful in getting it work. After enabling debug and looking at the dbx.log, it appears the query the application generates...
View Articlesplunk support for customers with license
is this the forum for customers with purchased license as well?if not could someone share the link for that
View ArticleDisable the UF web service
I am having no success in disabling the web service on my universal forwarders?Issue: Security team were able to browse to my universal forwarders using https://[universalforwarder]:8089. I have been...
View ArticleHow can I do a find/replace on the results found to make them more readable?
For instance, I have a log that returns many results and in between different fields I have a x1 that I would like to replace with a space in order to make it more readable to the user. How can I tell...
View Articlewebstats.spl
Hi, Can anyone shed some light on how to install this splunk add-on app, WebStats, using this downloaded file -- webstats.spl ?
View ArticleSAP's Hana vs Splunk
Has anybody considered using SAP's Hana as an alternative to Splunk or vice versa? It's praised by its marketers for being able to process huge volumes of structured and unstructured data, producing...
View Article"Splunk could not get the description for this event"
I am uploading evtx file(eventlog files) into a splunk(v5.0.2) manually without using forwarders. The events found in the eventlog file after indexing contain the following:Message=Splunk could not get...
View ArticleSplunk went loco... reporting it indexed 250+ GB in half an hour when it didn't
Here's the long and short of it. My Splunk instance went nuts and said it indexed 250+ GB in a very short time. I started looking into it, and the two big culprits (according to the Splunk License...
View ArticleSplunk 6 mapping feature (Javascript SDK)
Hi, I would like to use the splunk 6 mapping feature in an external website using the javascript sdk, just wondering if this is possible? I have looked at...
View ArticleRemoving Sites
This is a great app ... But I need to know how to remove sites from monitoring.I have one I mistyped and another one I do not need to monitor any longer. No matter what I do, the sites that are no...
View ArticleModifying the All Indexed Data dashboard for custom indices
I have customized the Windows App to send perfmon and windows events to separate indices (named perfmon and winevents, respectively). As such, the "All Indexed Data" dashboard at the bottom of the...
View ArticleSimple chart from field values, rather than field count
sourcetype=syslog "CPU Temp" | sort –CPU_Temp | table host CPU_TempCPU_Temp is a field with a numerical value (Temp of the CPU in celsius)I'd like to create a chart with the resulting data: x-axis =...
View ArticleHow to Index Rolling Log Files
I've come across a use case where a log file roles once every 24h.e.g: logname.log.2014-01-01 logname.log.2014-01-02 logname.log.2014-01-03 ...etcI've edited the inputs.conf to monitor...
View ArticleHow to get the initial value of a timeline loaded from a search?
When timeline is a TimelineView, timeline.val() is supposed to return the visible time range in the view. However, it only behaves as expected when the user has already zoomed in or out on a selection...
View ArticleGetting error "no logon servers available" when i try to log onto the windows...
I have 2 splunk servers in completely separate environments. After a couple days when I try to logon to these servers I get "no logon servers available". This only happens on windows instances hosting...
View ArticleChange color of charts (JavaScript)
Hi, Is there a way to change the color of a series being returned in the search results? For example, I run a search with an eval where I'm grouping the results into 'red', 'yellow', and 'green' and...
View Article