Splunk indexing using everyother fieldname
I am running into an issue with my transforms and props config files, my data is being logged properly to my index but when I set my fields in the transforms.conf it only takes everyother fieldname....
View ArticleRemote Monitoring
Hello,I am interested in understanding if we can use this product can monitor external web URL's. The Only Solution we have in place today to monitor External URLs is SCOM url monitoring internally,...
View Articlesetting up BSM audit collection
I"m tying to set up BSM Audit collection using the BSM+audit+log+loader app. I've installed a universal Forwarder and am collecting /var/adm/messages ok. When I try to test out the python script I get...
View ArticleDashboards won't load after upgrade to Splunk 6
After upgrading from Splunk 5.0.5 to Splunk 6 (all on Ubuntu 12.04), dashboards do not load at all. I am also unable to create new dashboards and have them function (even after following the new...
View ArticleUsing loadjob within a postprocess
Can you use the loadjob command in the search string of a postprocess? For example: <module name="HiddenSavedSearch" layoutPanel="panel_row2_col1" autoRun="true" group=""> <param...
View ArticleArchive Signing
Hi,I am using a script for archiving logs from colddb to a desired location. I have used the coldToFrozenExample.py script and basically just changed the archived location. The script works fine....
View ArticleNewbie to post-processing looking for help
I have been working in Splunk building reports/dashboards for about a year. Six months ago, I was tasked with creating an app and integrating with our hosting platform to create reports about website...
View ArticleComplex search with set operation
I have 3 sourcetypes representing learners, courses and course completion detailslearners - the learner details catalog - the total course catalog for each learner completions - the course completions...
View ArticleProblem with hyphen delimited sourcetype and spaces
I've got some logs that are in a format like this2013-12-29 08:23:21,151 - INFO - 1.1.1.1 - None - None - SERVER1 - User keynote@test.com logged in... - Mozilla/4.0 (compatible; MSIE 8.0; Webmetrics;...
View ArticleIs it possible to change username of Splunk account ?
Hi,Is it possible to change Splunkbase username ? If yes, then how to do this . Thanks !
View ArticleSearch optimization and caching for forms
I'm building a BI analytics app and am trying to do as much caching as possible because of the huge volume of data that each report has to run against (roughly 350MB and upwards of 200,000-300,000...
View ArticleI just installed the splunk vmware app but I cannot run searches or view...
I just installed the splunk vmware app but I cannot run searches or view dashboards. It does appear that the app is receiving data at this time but I have no ability to search it.
View ArticleRestrict users to fire complex query | force kill the complex query !
Background : I am using Splunk verion 4.3.3 , having 4 indexer with 1 Search head and using the default configurations for limits.conf. OS : RHEL 6 Subnet : logging HDD 1 : 40 HDD 2: 100 Memory : 16...
View ArticleIs it possible to disable http compression on SplunkWeb?
For splunkd on the indexer you can set a value in the server.conf file as such:allowSslCompression = falseIs there an ability to do this for splunkweb?There doesn't seem to be a setting to disable ssl...
View ArticleOn Hover Show Additional Details Web Framework
Is it possible to add fields shown in the popup when hovering over a bar in a chart? I am using Javascript/Django
View ArticleConditional search command
Hi Splunkers,I was wondering if it's possible to run a search command only under specific conditions? E.g. when a field containts a specific value or when total number of results are at least...
View ArticleCan I change the location of Splunk's internal logs?
I we would like to index these logs in a different directory (a directory other than the $SPLUNK_HOME/var/log/splunk).Indexer splunkd.log as splunk_indexer_logs Indexer metrics.log as...
View ArticleINPUTLOOKUP -- Match against field1 OR field2
I am searching some firewall logs against a lookup file using INPUTLOOKUP. I don't care if the IP addresses in the lookup file match the source IP field (src_ip) or destination IP field (dest_ip) in...
View ArticleAdding dedup _raw before timechart returns 0 results
I apologize if this is asked already but I search to no avail.When writing a Splunk query that will eventually be used for summary indexing using sitimechart, I have this query: index=app...
View Article