Xenapp for Splunk - Error in licencing dashboard "The lookup table...
Hi,I am receiving an error in the Licensing dashboard in the Xenapp for Splunk app. "Error in 'lookup' command: The lookup table 'citrix_license_type' does not exist."I have confirmed that the Lookup...
View ArticleSplunk 5.0.5, Does Splunk logs object deletion activity from Splunk Web ?
Hi,We have a shared development environment for Splunk (version 5.0.5) where many users do create/updated/delete Splunk objects (e.g. saved searches/views/lookups etc).Does Splunk logs any information...
View Articledbquery and variables
Can I pass any kind of variable to dbquery through splunk? It demands being the first search command: "Error in 'dbquery' command: This command must be the first command of a search."I would like to...
View ArticleSplunk with R, Anybody interested in Splunk - R integration? Or anybody...
Hey Splunk gurus~!Splunk with R, Anybody interested in Splunk - R integration?Or anybody ever worked on this? If yes, we like hear about your Splunk R integration stories~! Look forward to hear from...
View ArticleSideview SavedSearch module doesn't ssave the search
I'm probably missing something pretty basic, but when I put the Sideview SearchControls module into a view and save the search, the savedsearches.conf entry created looks like this:[PopRedstonr]...
View ArticleTrouble with DB2 timestamp.
Ive added a new database connection to DB connect. My first actually. the dbx.log has the following message associated with the rows that are being processed. 2014-01-03 20:12:43.640...
View ArticleSplunk DB Connect - How to reset tail.rising state?
How to reset tail.rising state that go back and read everything from the beginning of my database table?
View ArticlePre-defined Data Models
Does anybody know if there are pre-defined or common data models that are documented somewhere that could be used as a guide to assist with building data models for those of us who are less familiar...
View ArticleFor splunk add-on for linux, why do we need both ps and top?
What is gained by having both ps and top collected separately by the forwarder? Could they be merged, are people typically picking one or the other?I'm noticing that the resulting data collected seems...
View Articledata retention for an index how to control archiving policy
We have several indexes where we have set the maxTotalDataSIzeMB to a specific value is it also possible to configure the frozenTimePeriodInSecs for the same indexes. Can you have both paramters...
View ArticleNewbie to post-processing looking for help
I have been working in Splunk building reports/dashboards for about a year. Six months ago, I was tasked with creating an app and integrating with our hosting platform to create reports about website...
View ArticleSplunk Default Fields in Data
What happens during indexing if my data were to have key value pairs where the key is the same as one of the default Splunk fields? For instance, say my data looked like this..._time="2014-01-09...
View ArticleSearch & Report dropdown list limit
Is it possible to limit the contents of the Search & Reports dropdown list in any view to just the saved searches for the currently logged in user?I want to set up a system where each user will see...
View ArticleIntersect, Diff and Pie Chart
I have a very large number of win7 machines. I pulled a CSV file from Active Directory, AD1.csv. I then created another CSV file from the deployment clients DC1.csv. What I want to do is compare the...
View Articlehow to turn an inner join into sub-search and pass non matching values
sourcetype=Account contains Id values and the AccountNamesourcetype=Issue contains AccountId values but no AccountName and this is really the sourcetype that contains the stuff I want to report on...If...
View ArticleSPLUNK DB CONNECT - DB2
I am trying to setup a DB Connection to DB2 which is running in zos. The connection seem to be successful. However I see the following exception when i try to save the settings. Any Idea what the issue...
View ArticleCannot get sourcetypes to change
I am sending paloalto logs to a syslog server which then sets the index to "pan_logs" and the sourcetype to "pan_log" and forwards them onto our indexer/search head. I am able to see the logs on the...
View ArticleCan symlink cause Splunk to index files twice?
Due to some inconsistencies in how some of our servers use Symbolic Links (symlinks), we need to understand how Splunk would handle the following situation.../usr2/wlp_logs is a symlink pointing to...
View ArticleSplunk adds .filepart to file name
Hello,I put about 500 files on a server (between 2 directories) and was looking through the data. It seemed that most of the files were broken up line by line, but some of the files were not broken up...
View ArticlePercentage of counts (view through rates)
I am looking to get percentages into a table.I have 2 separate searches that count different events. I will like to combine the different searches into one table where the event count searches divide...
View Article