winEventLogs and perfmon data inputs _TCP_ROUTING
I am using the _TCP_ROUTING attribute in my inputs.conf. When used with a winEventLogs and perfmon stanza it seems to ignore this attribute. It works fine with the monitor stanza. Is there some other...
View ArticleLinking outbound and inbound messages, then finding incomplete ones
I am analysing a logfile where there'll be a message that describes an outbound message going to an external system, and a short period of time later, a reciprocal message from the external system - a...
View ArticleSplunk for Nagios LiveStatus Dashboards and config help
Hi!I've been trying to solve this for a week now. I installed mklivestatus on my nagios server, however this part: Edit the following python script using your favourite text editor and replace the...
View ArticleDoes Splunk support Global File System(GFS) in a Linux cluster environment?
Hello: Does Splunk support Global File System(GFS) in a Linux cluster environment? I set up Splunk in its production environment and it seems Splunk is not recognizing the target event logs. Thank you,
View ArticleWhat's the best way to import custom JSON data from a web API?
I'd like to pull in JSON data like the one that is available from dev dot moves-app dot com slash activities. (It's from an API from an iOS app called Moves which tracks people's movements.)I can think...
View ArticleS.o.S - Splunk on Splunk > Deployment Topology reports wrong version for...
S.o.S - Splunk on Splunk > Deployment Topology Splunk Topology by Server Roleshow incorrect version for remote universal forwarderS.o.S reports 'Splunk version 4.3.3' Host itself reports splunk...
View ArticleGeoIP for domain names
Has anyone tried to do a lookup for domain names to work with the Google Maps App?
View ArticleSplunk App for Unix and Linux 5.01 cpu.sh & df.sh broken for Mac OSX?
I just upgraded my main indexer to 6.0.1 and installed the new Splunk App for Unix and Linux. When looking at the hosts, all of my Mac OSX hosts are reporting "unknown - is df.sh enabled?" and "unknown...
View ArticleHide an entry
Hello All,I'm seeing a lot of port 68 broadcast from the WAN side. This is normal for a someone on a cable network. Is there a way that I can tell Splunk not to log these and drop the entries all...
View Articlelookup help
i am trying to import a .csv but it is in txt format and it is seperated with :: not , do i have to change :: to , ???does only .csv file reads with , ?
View ArticleReport on Splunk Forwarders
Is there a way to get a report of "All Forwarders" in Splunk. I am trying to get this information in a format that I can export to a spreadsheet (needed to verify that all our inventoried hosts are...
View ArticleSorting help
i am searching like thissourcetype=user |fields user_id, user_gender, user_age,user_occup,user_zipcode |rename user_id as rate_user_id |join rate_user_id [search sourcetype=rate |rename rate_movie_id...
View ArticleConditions on DropDown Selections
HI all, I have 3 drop downs, for example :index, source type and products.Sourcetype drop down has a default value of "not-selected" , same with the index drop down too.. I need a combination of...
View Articlechange default dashboard button to be "This App's"
Hi,Is there a way (both globally and per app) to change the default button to be "This App's" rather than "All" when clicking the "Dashboard" link in Splunk 6?
View ArticleClik here to view.
Lookup is not working!
i tried this tutorialhttp://docs.splunk.com/Documentation/Splunk/6.0.1/SearchTutorial/UsefieldlookupsUpload a look-up filedefine the field look-upthis two works great but! when i tried automatic lookup...
View Articleidentifying sourcetypes by index
Hello,I'd like to display all sourcetypes available for each index in my environment. Unfortunately, metadata type=sourcetypes doesn't preserve the index name, and I want to be able to run it on the...
View ArticleDetermine number of searches per day (non-scheduled).
How do I determine the number of non-scheduled searches that are run per day. We are running pooled searchheads. Running Splunk 5.0.5.
View ArticleIncluding Data From a Previous Instance of a Given Event
I'm looking to create a report that lists out the occurrences of a given event, but also includes information about the previous instance of the event for a given user. Let's start with some sample...
View Articlenot able to schedule search
we have a search pool of 2 search heads and we are in splunk 5.0.1 i am not able to schedule any searches. i am able to create a search and schedule it in manager but it doesnt show up in scheduler.log...
View ArticleHow to get cumulative numbers
Hi,I am getting number of orders per hour and last week same hour orders and delta percentage. i run this every hour (using basic schedule) to get previous hour orders in an email. Now i want to get...
View Article