is it possible to get the sum of a multivalued field within a transaction...
Hi, I want to count the number or errors within two keywords say starttran and endtran. My log data would be like starttrantran Id:1000error*abc doneerror*endtranMy query : sourcetype="abc" | eval...
View ArticleHow do I create searchable fields from a single raw string?
Hi,I have syslogs that I would like to search for by ZONE (UNTRUST) and IP (12.12.12.1). Below is a sample of how the data is formatted as one long field. I would like to be able to do a search on...
View ArticleSplunk 5 to Splunk 6 problem.
I was running Splunk 5 Free on my Windows 7 machine for a year or so. I then upgraded to Splunk 6.0 then to 6.0.1 without any problems. I did not create any new searches or dashboards and it preserved...
View ArticleOnly one user does NOT see all fields
I have an app that has a few views in it. In each of these views there is a table of search results, based on drilldown. Every user, with the exception of only one person, sees all the data in each...
View ArticleSplunk for AWS issues - No Billing
Was wondering if someone out there can offer up some help or assistance.Can't get billing working no matter what I try. Some EBS volume and snapshot data retrieved ok but no bills/usage data. All I get...
View ArticleFilter out Windows Events from the Index Stream
Hi, As of Splunk 6, my props/transforms to do the above action no longer work. I haven't upgraded the UF on all my clients so the blacklist can't be used yet. Am I missing something? I believe these...
View ArticleAdd the IP Reputation panel
I deleted the IP Reputation panel thinking we wouldn't need it, but now we do. How do I go about adding it back to the Health Overview page. Thanks for your time.
View Articleearliest=0 is not overriding the time range selected in dropdown menu
When I did a search like "index=_internal earliest=0" + "Last 15 minutes" in drop down menu I could not see below message that I usually see when time range is overridden. I was expecting to see result...
View Articlebucket retention and frozenTimePeriodInSecs
My index has a retention of 6 months with frozenTimePeriodInSecs=15552000. But I still see some events that are older than the retention.By example events that are from 6 month and 2 weeks.Any thoughts ?
View ArticleDeployment server test app download failed
I just created a test app for my environment to be pushed to a single workstation. It does not successfully deploy from this server shown in the forwarder management GUI. The error message in the...
View ArticleIP Reputation configuration
I am trying to use IP Reputation apps, however the graph does not show anything. It seems it requires some of the fields that is not available in my installation. Some of the fields are src_ip dst_ip...
View ArticleProcedure for database monitoring through Microsoft Sql Server APP
I have Splunk enterprise installed on one of the machine and universal forwarders installed on other machine which consists of MSSQL Server 2012 and (Windows 2008 server R2) I want to monitor database...
View ArticleMS SQL APP without data
Hi all, I am new here. I just using Splunk App for Microsoft SQL Server but without any data. 1 My splunk server version is 5.0.6 2 windows 2008 server sp2 + MS SQL 2008 server enterprise 3 I followed...
View ArticleJmx_ta installation in distributed search.
Hi,I have installed the Splunk for Jmx app in my environment following this link.http://answers.splunk.com/answers/62185/where-to-install-splunk-for-jmx-app-in-a-distributed-splunk-envBut while...
View ArticleHunk with Yarn - Does it require MapReduce v1 to be installed?
Hi,When setting up the Virtual Indexes -> provider for Hunk, I am a bit confused about the configuration options.Hadoop version: Hadoop 2.x YarnJob tracker (-> ? In 2 there is not Job Tracker......
View ArticleConstant flickering with black screen in Splunk 6
Hi,I have installed Splunk 6 on my laptop today and I am getting constant flickering with screen get black. It was not happening with my previous version (or any other IE window for that matter) and...
View Articleability to read remote files?
Hi,Doe splunk has a built-in method for watching a directory on a remote server to look for new files to download and index??
View ArticleDB Query with addcoltotels
I have a query that I am using through the DB connect but I would like to use a Splunk command after my query finishes| dbquery MVM "SELECT" | addcoltotels labelfield=TOTAL label=name HostsFoundIs...
View Articleadjusting date_hour in report to reflect local timezone
I log all my devices using GMT. When I run a report where I do a count by date_hour I would like to subtract 6 from the hour to reflect local time for the people reading the results. Any ideas?
View Articlehow can i change graph into stacked mode.
Hi friends, I have 5 columns(_time,YVSuccess,YVFailure,SVSuccess,SVFailue)how to represent (YVSuccess and YVFailure) in one stacked graph and (SVSuccess and SVFailure)in another stacked mode in same...
View Article