Clicking on "Open in Search" and graphs lead to 404 after upgrade to 6.0.1
Our custom apps' dashboard panels graphs and "open in search" lead to 404s.Dashboard + several panels http://splunk.example.com/en-US/app/app_name/iThis_vs_iThatClicking on graph or "Open in Search"...
View ArticleCan you use both mounted and shared bundles with the same index cluster?
I have a dedicated search pool using mounted bundles to talk to our index cluster.Can I also have a standalone search head using normal shared bundles talk to the same clustered indexers?I'm currently...
View ArticleCase Sensitive Columns From SQL
When upgrading from 1.1.0 to 1.1.1 DB Connect, I had to change all my fields from being written with capitalization the same as the sql query to all lower case, otherwise none of my fields showed up in...
View ArticlepeerNameList issue
peerNameList field in the job inspector shows often only one indexer server while there are two (sometimes shows both) and both were used for the search according to the log. I thought that this field...
View ArticleLicense Usage Query when data from one index sends to another index...
If we are sending data periodically from one index to another index with the use of a scheduled search then how it will affect license usage count?
View ArticleHow to do line breaks for multi-line events in SplunkStorm using the REST API...
Hello,I'm using SplunkStorm and I've written a NLog target that uploads events to the REST API using the json_predefined_timestamp sourcetype. It works really well, except when it comes to multiline...
View ArticleFile Integrity Monitoring - Splunk 6
With FSChnage being deprecated in Splunk 5.0, what is the best method in Splunk 6 to monitor folder/file changes?Thank you
View Articleln is to exp, as log is to ___ ?
I am using "bucket span=log1.1 Time" but it puts it bucket ranges, 1-1.1, 1.1-1.2, etc.so I tried to use log(Time,1.1) but I could not fine the correct exp() function.This works, "eval...
View Articlepermisions kicking me out of Splunk for DBX App
I have an admin that was messing with permissions on the objects in the DBX app. I went back and made sure everything was set the same "global, All:Read, Admin:Write"All the functions seem to be...
View ArticleQuerying raw data point for 24hr window time chart not displaying all values?
source=<source.log> "KeyOfThis" | table theRawValue, _time | chart values(theRawValue) by _timeSo, when I run this query there is an event with a large Raw value for a given date that I need to...
View ArticleAdding javascript without restarting splunk
I'm looking at changing a javascript file on a Splunk6 instance which I can not bounce. I noticed that if I copy the original file to a new one, then reference the new file, it doesn't run.Is there a...
View ArticleUnusual date parsing.
Is it possible to have splunk parse the following date format? Year-Day-Hour_minute_Secondi.e. 2008-265-03:19:26 would be 2008/09/22 at 3:19:26.What I want to do is make graphs based on the time in my...
View ArticleTimepicker overriding inline time substitution
Hello,When you specify an inline time sub using "earliest" and "latest", Splunk normally prefers this over the value in the timepicker drop down. It will also warn you that it is using the inline value...
View ArticleLosing duration in milliseconds when I add file size data...
Hi,I have to calculate duration in milliseconds which is working, but when I add file size data to the query, the duration goes to 0. Can anyone provide any guidance as to what's happening and how to...
View Articlehow to search fo multiple event id's
How would I search for multiple event id's ?sourcetype=wineventlog:security EventCode=631 OR Eventcode=632 OR EventCode=633 .......Is there a way to combine the eventID's in one EventCode...
View ArticleIs there more documentation on the Sentiment Analysis app?
Hi, I have lately started working on this app. I would like to know if there is some more documentation available which will help me understand this app better. Thanks
View ArticleScheduled PDF Delivery to file or folder not via email
Hi,I've got some saved searches scheduled to output CSV files using the outputcsv command which works well. From there I run a script to upload the CSV file to an SFTP server.I'd like to do something...
View ArticleHelp with search!!
Hi !I would like to have help with search .I would like to pass the results from on searchsearch xxxxx|xxxxx result:fieldAa b c d eto other search as search field=a OR field=b OR field=c OR field=d OR...
View ArticleSome host's IP address not being resolved to hostname for syslog data sent to...
Prior to setting connection_host to DNS for udp:514, all my hosts sending data via syslog got indexed with the host field being an IP address. After making that change, almost all of the hosts switched...
View ArticleExchange 2007 and 2010 which log files are collected
Is there a list of all the log files which are collected on different type of exchange servers CAS, Mailbox and Hub Transport.Also I would like to know what is the compression ratio of these files.Thanks,
View Article