Link Switcher using basic xml
Hello Fellow Splunkers,I am fairly new to Splunk , so apologies in advance if this is a silly question. I have a specific task that I am trying to achieve and I want to use basic xml. I know this can...
View ArticleIs this a linebreaking issue?
I'm collecting events from a logfile that look like this :270929.542: [GC 270929.542: [ParNew Desired survivor size 1288490184 bytes, new threshold 16 (max 31) - age 1: 34518968 bytes, 34518968 total -...
View ArticleConfigure or add multiple apps reports into a dashboard
HiI'm able to create multiple reports from the searches and show all these reports into a single Dashboard. I can add report into a existing dashboard of the same APP (E.g: search & reporting app)....
View Articleability to read remote files?
Hi,Doe splunk has a built-in method for watching a directory on a remote server to look for new files to download and index??
View ArticleShuttl Splunk 6 (Distributed)
Has anyone tried to deploy Shuttl onto a Splunk 6 cluster?It seems that the last compatibility check was for 5.x, so I am unclear if it will work on 6.It also has not bee updated in a while, has the...
View ArticleSend an alert when the Fill ratio of data processing queues exceeds a certain...
I am using the Splunk SoS App, and am interested in setting up some alerts around the "Fill ratio of data processing queues" metrics. I'd like receive an alert when "X" queue is more than 75% for more...
View ArticleIs there an embedded version of Splunk?
Is there an embedded version of Splunk?I'm looking for a secure real-time solution for non-networked systems. I’m looking for Splunk with no web interface, at all. I’m looking for Splunk with hash...
View Articlecaptcha did not work
fyi... when entering a question (prior to creating an account), a captcha phrase was required. I entered one - no luck - tried another... several more... tried in a different browser... gave up and...
View ArticleDeployment Server - reload configs without restarting splunk
Hi;We are currently setting up multiple new forwarders, which are getting their configs from the deployment server. Everytime, we setup a new app or modify an existing app we are having to restart...
View ArticleNecessary to order db query by rising column?
Is it necessary to include an ORDER BY $rising_column$ in my database tail query? This can be very expensive on a large database not indexed on that column. (example: using the row's modified_time...
View ArticleHow do I get the Excel Export button to display?
I am using Splunk 6.0.1 and Excel Module 2.0.4 on win2008r2. I have tried firefox, explorer, chrome. I do not see the button displayed. I have read the documentation and there is no indication that...
View ArticlePersistentValueStoreException when creating DB Input
I am consistently getting the following error when trying to create a Database Input:ERROR:TailDatabaseMonitor - Configuration Error: Error creating PersistentValueStore type xstream:...
View ArticleDisplay chart only within Time range where there data exists
I want to display a chart that automatically crops that whole chart to where there is data and not display any empty before or after time ranges where there is no data at all, how can this be...
View Articlejavascript scripted input
I have a js script and want to consume the output in splunk. What command should I use to make sure splunk can consume the output of the .js file? Print("output")?
View ArticleSpeed up search?
Can anyone make some recommendations in speeding up this search? It might be slow due to the large number of records, around 1/2 million.index=charlesriver sourcetype=windows_events "An account was...
View Articlerex commands using sed in props.conf on a field
Is there a way to use a rex command with mode=sed against a specific field in a config file (props.conf)?? I understand how to use the SEDCMD in the props but that pre-processes and only appears to go...
View ArticleCan we rename row, column when we use transpose function
Hi, Can we rename row, column when we use transpose function
View ArticleExtracting fields from an existing Field
I am working on some http_referer analysis from my proxy logs, seems like an interesting thing to do. I want to do an additional search time field extraction and rip apart the http_referer field to...
View ArticleSearch-App Activity-DropDown-System-Activity only viewable by Administrator
Hi, this is likely a noon questionIn V6, "Search & Reporting" App - the menu-bar contains an "Activity" drop-down (far right next to "help"), if we are logged in as Administrator then within the...
View Articledelta counts by keyname
How can I get a delta count by a key name when there are multiple keys for plotting the delta in a report?I have a collection that outputs like this via syslog:TimeStampMsec="1390586680463"...
View Article