splunk with s3 add-on - monitor a s3 directory
Hi, I have installed splunk w/ s3 add-on. I can add data for s3 bucket, but I can't add data for a s3 bucket/directory. I will get the error saying no objects found under the directory whereas the...
View ArticleUnauthenticated dashboard
Hello,I don’t know about you, but every so often I get the request for a dashboard that does not require a user to authenticate and/or timeout. Prior to 6.x the time out issue could be solved using...
View Articlethawing out multiple buckets at once?
Is it possible to thaw out more than one bucket at once? Or do you have to do a rebuild for each, one by one?I have to thaw out months and months worth of data - something like hundreds of buckets. I'd...
View ArticleRule based source typing
I'm trying to set the sourcetype on some events I get based on their contents, and then I want to send each of those differentiated sourcetypes to their own indexes. I've tried a bunch of different...
View ArticleSaved search time modifier in simple XML dashboard not working
I am writing a simple XML dashboard (so I can do scheduled PDF reporting) in Splunk 5.0.5.I want to do a side-by-side graph of a saved search:<row> <chart> <title>Internet Inbound...
View ArticleSplunk solution for Soft Defined networking
Does anyone have usecase of visualizing traffic of SDN ? In case of Overlay network(for example VXLAN, MPLS over GRE), we can not see the detail of traffic flowing through the Underlay network, so I...
View ArticleMismatch search result between sdk-python and splunk web
Hi, i'm just learning using splunk and sdk-python. I have this search run from sdk:search = 'search index=main sourcetype=syslog | search *ERROR* | stats count by process' params = {"earliest_time" :...
View ArticleCaptcha broken for edits
I entered a question, had no problem with the Captcha, went back to edit it, but edit will not save because Captcha always fails (have tried like 30 times).
View ArticlePython SDK Visualization
Hi to all,How to produce a visualization in splunk sdk python? For example pie charts, line graph, and etc.Thanks in advance!
View ArticleDB Connect, OS X 10.9, and KeyError: elements
Team,I had a heckuva time getting DB Connect running on Apple OS X 10.9. I got this error:KeyError: elementsAfter thrashing around for a while, including installing what I thought was the latest...
View Articleregex file names from path and/or url
I need to extract filenames so I can transact across many logs of different types and such. some logs have full urls - http://www.test1.com/43/test.txtsome logs have only paths - /43/test.txt some logs...
View Articlepath of props.conf for applications in indexer.
In our environment, We have Universal forwarder, Indexers and search head. We have different approximate 20-22 splunk apps for different kind of configurations.All apps are configured In Universal...
View Articleaccelerated search with specific week day
I have an accelerated search which is set for a 3 months time range. The acceleration works, I can get a whole day's logs in the past in an average of 10 seconds, where it would take forever otherwise....
View Articlestats first behaving differently in a dashboard to a search - is this a bug.
Since upgrading from 5 to 6, one of my dashboards started behaving "strangely", and I have distilled it down to this.If I have a dashboard that uses "stats" and "first"<dashboard>...
View ArticleSRX Indexing
I am able to see srx_logs in a new index "SRX" but I want it to go to the "main" index. I can not see SRX logs in the search app when changing...
View ArticleOverlapping events in summary index
How does splunk handle overlapping events in summary index?Does it simply searches the latest one?
View ArticleQuestion index csv with field contain comma
I have issue with index field which contain comma. Below is my csv input"28650096","2013-12-02 20:30:30","blocked","porn, sexual content","a@a.com","1.1.2.3" "28650093","2013-12-02...
View ArticleClik here to view.
Question about timemodifier
Hi!I would like to ask about the timemodifier.I have a following search including subsearch,index=hoge [ search index=hoge _index_earliesst=-1d@d _index_latest=@d | stats earliest(start) as earliest...
View ArticleHow to combine information from 2 different sources?
Hi!I have a small problem here.. I have two different sourcetypes named 'server' and 'metrics'. Server-sourcetype has fields named customername, servername and server_id. Metrics-sourcetype has fields...
View ArticleHP Service Manager app
Hi friendsI am developing an small app to dashboard HP Service manager incident/change/catalog data by db connect to the database. Has anyone done something like this before? If we have something...
View Article