Unique KeyValue search performance
Hey Everyone,I'm having a bit of trouble with Splunk search performance, I currently have around 1 million rows of logs, each row approx 1kb wide that conforms to the following...
View ArticleReal time search with python sdk and | stats
Hi guys, i think i'm missing something. I'm try to make a real time search with python sdk; after connection if i run this search:search = "search index=main sourcetype=access_combined method=GET"...
View ArticleList top 3 forwarders by volume sent to each indexer
I'd like to see for each indexer in my environment the top 3 forwarders that have sent data. I've created the following search but the top command isn't giving me the correct results. I've sorted the...
View Articleinaccurate deployment client dns values
When running splunk list deploy-clients on deployment servers, I have noticed that for some deployment-clients, the value of hostname does not match the name of the host included in the value of dns....
View ArticleHow and where does splunk determine host time zone ?
My indexers and searchheads in my central datacentre are configured in UTC timestamp but I have universal/light forwarders around the world in many different time zones.I know the hosts my forwarders...
View Articleorganizing multiple responses
How do you query an application log for multiple event codes and then organize them in a report based on what codes were seen?I'm searching 40+ server application logs for backup exec codes and based...
View ArticleForwarding windows event viewer logs to Splunk
I have installed Splunk on a Linux box and is listening for incoming on 9997. Our linux boxes send its syslog to it and work fine. The Windows boxes however do not send any event viewer logs. I...
View Articlefinding lookup table hits
I have a whitelist of IP in a lookup table - say LT.csv :: [column name whiteip]I have a search string say "Search String"An extracted field called "ipaddress".I want to generate a report, how many ip...
View ArticleWill accelerated data model pick up the lookup file change?
I have defined a data model with one lookup field based on static lookup file. I have also enabled acceleration on this data model. After I updated the lookup file with some new values, the pivot table...
View ArticleSA-ldapsearch add on
Trying to find the download page for "SA-ldapsearch add on" and it dow not come up on the APP download page, yet, it is referenced in the Active Directory install instructions. Can anyone help? Thanks...
View ArticleAdd specific fields into the timechart OTHER category.
I'm generating a report of the daily usage of my users indexes over the past week using this search:earliest=-7d@d latest=@d index="_internal" source="*metrics.log" per_index_thruput | eval...
View ArticleWhat version of SSL does splunkd use?
We have Splunk 4.2.3 installed on some Linux hardened servers. Our Security team recently ran some scans and expressed concern regarding SSL on port 8089. After researching we determined that this port...
View ArticleHow do I create a field whose name is the value of another field? Like...
I have a set of data, perhaps XML, perhaps 5.x+ PerfMon, and it's in this format:aName=Field1 aValue=123 aName=Field1 aValue=234 aName=Field2 aValue=345 aName=Field2 aValue=456 I would love to do a |...
View ArticleMissing interesting fields in the Search & Reporting screen
When I use the Splunk's Search & Reporting screen, it does not list any of the Interesting fields that are in the csv files it indexed.I added a Hadoop Connect input and is configured as: Resource...
View ArticleCan someone tell me how to count users by index please
I was trying to keep track of how many users have access to each index. Any help would be much appreciated.
View ArticleFields within fields - search time extract
Within my event data I have a file name for a data set that we move around between services.Input files are sent in a zip file named "< env >.< app >.< client >< site >.<...
View ArticleDoes the Splunk For Nagios app support Check_MK?
I'm trying to use Splunk For Nagios to pull data through the MK livestatus configuration in Check_MK. Does Splunk for Nagios support Check_MK server? Do I still need to configure a universal forwarder...
View ArticleCollect linux audit logs on windows splunk server
I currently have the Windows security operations center installed on a windows 2008 R2 server. I would like to capture audit logs from a linux machine and integrate this into the splunk enterprise...
View ArticleSPLUNK DB CONNECT - DB2
I am trying to setup a DB Connection to DB2 which is running in zos. The connection seem to be successful. However I see the following exception when i try to save the settings. Any Idea what the issue...
View ArticlePrint number of returned results with data if > 10,000
I have a “stats” search that returns millions of results. Splunk can only show 10,000. That’s OK but what I would like is the very first row on the search results page to show an accurate count of the...
View Article