XML View issues after Splunk 6.x upgrade
This is happening to many views following our upgrade to Splunk 6 ...Example ... Form has 3 input boxes ... By default they're all set up with <default>*</default>If I change say, the...
View ArticleAdding a CSS and JavaScript source to an app's HTML Dashboard
Hello all,I've looked around and have tried some other answers but are unable to have it functioning correctly. We're looking to add CSS and JavaScript to an app, however when we load our instance we...
View ArticleXML Logfile not breaking correctly
I have the below log entry which is getting split at the end_date stanza. I have MAX_TIMESTAMP_LOOKAHEAD=23 set in my props but it is having no impact. I have tried multiple other things but to no...
View Articleother apps using the props.conf in a deployed app
I use a separate apps for TimeZone settings and ingestion time stamping. I use TC_ALL_INDEXER_PROPS, TC_ALL_INDEXER_TZ.What I want to do is two fold: Push the entirety of the TC_ALL* apps to the...
View Articledealing with duplicate variables after tranaction command
I am working with IPFix data from a firewall. The first template returns the flow information. That is stuff like Source IP, Destination IP, Flow ID. The second template returns URL related data. Using...
View ArticleKeep specific part of a textfile / email and discard the rest
Hi there,I know the docs and the search function in answers.splunk.com. But I think I sit on the line. Hope someone can get me in the right direction or can help me with my problem.I want to log emails...
View ArticleWhy is my accept rate at 0% ?
I have only asked one other question. I got a good answer, and accepted it several days ago. It seems like my accept rate should show as 100%, but it shows 0% instead. Any ideas?
View ArticleFields not automatically extracting
Splunk is intermittently not automatically extracting fields in the regular foo=bar format. E.g. in this eventJan 9 11:33:37 sv121-mw4 [mw2] INFO auth_id="000767E10050" eventTime="1389227425697"...
View ArticleHow do YOU use splunk! (Search/Query Examples)
Hello everyone,Our company just started using Splunk, and after experimenting with some basic commands it certainly proves to be a powerful yet simple to use search processor. Since our team is so new...
View ArticleCan DB Connect Run Multiple Queries At Once?
I'm trying to run a few complex queries in order to render a single output using DB Connect.I cannot seem to get them all to run together on one line as if I were at the mysql console.Query Example...
View ArticleWhere is the documentation?
HiI'd like to get some more information on the Splunk App for Microsoft SQL Server but I can't find any link to any documentation for it. Can someone point me in the right direction?Thanks
View ArticleWhat's the best way to import custom JSON data from a web API?
I'd like to pull in JSON data like the one that is available from dev dot moves-app dot com slash activities. (It's from an API from an iOS app called Moves which tracks people's movements.)I can think...
View Articledatamodel acceleration on multiple search heads
Hello,Can you declare a datamodel acceleration on one search head and use the accelerated data from another server?I have 2 search heads, one used for dashboards/jobs and another one for ad'hoc...
View ArticleOSX Forwarder install documentation wrong?
http://docs.splunk.com/Documentation/Splunk/6.0.1/Installation/InstallonMacOSCommand line install directions are incomplete and incorrect. hdid splunk_package_name.dmg installer -pkg splunk.pkg -target...
View ArticleDisplaying the number of concurrent users logged into a system over time
I'll ask this question in two ways in hope I can convey my intentions properly:Generic ScenarioWhen you log into this system, a login event is written to a log. When the user logs off (connection...
View ArticleCapturing WMI data from the local machine
How can I capture WMI data from the local machine in Splunk? The program I am working on has a preexisting tool that used WMI to report data from SNMP devices (UPS, environment monitors, etc) to our...
View ArticleAlert if value is greater than 2xSTDEV
Hi,I am trying to find outliers by using the idea of a Bell Curve. I have a search that provides stats on mean, standard deviation, and 2 standard deviations. The idea is to get an alert if the value...
View ArticleDifference between _time and -indextime
Hi, We have splunk UF installed on our streamers. The splunk UF sends logs to splunk forwarder of our analytics setup.We have scheduled saved searches to summarize data. The scheduled searches are...
View ArticleArmadillo for Splunk?
Has anyone heard of and/or used Armadillo for Splunk? It is not a Splunk App."Armadillo is a virtual appliance that collects SAP machine data and forwards it to Splunk."
View ArticleIndex time field extraction/re-write
I currently have a custom sourcetype=vuln_scan that looks like this:response_datetime="2014-01-24 06:41:22" scan_date="2014-01-24 06:41:22" org_id=AB5X1896 scan_id=1H6785E host_id=522ZB769...
View Article