scripted inputs and duplicate event data
Hi all.I have built a simple scripted input that grabs XML data over http:#!/bin/bash curl http://www.a.com/EN.XMLAll works fine BUT Splunk is indexing all events each time it is pinging the file,...
View Articlehow can I change the default search time for all users who are accessing a...
I would like to change the default search time for all users who select the custom app i have created from all time to only search by default the last 4 hrs. How can i make this change so that all...
View ArticleAttempt to workaround 10k subsearch limit -- how to combine multiple lookup...
I'm breaking up my search and outputting the results into separate files. How can I combine these files into a single file once I'm done? .. Using Splunk UI, of course ;-)Example would be something...
View ArticleAlign Buttons in Sideviews
Is it possible to align buttons in Sideviews ? I have always problems with Timerangepicker and buttons, that have no "float" parameter.How can I align 3 buttons for example ? At the moment there are...
View ArticleNagios 4.0
Hi, I installed splunk for nagios using nagios 4.0, followed all the instructions and I can see the data from the sourcetypes on splunk, but I cant see any graph or host.Just as reference I did another...
View Articleold nix vs new nix.
Hi guys. Is just me or the new nix dont have more than 20 percent of the old one. How i can unlock the full power of this new nix. And anyone have the old nix to send me?
View ArticleData Archival-Clustered environment
Hi, I have set up a clustered environment for testing purpose. The cluster comprises of 2 peers, a search head, a master node and a universal forwarder. All components are Splunk v5.0.5. I have set...
View ArticleRecursively traverse nested directories to look for log files?
Can splunk recursively traverse any level of nested subdirectories on S3 to look for log files? Does it assume the files must be directly under the specified S3 directory? Thanks. Tian
View ArticleHow to get Windows domain log in data
Hi All,I am trying to collect data for Windows log on/off time, user and machine. I am running Splunk enterprise 6 on a linux. Is there any "easy" way to get this data to splunk without using...
View ArticleWebsite monitoring not working.
Hi All,I have installed the website monitoring app in my PC (Splunk 6). But I couldn't make it working.Its says "Connection Failed"python_modular_input.log logs looks good.2014-01-28 17:16:39,510 INFO...
View ArticleDB Connect to Remote MSSQL DB as Windows Authentication
Hi,I am trying to configure a DB connection in DB Connect. The authentication (Microsoft SQL Server) will use Windows Authentication, not SQL Server auth. I have not set up any firewall rules, which...
View ArticleHow can I specify specific lines within my lookup file to search against?
I have a large resultset, lookupb.csv which consists of about 4 million lines, that I'm searching against that I need to break up in order to bypass the 10k result limit in subsearch.Example:|...
View ArticleAdding Windows monitors via Linux CLI
Our central Splunk server is Linux, running (now) the latest as I suspected there was a bug involved in this situation. I've deployed the Windows universal forwarder to a bunch of Windows Server 2008...
View ArticleHow to modify the retrun value of stats count by search using eval
I am running a search query like thisindex=w3c host=web-a OR host=web-b ASP_NET_SessionId=* c_ip=x.x.x.* | eval cur=if(_time>relative_time(now(),"-15m"),1,0) | stats dc(ASP_NET_SessionId) by cur |...
View ArticleWrong host identifier in SYSLOG messages
I am new to Splunk and I am sure my question is not new to the community. I have 220 Cisco endpoints reporting SYSLOG data to Splunk. All seems to be working well - except the logging of successful and...
View ArticleNeed to remove numeric values from field to find top values
I have millions of values indexed that look like this,A}MCTEST1_SI_EVENTS_TEST1_SI_EVENTS_no_event_id_total_value_season_percent_stars_33097521...
View ArticleTimestamp extraction from event data ??
Hi,I have eventdata as follows ,05NOV13 XYZ1 21:40:21 GMI User JESSD11 GMI sessn 1 timed-out token 2872827 revoked 26JAN14 ABC1 21:36:50 GMI User JESSE05 Token #0442422 removed from CMW SOT( 139)...
View Articlesplunk does not start indexing even after add data with associated index
Hi, I have created S3 data input, and set it to a pre-created index, I am expecting splunk will automatically and incrementally index data under the input directory. But sometimes, nothing happens and...
View ArticleIs this a linebreaking issue?
I'm collecting events from a logfile that look like this :270929.542: [GC 270929.542: [ParNew Desired survivor size 1288490184 bytes, new threshold 16 (max 31) - age 1: 34518968 bytes, 34518968 total -...
View ArticleSplunk DB Connect to Oracle Instance
I have installed DB Connect Apps and try to connect to oracle instance but i'm getting the following error. Encountered the following error while trying to update: In handler 'dbx-databases': Unknown...
View Article