Feeding data from script into splunk while avoiding data duplicates
Hello all,upfront: first time Splunk user here, be patient with me :-)I've a scenario I would like to describe and which I require some comments on in regards to how this can be archived with...
View ArticleEfficient searches using boolean operators
I'm currently trying to optimize my searches to keep my Splunk searches as quick as possible. Is there any appreciable difference in search time or efficiency in the two following searches? My main...
View ArticleHow to search for possible missing sections when logs did not come in from a...
So we spot checked a random time in splunk for a sourcetype(made up of 2 hosts sending in data). The data was missing, running the report for just that date shows there was a window of approx 45m where...
View Articledb2 and datatypes problem
Hi - I am trying to connect to db2 through the db connect app. I can connect to the database and also see all the tables. I can see all the data as well unless it's decfloat data type - then it just...
View ArticleExtract Fields Using RegEx
I am having trouble trying to parse data from a raw event line.The raw event come in 2 different ways further below using the following regex info(?i)^(?:[^^]*^){2}(?P<bannerid>[^^]+)The issue is...
View ArticleWhat is the maximum range of values that can be assigned to max_mem_usage_mb?
We currently have the limits.conf max_mem_usage_mb parameter value set to 2000, which is 10x the default value (200). We have noticed incidences of splunk helper processes being killed due to OOM, and...
View ArticleS.O.S 3.1 Upgrade on Windows 2008 R2
Hello, I just upgraded S.O.S to 3.1, and I now receive an ExecProcessor error of:You cannot call a method on a null-valued expression at line:1 char:2 Metrics do display correctly but this error is new...
View Articleappendpipe variable
Hi Guys,appendpipe [stats avg(*) as *] , adds a new row with the average of all the rows of the respective column. I wanted to get hold of this average value . So I did appendpipe [stats avg(*) as...
View ArticleHelp with Props.config and XML Parsing
I am new to Splunk and am trying to figure out how to parse a xml file. This is a generic xml file coming from Microsoft Storage Reports The XML<?xml version="1.0"?><StorageReport...
View ArticleHow do I filter out DEBUG entries from a linux / Unix logfile with the heavy...
We're having some licensing violations when we need to turn on DEBUG on some of our services and we'd like to just have a regex nullqueue any debug entries before forwarding them to the indexers.
View ArticleRemotely pull ./splunk diag via REST?
Is it possible to pull a diag output from the REST interface? It's slightly cumbersome, especially when I need to run more than one diag, to ssh->sudo ./splunk diag->set file perms->scp. Maybe...
View ArticleLooping emails for multiple events
Hi there,I have created a query which returns something like this :-OrderNo CreatedBy OrderError0001 Alice Faulty2222 Prince...
View ArticleDetecting keywords from another search in a field from other search
Hi Guys,I have a requirement like this. In a search I am getting a field like ExtraInfo Count User-Gmail-GoogleChrome 6 Inbox-Yahoo! Mail 3 .....In another I have keywords like Gmail,Yahoo!...
View ArticlePFsense access.log format
I have setup the correct source input for squid. I'm able to search for source type = squid. However the dashboard does not show the data The following in an example of the log from Pf sense 1/27/14...
View ArticleSplunk on VCS
I have a few servers that are on VCS Clusters (Veritas), and I need to rename $SPLUNK_HOME directory from /splunk to /opt/splunk.Will renaming the directory affect how the VCS works in anyway?Thanks!
View ArticleHigh cpu usage on splunk forwarder
Hi,I've installed splunk and configured it as a forwarder on one of our windows DC/file server last week and has been experiencing high cpu usage as reported by our administrator..we had to disable...
View ArticleDBConnect - DB2 - Configuring database for "Rising Column" Bigint vs Integer
We are looking to add a "Rising Column" to one of our zOS DB2 databases to allow Splunk dbtail to work properly.Does anyone know if Splunk can handle the "Rising Column" identity being set to BIGINT?...
View Articlejavascript wrapper in Python for scripted input
Hi, does anyone know how I can call a javascript file from a python script executed in splunk without any additional python modules?The javascript calls a webservice and pulls back data which I want to...
View Article2 different timestamps in single log
Hai,I have lines in single log (1 sourcetype) started with 2 different timestamps, timestamp1 - etc etc timestamp1 - etc etc timestamp2 - etc etc timestamp1 - etc etc timestamp2 - etc etc timestamp2 -...
View Article