Unexpected duplicate app: _cluster
So we recently had clustering enabled in our environment and decided to remove it and now we keep getting the following error when starting our indexers: ERROR ApplicationManager - Unexpected duplicate...
View Articledb connect lookup fails with table is invalid
To use a flat file lookup table is easy - simply create (say) a CSV file and use it with the search app syntax | inputlookup test.csvbut if I go to Apps -> Lookups -> database lookups and create...
View Articleunable to convert any saved dashboard to advanced xml
when I save a search or chart as a dashboard it saves as a simple xml, and will not allow me to see the advanced xml. Even the search parameters are not displayed. Any suggestions?
View Articlesplunk tcp-raw on bound port
i am curious if its possible to have splunk collect raw tcp data from a bound port? ex: i have a web server running on port 80. can i have splunk also listen on port 80 and collect the raw tcp data?...
View ArticleHow can I parse Snort logs from pfsense syslog?
I was able to set Splunk up to configure the reports for the pfsense firewall logs. But I would also like to create a similar report for just the snort logs. Right now they are being set into the...
View Articlehyper v add on
where do i copy this huyperv add on , i have installed universal forwarderon hyperv hosts and installed vitualization apps on splunk management .copied hyper v add on to splunk/etc/apps folder . I...
View Articlesyslog is not waoking
I configure syslog on my cisco router and switch, and I am no receiving any data into my splunk server. Yes I enable syslog on my devices and i enable port 514 on splunk serverthanks
View ArticleSet realtime_schedule option in savedsearches.conf to ONE using splunk sdk...
In the java codes as in Splunk SDK for Java, where can I find snippets related with dealing with setting option value in savedsearches.conf and how can I make it implemented ?It is my understanding...
View ArticleInner mechanism for search scheduler to dispatch scheduled saved searches
While I was reading the Splunk documentation about "Configure the priority of scheduled searches" linked at Configure the priority of scheduled searches, I came across "Example of real-time scheduling...
View ArticleHelp needed with Search to correlate Event Logs with Active Directory OU
Hello. I would like to create an alert anytime a privileged user account logs in to our domain. I can do separate searches for the information I want, but cannot seem to combine them to check two data...
View ArticleHow to reverse the order of displayed events using custom commend?
possible to give me some python codes to refer to?
View ArticleExtracting File Names from URL String
Hello All,Having some trouble coming up with a way to extract a file with three random characters and a .jnlp extension from the URI.Here is what I've attempted to so far. Any assistance would be...
View ArticleExtracting File Type
Hi Everyone,Trying to extract the File Type from Files (ex: pst, xml, etc). I have tried to split it:eval split =Split(File,".") | eval type=mvindex(split,1)But a problem occurs when files like:...
View ArticleSplunk for Nagios with main index
Hi Splunkbase,I am very new to Splunk. The question I have is the following:My Splunk and Nagios are on the same machine, both use syslog. Splunk to index (to the main index) and Nagios throws...
View ArticleAdvance XML
Recently I created an app which includes a an inputlookup. (We actually stole this one from the Webintelligence app):<module name="SearchSelectLister" layoutpanel="mainSearchControls"> <param...
View ArticleTrim a zip code to 5 characters
This has to be an easy answer...I am just not seeing it or it is just a warm Friday and my brain is asleep.I have a column of results with zip codes e.g.94101 94102 941031514 941321600 I want to cut...
View ArticlePreventing format from being called on a subsearch
Hello,I have a macro (a subsearch enclosed in square brackets) that I use to filter my initial search. I would like to do some regex magic on the search string that format creates. Unfortunately, if I...
View ArticleAdvanced xml title size and position
What is the syntax in splunk advanced xml to change the size and position of the panel label?
View ArticleSplunkForNagios livestatus Windows
Hello, I have a question. I have a Splunk server (ralease 5.0.2) and running on Windows 2008 R2. I installed Splunk for Nagios to get data from Nagios. All dashboards are working except one, Livestatus...
View Articlesplunk app for Unix and Linux download
When I try to download the splunk app for unix and linux, all I get is the unix.spl flash file. Is there any way to directly ftp the unix.tar.gz file? I plan to install this on an indexer running RHEL...
View Article