field extraction from raw data
Hi There,I have below data that i will like to extract as key-value pair from a custom event source i have created. for example i have sourcetype=DBDataand in each result i have below data that i will...
View Articlehow to create sourcetype based on raw field in splunk
Hi, In my case, Splunk is getting data in by tcp port. I configure the TCP port with sourcetype="myagent". the json format events I am getting looks...
View ArticleScript Error while executing saved searches
Hi,We have 5 saved searches(each one for different source type) which are used to created index. This index is created once a day.In these saved searches, we have lookup to python script. All the...
View Articlefiles not being indexed
Hi,I have a set of logfiles that I can't get indexed. I am getting some files, but not others. Here's my inputs.conf. There are 3 types of files - SystemOut.log, SystemErr.log (which aren't working)...
View ArticleFrom Nothing to Active Directory
I've been fighting with the Active Directory app for 4 days now, and I'm becoming frustrated. I had it working, except for some really strange hostname issues, which I was unable to resolve. At this...
View ArticleScripted Authentication and Scheduled Searches
I think I've hit a Splunk "bug", and I wonder if anyone knows of any way to work around it?I'm using Splunk's scripted authentication. Specifically I have a python script thatauthenticates users...
View ArticleIs there an example transforms for Splunk for Cisco Firewalls app?
I have Splunk for Cisco Firewalls app v2.0 installed. It is generating some warning messages in the logs: WARN SearchOperator:kv - Invalid key-value parser, ignoring it,...
View Articleis there a way to get the number of events per transaction
Hi,is there a way to get the number of events per transaction?
View ArticleSplunk for Citrix XenApp Logoff times
Is there a way in the app to modify the user reports by time to include logoff time? I am looking to find out both logon and logoff times for users. ThanksJanet
View ArticleDB Connect inputs missing from inputs.conf
I have 3 database inputs defined in Manager, but when I view $SPLUNK_HOME/etc/apps/dbx/local/inputs.conf only 1 of the inputs is there. I also checked the $SPLUNK_HOME/etc/apps/dbx/default/inputs.conf...
View Articlehow much of the Splunk App for Web Intelligence is based on IIS logs?
@sdwilderson : How much of this app is actually based on iis logs? I see a lot of searches calling for Apache data but am actually looking for a good iis parsing solution. Suggestions?
View ArticleUniversal Forwarder - how to make configuration changes and upgrade
I'm getting ready to roll out Universal Forwarder on about 200 Windows servers. What are my options if I wanted to upgrade the Universal Forwarder software at some point in the future? How can I change...
View Articlehow to avoid data loss thorugh fowarder ??
Hi...i am using a forwader which continously forwards data to my splunk web interface..i have observed loss of data...i.e certain events are missing .i dnt know how its happening ? can you pls how can...
View Articlepassing previous result fields to localize and map
Say I have a search like this, trying to find all the events that occurred on hosts around the some_text event: index=_internal host=host1 OR host=host2 source=splunkd.log some_text | localize | map...
View Articlerelating AD logs with DHCP
Hi,I am trying to add a IP address hint to the Active Directory logs. I know it isn't completely reliable, but it is just to get a general ideal of the IP address the workstations had when they...
View ArticleSplunk Search
I am new to splunk .I am trying to search some events in splunk,What I want is get all results which have field "co_relation_id" .One "co_relation_id" value is present in 4 to 6 different events.I want...
View ArticleThe lookup table xxxxxxx does not exist
After the last upgrade to the Windows add-on, I am unable to capture events and have many error messages about tables that do not exist. Disabling the add on does not help. Why would an upgrade to that...
View ArticleHow to include x axis info on chart
Hi, I have created a results chart using this search:| dbquery "DBNAME" "SELECT useraction FROM usertable" | eval useraction=strftime(useraction,"%Y-%d-%m") | stats count by useractionHowever there are...
View ArticleSearch Proofpoint Logs
Hi, I was hoping to get help for a search. I haven't had much time to spend on it so I apoligize for not trying harder 1st.I've started out with below, but both searches only return 2 results, even...
View ArticleHow to show count of events per day dbconnect
Hi, here's my search, which includes a conversion from epoch time to a Y-d-m time format:| dbquery "DBNAME" "SELECT useraction FROM usertable" | eval useraction=strftime(useraction,"%Y-%d-%m")Now I'd...
View Article