Using Deployment Monitor app to monitor a cluster
As written above - are there any good practices for installing Deployment Monitor on a cluster? Is it also pushed from the master to the nodes or installed on search head?
View ArticleHow to create Alerts
HiThis is my search query-source=******* | table ORDERID "Delay(in days)"This is the result of the search query ORDERID Delay(in days) 1 269150751 4.00 2 269126721 7.00 3 269157489 21.00 4 269153074...
View ArticleHas anyone Splunked IBM SAN Volume Controller Logs?
We have IBM SAN Volume Controller (SVC) version 6.4.1 and are looking to monitor the logs. Has anyone set up Splunk to monitor and IBM SVC? I'm trying to figure out how to get to the logs real-time for...
View ArticleIs it possible to disable a view so that it doesn't show up in the navigation...
There are numerous actions available for my view including open, clone, move and delete. Why not disable?I'll try disabling it in the configuration file but that is not ideal.
View Articlesplunk search offset
Is there a way to offset a search by 5 min? We currently have a search that returns the user count for a 5 min window for the last 4 hours but in the time that it collects the user count to the current...
View Article/services/search/jobs/export ignores required fields in CSV
The doc for the /jobs/export mentions the 'rf' parameter (v5.0.2). However, it is ignored by the REST endpoint. E.g. for this URL:...
View Articlespeeding up splunk dashboard load time
What is the best approach to speed up dashboard load times? Most of our searches are inline and have to sift through massive amounts of data for about an 8 Hr window. Would saved searches be the...
View ArticleSplunk light weight forwarder failover capability
Hi,Do we have a fail over capability for any Splunk forwarders? like if one forwarder goes down the other one will pickup and start reading the files where the other forwarder stopped
View ArticleClik here to view.
viewHeader Vs. Panel control positioning
I have Advanced XML in two different views that is identical except for one control. If I place the controls in a viewHeader they will align horizontally but in a panel the Search button insists on...
View ArticleGhost alert
Has anyone else seen an alert go out when it was not scheduled? I manually scheduled an alert to go out for testing, say 11:15am. Once verified, I scheduled that alert to go out at a specific time...
View Articleactive directory - how to map user to role ?
Hi Gurus, I have connected Splunk server to my Active Directory server. I see LDAP groups and everything seems to be fine... but I cant login as user from selected Active Directory group. In the...
View Articlesplunkd port 8089 CRIME vulnerability (CVE-2012-4929)
I have the same issue as documented in this posting. The answer makes sense. But I am not very comfortable with assuming that no one is going to attack port 8089.I found a workaround for Apache 2 on...
View ArticleVMWare App vs. vCenter Operations Manager
Does anyone have some experience with both of the tools?What Are Pros and Cons?Thanks in Advance
View ArticleSplunk not reflecting correct REGEX Grouping
I am new to splunk and have been trying to set up my first transforms but I am having some issues. I was hoping to get some help.Here is the scenario:Given this data:Time: 05/09-16:32:33.470574...
View ArticleUse of double qoutes in rex command arguments fails alerts in windows...
Set up an alert with the search command: source="C:\test\data\log1.txt" | rex v="(?<value>.*)" | head 10 the alert has never been triggered, although the same search on Aplunk UI generates results.
View ArticleDynamically chaning minimum and maximum values for Y axis on timechart
Hi,I have a set of data that I'm displaying maximum values of on a timechart, i.e. something like this:search ... | timechart max(data) This is used in an advanced XML dashboard where the user can pick...
View ArticleTags defined in tags.conf not showing up in GUI
So let's say I have this tag in /opt/splunk/etc/apps/search/local/tags.conf:[host=x.y.uci.edu] nac_wsg = disabled nac_dba = enabled So now I go into the GUI and under Splunk > Manager >> Tags...
View ArticleURLError connection failure - SDEE connection
I am trying to get Splunk (5.0.2) to connect to a Cisco IPS device. From the Splunk server I can successfully connect to the IPS device (https://x.x.x.x/cgi-bin/sdee-server) so it does appear to be...
View ArticleAny more info on the i/o requirements in the deployment considerations?
The planning docs here - http://www.splunk.com/base/Documentation/latest/Installation/CapacityplanningforalargerSplunkdeployment - recommend the following storage hardware :4x300GB SAS hard disks at...
View ArticleHardware capacity for indexing and searching
Hi Team,Can someone help me on hardware capacity planning if we had to implement in real-time. On daily basis i may be getting around 4 gb data and at 24th hour getting huge data. From performance...
View Article