How does splunk work?
Hi,I just downloaded Splunk for 2.6 kernel linux distributions (64-bit). How does licensing work and how many days do i have or do i just install/setup splunk and go from there or do i need the key for...
View Articlehow to recognize timestamp with Chinese character
Hi,I met some log and it's date written by Chinese, like '1 五月 2013,11:10' means '1 May 2013,11:10'. Is it possible to extract the correct timestamp? Maybe modify the datetime.xml file, I have no idea...
View ArticleConvert the timezone from a time field
I have a field extracted from log entries, containing time values in GMT. Can I convert the field to PST time? If so, how can I accomplish that? stats values(SearchUser) as User values(SearchStartDate)...
View ArticleSideview Utils Table Module Error
Having issue with Table module. I just put <module name="Table"></module> in my XML and I get below error:"Splunk encountered the following unknown module: "Table" . The view may not load...
View Articlemultikv.conf for data with pipe delimeter
multikv.conf[testmultikv] pre.linecount = 1 header.linecount = 1 header.tokens = _tokenize_, -1, "1" body.tokens = _tokenize_, 0, "1" Sample data file:School|Month|Subject_A_Score|Subject_B_Score...
View ArticleStrip date and hostname from search results
Is it possible to strip the date and hostname from the log entry search result that shows up in search?I still want the date and hostname to be indexed, but currently the information shows up in...
View ArticleSplunk index reconfiguration
Is it possible to go from a linux splunk instance to a windows splunk instance while retaining all previous index data?
View ArticleUsing fieldformat and rename
Hey there,I'm trying to do two things and it looks like I can't. I have some fields with ugly names like "Current_SuccessPercent" that I want to rename. I also want to format the data in the field to...
View ArticleSplunk DB Connect - Output to MSSQL with decimal values
I am aware this feature is not officially supported but thought I would post this question here.We have a MSSQL table with the following format datetime time string identifier numeric thisDecimalValue...
View Articledifferance between splunk enterprise license and developer license?
Hi,Currently am using splunk enterprise license and will going to expire soon.I got a trial version of splunk developer personal license also which is having validity for another couple of months.So i...
View ArticleCannot search customized field ...
I can search by the following field key,test_field=* and Splunk Web displayed the lists. Then I select the "test_field=testA"(so following keywords), but displayed no lists.test_field=*...
View Articleproperty COUNT ignored on table and pager by result with transpose
I have this on two views now, not sure if it is a problem on Sideview :I have a postprocess, that is making a search, ending with a | transpose Doesn't matter what I am setting under "count" by table...
View Articlewhy splunk builds "endless" fields from json-events?
I have events in json-format as input and the events are recognized fine, but in smart-mode the automatic field extraction builds very long recursive fields. As an example I get the correct field...
View ArticleUsing report-acceleartion/summary-indexing for searches on extracted KPIs
Hi there!I am trying to extract certain values (KPIs) into a separated 'area' (now trying a summary index) to be able to do quick searches on them. The daily indexing amount is huge and comes from only...
View ArticleSplunkForNagios livestatus Windows
Hello, I have a question. I have a Splunk server (ralease 5.0.2) and running on Windows 2008 R2. I installed Splunk for Nagios to get data from Nagios. All dashboards are working except one, Livestatus...
View ArticleCommand.Remotetl A Large Proportion of Search Cost
Hi,I wonder if anyone has seen this before. I'm working with a rather large data set so search efficiency is paramount. Having inspected a job that's returning slower than I'd like, I see that the...
View Articlespeeding up splunk dashboard load time
What is the best approach to speed up dashboard load times? Most of our searches are inline and have to sift through massive amounts of data for about an 8 Hr window. Would saved searches be the...
View Articlesplunkd port 8089 CRIME vulnerability (CVE-2012-4929)
I have the same issue as documented in this posting. The answer makes sense. But I am not very comfortable with assuming that no one is going to attack port 8089.I found a workaround for Apache 2 on...
View ArticleTimestamp has correct time, incorrect date for some events
I am adding data from a log file with filename: C:\init97\log\mpinet_init97-20120414-000004.mlgFor the timestamp, some events have the correct timestamp of 4/14/12 + the event time in the log file....
View ArticleSplunk for Cisco Network Devices
Hi AllWe currently have splunk installed, and have a fleet of cisco devices feeding syslog to it. This includes: Datacentre Switches, Switches, routers, firewalls, waas optimisers etc.Now splunk has...
View Article