Creating an interesting field?
I have a log set up as: timestamp, user account, querySplunk is not identifying the second column as 'user account' mostly because there isn't anything to identify it as a user account (no column...
View Articleform as query builder sending to search app
I would like to have a form for the enduser to build a query, but the result should be displayed in the normal search app, with fieldpicker, timeline ... How can I achieve this ? (fieldpicker is very...
View Articlemultiple servers booting from master image
Hello,We have multiple Citrix VM's that boot from the same master image. We plan to install the universal forwarder on the master image.Are there any issues with having multiple servers booting from...
View ArticleLooping Dashboards
Is there a way to continuously ‘loop’ multiple Splunk dashboards? We have these huge TV monitors setup at our workplace and I would like it to loop through 3 dashboards – wonder if Splunk has something...
View ArticleDate on first line of log - time in event - jump in 5 hours causes splunk to...
I'm trying to get logs time stamped correctly in Splunk. The format of the logs is one line per event, each line has a time stamp. There is a date stamp at the top of the log.In one of the logs, the...
View ArticleExtract a field using Regex
Hi,I have following output from a log file. (5/1/13 - 1:36:05.01 PM) Event LOAD 1 Setup (5/1/13 - 1:36:08.01 PM) Event LOAD 2 Setup (5/1/13 - 1:37:07.37 PM) Event LOAD 1 Process (5/1/13 - 1:37:17.37...
View ArticleCisco IPS Issue
Hello,I've installed the Cisco Security Suite 2.0, Cisco IPS 2.0.0 and Cisco MARS 1.0.0 apps.MARS works fine.The IPS app however won't pull any data.running the search: index="_internal"...
View ArticleWebIntelligence App question
I have the webintelligence APP working OK. The one problem I have is that in /webintelligence/lookups/sourcenames.csv I have to specify each and every log file individually like this:...
View Article404-not found
curl -k -u alice:pass https://localhost:8089/alice can return data. why there is an error message "404-not found" curl -k -u alice:pass https://localhost:8089/servicesNS/alice
View ArticleClik here to view.
Two Y-axis graph: same line showing twice
I'm building a dashboard using the techniques described here on Splunkbase, so that I have two Y axes. What I'm seeing, however, is that there are two lines drawn for one of the data series. The legend...
View ArticleGet the data through restAPI
Can I use rest to request and return some defined research or report. The returned format is XML or Jason. For example: I have research: name: Category Then use curl -k -u beebe:passwd...
View ArticleCan I run splunk on btrfs?
Hello,I just downloaded splunk today to try it out on a few of our servers, but found out very quickly that it doesn't support btrfs:Filesystem type is not supported: buf.f_type = 0x9123683e Why does...
View ArticleActive Directory App - DNS Debug Options
the active directory app has an input for the dns debug log. but i dont see any info on what options on the dns debug need to be enabled for it to work properly.
View ArticlejQuery treeview for ?showsource=1 expandable/collapsable bug?
When I append ?showcase=1 to a URL I can see a Module tree that has [+] and [-] images being incorrectly displayed.Here's a snippet of HTML code from the first module in the Module tree:<li...
View Articlersyslog vs. Splunk Forwarder
Hi,I am wondering what are the pros and cons of the following two logging setups:All hosts run rsyslog and forward logs to a central server. Install Splunk Forwarder only on the central server and...
View ArticleHow to capture the transations of an event
Hi,I am pretty much new to Splunk and was exploring various options. There is a specific case in our project where in we need to capture a transation completely. The transaction can be identifed by a...
View ArticleSplunk Java SDK as OSGi bundle
Hello, I am planning to use Splunk Java SDK in OSGi environment. Splunk Java SDK is provided as plain source code and build instructions. However, following build instructions we get a jar file. In our...
View ArticleRunning collect queries takes long time to move from stash to index
HiWe have a set of queries which are used to populate certain summary indexes. When we manually run the queries at the search bar, the search completes showing the message: "Successfully wrote file to...
View ArticleSlow network speed from universal forwarder to indexer
Hi,I have a single licensed indexer running on a server. I also have installed a universal forwarder to collect and send data from another site. There is a 50Mpbs link between the sites, but I am only...
View Article