Scheduled searches and alerts on Cluster and Search Head
I'm evaluating moving to a clustered configuration and utilizing the search head. I'm trying to determine how the search head manages scheduled searches and alerts. Specifically where is the...
View ArticleTake csv outputs from multiple searches and send in email
I have 4 separate searches that run nightly and each produces a csv output which is sent via email - is it possible to take each of these separate csvs and, keeping them as separate files, send them...
View ArticleHow can I use Netflow in Splunk when it's on a Windows Box without buying...
I'm in the middle of a POC of Splunk and would like to start putting my netflow data into it and be able to graphically represent netflow and even possibly do drill downs like so many programs do. Is...
View ArticleMove Index Configeration Entry
I used the CLI to create two indexes.The entry was put in the splunk/etc/apps/search/local/index.conf file I wanted it in the splunk/etc/system/local/index.conf fileDoes this make a difference??? If I...
View ArticleHow to reload lookup table for google maps
I would like to know how to reload a lookup table for google maps.
View ArticleSQL samples in splunk
Just getting started with Splunk & after a little direction.I have a SQL query that returns a list of requests that a database is handling and some info about those requests. I output the data as...
View ArticleWhy does /foo/m*r/bar match /foo/bar in a monitor
I see in the docs for inputs.conf that a monitor with /foo/m*r/bar will match /foo/barCan someone explain why that would be the case? The way I would have thought this to work is that there would need...
View ArticleLog file not being forwarded / indexed anymore?
As someone new to Splunk would appreciate some guidance - whilst I had some success in that an inputs and outputs have been configured and I can now search data in the GUI - it appears data has stopped...
View ArticleDateParserVerbose - Failed to parse timestamp. Defaulting to timestamp of...
In my Splunkd log for one of our webspheres I'm finding multiple entries with;DateParserVerbose - Failed to parse timestamp. Defaulting to timestamp of previous event ...Please can anyone advise what...
View Article/opt/splunkforwarder Default?
Hi, please can you advise how do I install Splunk universal forwarder manually to /opt/splunkforwarder?It's says: /opt/splunkforwarder is default on page:...
View ArticleDBConnect guide
Can anyone advise where there is a good basic setup guide for DBConnect?
View ArticleWhen logging in, an error appears: "The splunkd daemon cannot be reached by...
When I am giving my username and password I am getting the following error : The splunkd daemon cannot be reached by splunkwebPleaes help me out for this problem , I have restared the service many...
View Articlewhitelist syntax - inputs.conf
I'd like to index files in /DIR/autosys/logs as below;Linux equivalent: cd /DIR/autosys/logs ls appua1START_MT*Please can someone help me correct below:[monitor:///DIR/autosys/logs] whitelist =...
View ArticleHow do I get the link and PDF to work together in a email?
I am trying to get the link to results and the attach PDF be an option from my email.
View ArticlePermanent tag
We will regularly move machines between environments (DEV/QA/PRD). We are currently using tags to assign a machine to an environment, but when we move the machine all the history moves with it. Is...
View ArticleSolaris *nix Splunkd high load average
Using the Splunk App for *nix on Solair. splunkd has a very high load average. In 15 seconds it did an lstat of 6659 files. Not sure why so many files are being monitored.
View ArticleSideview Utils issue with IE 9 & 10
I'm having a couple of issue with my dashboard that uses Sideview Utils modules, and these are only on the IE 9 & 10 browser. The same dashboards work fine on Firefox and Chrome. Issues...
View ArticleDBX TailDatabaseMonitor Error
I am receiving an error in the DB Connect application. Was having issues with the timestamping and event breaking. The database is Oracle, the DB Info section shows the timestamp field as a "DATE"...
View Articlecheckpoint LEA app authentication/config
Having some trouble getting my checkpoint LEA connection logs forwarded from our checkpoint device to the LEA forwarder. Our Network admin has got everything set and provided me with SIC Name:...
View ArticleXML Field extraction
I'm trying to extract XML fields from a report which is about 70-80 lines (maybe more). I receive the whole report as a single event because breaking it would make the report lose its meaning. I have...
View Article