Field names specified in props.conf do not show in search app
In \etc\system\local\props.conf I have the following entry[Apache-registrant-forward] FORMAT = client_ip::$1 user::$2 profile::$3 timestamp::$4 url::$5 http_status::$6 bytes::$7 user_agent::$8...
View ArticleDoc to configure the UniversalForwarder to send some data via a shell script...
Did any one know the steps to configure the UniversalForwarder to send some data via a shell script to the splunk server .I have splunk server installed on a win machine . Now i have a Unix machine...
View ArticleReindex entire file when file is updated.
I have already read this older thread on the subject -> : http://splunk-base.splunk.com/answers/5426/entire-file-contents-as-a-single-eventWhat i'd like to know is if there is a way to reindex the...
View Articlecharting.chart.nullvaluemode = gaps not working for Stacked Area charts
HiI have a timechart which plots a stacked area chart of multiple series. I want to omit the null values. I tried specifying charting.chart.nullvaluemode as gaps in my view.xml but it did not work. I...
View ArticleGenerate PDF multiple times for a view with different parameters
Is it somehow possible to create PDF reports of a form/view with different parameters?I'm supposed to create a form that has a pulldown box with several values. The users want to generate a PDF from...
View ArticleSplunkIt throws an error "Could not import keysym for local pythonversion"
When I tried to generate 50GB, I got following error. Any idea to solve the issue? python bin/gendata.py Traceback (most recent call last): File "bin/gendata.py", line 20, in <module> from...
View Articlereset a module 'onContextChange'
Hi!I am using sideview utils 2.4.8 with splunk 4.3 and I am trying to reset the value of a checkbox (basically uncheck it).Currently I have a little custom behavior that overrides the onContextChange...
View ArticleClik here to view.
dedup / dc not working with large numbers of events?
I have a search counting distinct values of a field "u" (see first screenshot below) which used to work fine, but now shows 0 distinct values of "u" for all but the most recent 2 days.If I restrict the...
View ArticleDisplay not working for splunkit-user with SplunkIt app
I'm trying to use SplunkIt. I get to the point in the install where I see both my user machine and my server machine in the grinder console. I hit Action -> Start Processes and it seems to whiz...
View ArticleSearch Proofpoint Logs Part II
Per a previous question/post: "Search Proofpoint Logs", I did get that working, thanks again Kristian. I now want to add one more caveat to it, if possible. The current search:index=xyz | eval...
View ArticleSplunkIt NOT Generating All of Input Log File
I am trying to use SplunkIt on a test AIX Indexer to compare performance with a test Linux Indexer. The 50GB log file generated just fine on the Linux server but on the AIX server it stops at 2GB and...
View ArticleRename values extracted into field
Can you rename values extracted into fields?Example - Here is a field i have called "filename" and some examples of values that were extracted.filename=statement.pdf filename=invoice.pdf...
View ArticleC# SDK examples
I downloaded the SDK, opened the project in VS 2012. Built the solution. Setup .splunkrc. None of the examples work. Many of the Unit Tests fail. Where is the proper place to get help on this?
View Articlegerman windows server are not supported in Splunk?
Hi, we have the following issue, we are having a mixed environment, some english dc servers in Amerika and some german dc servers in Germany. Most of the App Dashboards (Windows and AD app)and...
View ArticleApplying correct sourcetypes to Windows event logs
We have the event logs of many Windows servers getting indexed via universal forwarders into a number of different index names. The data inputs for each of these sources were originally configured...
View ArticleDistributed Searches and Lookup table errors.
I am having a problem with lookup tables in a distributed search environment. The lookup table is working on the main search head but I receive the below error on the secondary Linux...
View ArticleProblems with Geoip in Splunk 4.3
I had the geoip plugin working perfectly in splunk 4.2. After my upgrade to 4.3.2 it stopped working with error code 1. I downloaded the latest maxmind geoip and I'm having the same problem. Where in...
View ArticleAdding lookup from external csv to search
I would like to do this permanently but let us try it on the command line first.command:source="C:\\..." | rex "^(?<client_ip>[0-9\.]+) (?<user>[0-9\-]*) (?<profile>[0-9\-]*)...
View Article50 - 50 output in web intelligence app | [Traffic pattern/status, Report Top...
Following tabs are working in web intelligence app-Traffic Pattern -Traffic status -Advanced Charting: Report - Top Pageview -Advanced Charting Report - Top Client IpsRest of the tabs are not working...
View Article'module' object has no attribute 'check_output'
I am getting the following error while trying to execute the indexing test: [2013-05-21 14:48:46,236] IdxTestSetup: Splunk restarted successfully [2013-05-21 14:48:46,237] IdxTestSetup: Adding file...
View Article