Splunk for Exchange SMTP Reputation script errors
I hope everyone is doing well and busy. I just installed Splunk for Exchange 2010 the other day. So far no issues but one - the SMTP reputation check is always N/A and running the check_my_reputation...
View Articledbconnect - data base input (dump) - double events every time it runs
I have a db input setup to take a dump using a query once a day. My settings are -Dump -I have a custom query -Key-Value Format -Include TimestampEverytime that the input runs i get duplicates of each...
View ArticleAnyone have examples of ProxySG outputs featuring application/URL breakdowns?
Hi,I want to push a customer to use Splunk rather than Blue Coat Reporter to give them visual representation of what people are using (URL/Application wise). Hopefully, this will allow them to start...
View ArticleCan the "allowAutoSubmit" parameter for Button module be a dynamic token?
What I am looking for is to have a button allowAutoSubmit when a token is certain parameters, and not allow it for other parameters.I have tried : <module name="Button"> <param...
View ArticleShuttl and S3
I'm having a heck of a time getting Shuttl to run with my S3 buckets. It appears that the problem is in the fact that my AWS Secret key has "/" in it, and that shuttl is using the basic auth...
View Articlecontent-length error
Hi, How long can a url be?I get the following error: command="importutil", 'content-length' Usage : importutil [config=<config>] [format=<format>] <protocol> <url> My url is 79...
View Articlewhen using ntpdate I see ERROR ProcessDispatchedSearch - PROCESS_SEARCH -...
Seeing the errorERROR ProcessDispatchedSearch - PROCESS_SEARCH - Error opening "": No such file or directory a lot of these message on my search head's splunkd.log using a search head pooling...
View ArticleMulti-line field extraction in props.conf
I have a cluster consisting of a single master and 2 indexers (peers). I am trying to add a field extraction for haproxy's logs. The field extraction is very long and so I would like to split it up...
View ArticleDynamic field extraction name
I am trying to extract some fields from some reporting data. The reporting data has a field name, and then a bunch of metrics related to that field. For example a log entry might look likereport=memory...
View Articleunusual field extraction
So these are an examples of the values I want to extract into a field:ssb4c7ca-c2-00gk abb4c7ca-c6-00rkThese characters change constantly, and there is also an addition to the end of them from time to...
View ArticleSyntax for subsearches for using NOT function btw 2 savedsearches
Hi Guys,I have here 2 savedsearches, now i want to do a left outer join between both of them. I'm using the following query: | savedsearch "saved1" NOT [| savedsearch "saved2" | dedup accid | fields...
View Articlepass $foo$ value to textfield default
![alt text][1]I have an Urlloader, and I'm unable to pass $foo$ value to the default value of a text field (I don't want a pulldown, because the user must be able to enter a value if nothing is coming...
View ArticleReducing rentention costs, archiving frozen buckets, running multpiple instances
Because the SAN Space is pretty expensive, we are only keeping the Data in Splunk 2 months.Is it possible to have - One instance from Splunk on the SAN for normal search (first 2 months) - One instance...
View ArticleSearch chain of changing values
Hello!I am new in Splunk. I have a log that contains the chain of changing values. They contain a unique attribute that for security replaced by a temporary ID. The log contains a chain of changes in...
View Articlesplunk for websense
hi , i have configured websense to send log to my splunk server . i can see the data in the search app but when i use websense app no data apprs in the dashboard . how can resolve this issue . thanks
View ArticleCSV 101 rows only
Everytime a email alert is sent, it contains a CSV file (as attachment) that only contains 101 rows even though the actual total number of events is more than 101.Any advise on how to ensure that the...
View ArticleQuery MX records or lookup MX records?
Hey Guys,We host an intermediate email greylister for our clients.We also log all inbound attachments, and generate reports from that.I need to show essentially the source mail-server for these...
View ArticleNo arguments provided
I followed the example in http://docs.splunk.com/Documentation/Splunk/5.0.2/AdvancedDev/SearchScripts. When I want to do a search which is |mypyscript, my result is "Error in 'mypyscript' command:...
View Articleinstalling sideview
HiI have downloaded sideview utils app and need to install into splunk to use for creating advanced charts,dashboards and flow charts.Please let me know how to install this and use this app?
View Article