WARNING: Illegal entry in configuration file: SHOW_FIELDNAMES="yes" when...
I recently installed the Splunk Add-on for Check Point OSPEC LEA application (2.0.2), and my logs are being indexed. However, I'm finding these errors in my splunkd logs. Ideas?05-24-2013 09:07:21.906...
View ArticleCorrelate extracted banned IP field with corresponding SSH log events
Hello Splunk Community,I am new to Splunk so please bear with me. My end goal is to construct a dashboard summary of our fail2ban intrusion prevention framework. The current panel I am attempting to...
View ArticleWhat causes timechart to start drawing with recent data but change time...
I'm looking for unique local/foreign pairs in netstat output to track the number of tcp connections in TIME_WAIT on a server. Here's my query:index=esos host=web5 sourcetype=netstat earliest=-4d...
View Articlesplunk licensing
I'm working to develop solutions for Splunk for my corporate environment. I don't manage nor do I work on Splunk production servers. Yet, my role requires that I setup, use, and test Splunk. My issue...
View ArticleCheck Point OSPEC LEA app bad ELF interpreter error
I recently installed the Splunk Add-on for Check Point OSPEC LEA application (2.0.2), and when I attempt to Add a New Connection I get this UI error when Pulling the Certificate Manage Connections: New...
View ArticleSplunk caused a kernel panic! What do I do??
I tried installing Splunk today and it appears to have caused a kernel panic. See the kernel panic below: Pid: 23986, comm: splunkd Not tainted 2.6.9-78.ELsmp RIP: 0010: [] (next_thread+12) RAX: ......
View ArticleXML Specific colors for each column inside the column chart
Hi, How can I put specific colors for a column chart I tried this<module name="HiddenChartFormatter"> <param name="charting.fieldColors"> {"Existing":0xFF0000,"Not...
View ArticleHow can we change the color column chart?
Hello,I created a column chart and I want to associate one color to one value that my search can return. My search can return the number of value "YES" and "NO" that my field can take. This is my...
View ArticleVMware and Splunk WITHOUT vCenter
Hello,We are currently setting up our ESXI server to work with Splunk. We know of the VMWare App but when reading everything I realized we may need vCenter as well. Is there anyway that you can use...
View ArticleMax length of a field
HiAre there any restrictions for the length of a field.I use a script, which displays a few key=value fields and sometimes the characters for a field are more than 2500. The script works fine but the...
View ArticleCustom Query
I look for all strings as shown below. I need to calculate the number of such calls (8 in this case) and the average of (3, 5, 8, 4, 6, 12, 4, 15). It would show in graph as number of calls and average...
View ArticleSplunk for Active Dir/Exchange
Can someone tell me how to get the data into these please. I have downloaded and put the folders in the forwarder dir (C:Program FilesSplunkUniversalForwarder) etcapps and nothing is happening. The...
View ArticleAre LUN sizes a factor when planning SAN storage for Splunk?
Under Windows 2008 64 bit what is the optimal LUN size on a SAN for SPLUNK. We plan to have 1.5 TB total storage to start. Would 140GB LUNs be more efficient than smaller ones?
View ArticleMultitenant environments, and creating indexes on the fly
I'm interested in setting up a Splunk server where each customer would have their own indexes and would only be able to search that one index.However we'd definitely need to build the overall system...
View Articleopsec_pull_cert: err=-94 There was a problem when trying to establish an SSL...
I recently installed the Splunk Add-on for Check Point OSPEC LEA application (2.0.2), and when I attempt to Add a New Connection I get this UI error when Pulling the Certificate The workflow is Manage...
View Articlerc=-1 err=-96 Connection error with Check Point OSPEC LEA app 2.0.2
I recently installed the Splunk Add-on for Check Point OSPEC LEA application (2.0.2), and when I attempt to Add a New Connection I get this UI error when Pulling the Certificate Manage Connections: New...
View ArticleHow can I monitor the resource usage of my forwarder using the S.o.S app?
I would like to monitor forwarder indexing performance via S.O.S. The _internal already forwarded to indexer and could be searched as "index=_internal host=fwd" on indexer. But I could not find it on...
View Articledeployment monitor and SoS apps?
Is there any benefit for this app if you've already installed SoS in your whole deployment ?
View ArticleSearch Using InputLookup
I have a search using input lookup line thissourcetype=proxy [| inputlookup Domains.csv | rename Name AS query | fields query] When it does the search I want to know the count for each of the domains...
View ArticleSupport for VMWARE 5.1 ?
According to the installation videos it appears there is support for VMWARE 4.1 and 5.0 currently, no mention of VMWARE 5.1 ?if it does not yet support 5.1 officially, can you give an anticipated date...
View Article