Exchange App (Lookup - Database Information) not working
I'm setting up the Exchange App, data is received in the correct indexes however I'm not seeing data in all the dashboards. one of my lookups is not populating which I believe could be the cause of...
View ArticleTab module not resolving the value set in the valuesetter module
I have a valuesetter that I use to set a variable at the top of my dashboard as per this answer [global variable][1]<module name="ValueSetter" layoutPanel="panel_row1_col1" autoRun="True">...
View Articlediagram settings
Do the diagrams in Splunk have any advanced options? For example, how can I change tags on the X axis? Why the timechart always has only four segments on X axis? What should I do if I need a mark for...
View ArticleSplunk App for Exchange - Errors
I'm having some issues identifying the problems with my Splunk App for Exchange install. For example, under Client Behavior -> Client Activity, OWA and ActiveSync are green, while EWS and Outlook...
View ArticleSplunk forwarder config not working
since are trying to separate out splunk forwarder config ("inputs.conf") according to indexer. we defined forwarder conf like "/opt/splunkforwarder/etc/apps/IND1/inputs.conf",...
View ArticleDeletion of a log file being indexed by Splunk
I have installed a forwarded on a machine and configure it to read some local log file.A Splunk indexer and a search machine is able to read the data. In case if the log file is not available in the...
View ArticleWindows Analytic and Debug Events not showing up in Splunk
Hello,For monitoring Microsoft Hyper-V Manager actions I am trying to import analytic and debug logs into Splunk. Although these logs are populated in the Windows Event Viewer, no data shows up in the...
View ArticleHow to chart maximum simultaneous (per second) events over larger time ranges
My data source resolution is seconds, so I can sonsider "simultaneous" events that are logged with the same second timestamp. Thus each second I would have a number of events.I want to generate a...
View ArticleAuto generate a lookup file from SVN or GIT in Splunk?
Is it possible to automatically generate a lookup file from SVN or GIT inside Splunk or should it be done by a cron script from the OS? I'm thankful and open for all creative suggestions :-)
View ArticleCan I optimise search by increasing hot buckets?
Three questions in one.Are hot buckets faster than warm for search. If so is it because they are in memory or because the file is already open? Is it a good idea to have 30+ hot buckets to speed up...
View ArticleDeployment monitor accelerated searches not working at all?
Hi,I have a couple of servers that were 4.x and I updated them to 5.0.2. I also installed the latest Deployment Monitor application.However, now accelerated searches are not working at all. In Manager...
View ArticleHow to copy users from indexer to search head+Private sharing permission...
Hi All, I have a physical box working as a search head/indexer, but I set up a vm and installed Splunk on it to use it as a dedicated search head and use the existing box as a dedicated indexer...I...
View ArticleSAML and SSO
Has anyone implemented SSO using SAML v2 like how it's outlined in the following blog? http://blogs.splunk.com/2013/03/28/splunkweb-sso-samlv2/
View ArticleReporting by parsing entries in fields
Hi All i am new to Splunk and hope this is not to much of a stupid question.i am looking to create a report in the form of a line graph that shows the following values CPU values by time on the Y axis...
View ArticleSplunk PDf server
I receive this error when attempting to launch the Splunk PDf server. ServerSideInclude Module Error! Splunk has failed to locate the template for uri '/APP/pdfserver/appserver/static/home.html'.Anyone...
View ArticleExtract characters without digit
I have a field in the log like the following: abc1232 ab.sadkjsakj21302139 abc3400349 alex.carl2103920I need to extract all characters without the digital number. How to do that using regular...
View ArticleVMware and Splunk WITHOUT vCenter
Hello,We are currently setting up our ESXI server to work with Splunk. We know of the VMWare App but when reading everything I realized we may need vCenter as well. Is there anyway that you can use...
View ArticleHelp Combining 2 regex searches
hi, i have been trying to combine these two searches together. can some one please help combine them.first search: index=pci_hpd_index device_id=FGT* | regex log_id="4454[4-7]"second search:...
View ArticleWhat changes to configuration files require a restart of Splunk?
What changes to Splunk configuration files require a restart of Splunk to take effect?Is there a list or table somewhere that lists the changes that require restart? Why do some changes require...
View Articlesummary indexing blocked and binary file warning
I noticed that my summary indexing stopped working. The summary results files are being generated in the spooler, but are not indexed.my /opt/splunk/var/spool/splunk/ folder is full of file like...
View Article