Can't set permissions for the navigation menu
I am running Splunk version 5.0.2.I want to add write permissions for the navigation menu to a user role. I go to "Manager » User interface » Navigation menus" as the admin user and click the...
View Articlereg flowchart/org charts in splunk
Hi,Is there any options in splunk for creating org charts, process flow charts with drill down options in splunk? is there any suitable apps available for this?
View ArticleFeeding multiple values of one field into a search
I have a project where I need to run a specific search for each value in a field and generate a seperate graph for the results.So, for example, Field A has values 1, 2 and 3. I need to programmatically...
View ArticleSubsearch doesn't work after upgrade to 4.3.6
Hi,I have a search as follows: query 1 [search query 2]I find in the internet that Searches that contain subsearches do not return data in environments where search heads are running version 5.0.x and...
View ArticleMonitor Who has made a change to a file
Hey Guys A simple one for someone out there im sure, I have a file on 3 servers that I currently monitor the changes to with Splunk, I have been asked to monitor the said files for the change and also...
View ArticleHow do I access to a value for event and event-1
Hi,I need to display value (string) of a field depending on the value of this field in previous event. Something like this :if previous_event.field = "toto" then display current_event.field else...
View ArticleExtract and addition of values from an XML log file
Hi, I have been trying to extract valuesd from an XMl log file but failing so far.<numberofsheep>2<numberofsheep> <numberofsheep>3<numberofsheep>...
View Articleusing csv files and fields
I am trying to co-relate a few csv files for experiment to see how to make splunk can help.How to setup the fields definitions for a csv?
View ArticleSplunk indefinitely indexesthe same line in log file until disk ran out of space
We embedded splunk and ran on CentOS machine 5.9. At the time of the issue, the only outputting log file indexed by splunk is /var/log/messages.However, we observed that splunk keeps indexing the same...
View ArticleHow does RAID 10 affect IOPS?
How can I calculate approximate expected IOPS once I have measured or estimated the IOPS for a drive?
View ArticleCan Ironport Mail logs remain local to appliance and be in Splunk?
I am looking into adding our Ironport mail logs into Splunk. I tried out this solution about a year and a half ago and noticed that the Ironport appliances do not retain any logs locally after it is...
View Articlecompare two search in a postprocess
I have two search : - 1. dbquery - 2. dbqueryI want being able to compare the results in a postprocess , can I do that ? I guess Postprocess module is not able to have two parent searches, and handle...
View ArticleMax data points that charts can handle?
Hi,I am looking for the chart property to control the max number of data points that a chart can handle. There are some posts in Answers related to this topic but I still can not find the configuration...
View ArticleSplunk Self Monitoring
My security people have asked if there is a self-monitoring capability in Splunk to track situations such asA disgruntled employee does something and tries to cover his track by modifying the log file...
View ArticleError with Splunk DB Connect plugin
Hi everyone,I'm trying to run a query in the app Splunk DB Connect but it always returns :Error in 'script': Getinfo probe failed for external search command 'dbquery'I can run the query in SQL...
View ArticleDB Connect Column Aliases
Is anyone having an issues with assigning column aliases in a mysql db?SELECT DISTINCT issuestatus.pname AS "Status" FROM issuestatuspname 1 Open 2 Assigned
View ArticleBest way to set host key in Modular Inputs
I am building a Modular Input but would like to set the host behind the scene. I know that I can use Scheme Default but that sets the default for all stanza. [poll://Server1] port=4532...
View Articleworkflow action not working in dashboard
My workflow actions do not show up in the pulldown next to the event within dashboard? What do I need to change to get this to work. Also, view results is missing?<event> <title>My...
View ArticleHow to add percentage markings to an area chart?
I have a search:| timechart span=15m sum(bytes_sent) as TotalSent sum(bytes_received) as TotalReceived which gives me a nice area chart, but what I would like to do is also have lines on the chart...
View ArticleForce namespace for modular input
can some one please explain how to force the namepsace in a modular input setup screen? ie. when saving a modular input intended to be ran from app 'foo', the inputs.conf is actually saved in...
View Article