Splunk DBX v1.0.9 Java Bridge Server not running
Greetings Splunk Answers,I recently upgraded from Splunk DB Connect 1.0.8 to 1.0.9 and am now experiencing an issue where the Java Bridge Server stays in a "loading" state. I don't utilize search head...
View ArticleAlert when status does not equal value
I am importing a XML file. There is a few values in the XML that I would like to be alerted on. Well, I would like to be alerted when something isn't present. I want to be alerted when a field does not...
View ArticleCan Splunk delete old log files after indexing them?
What's the recommended best practice for pruning a directory after Splunk indexes its files? I want to create a "drop box" directory where I can drop files and have Splunk index them, but I don't want...
View Articlegetting out of memory on splunk.Intersplunk.outputResults
My custom search command is getting Memory Error while out putting data.splunk.Intersplunk.outputResults(output, None, fields) File "/opt/splunk/lib/python2.7/site-packages/splunk/Intersplunk.py", line...
View Articledboutput bug updating MySQL
I'm using DB Connect to send search results to MySQL. My search command is:... | dboutput type=update notFound=insert database=mydb table=mytable fields=IPAddress AS ip, NetAddress AS mac, ComputerName...
View ArticleSplunk DB Connect - Output to MSSQL with decimal values
I am aware this feature is not officially supported but thought I would post this question here.We have a MSSQL table with the following format datetime time string identifier numeric thisDecimalValue...
View ArticleCopying "Searches and reports" to the new search Head? Some of them are missing!
Hi All,So here is my scenario I had a Standalone search/indexer Splunk server (Physical box). I built a VM as a search head and trying to convert the standalone server to a dedicated indexer and add it...
View ArticleUsing earliest and latest with REST API
I'm trying to use earliest and latest in the REST API in Splunk 4.3.1, but it seems like it is being ignored. Here is my curl command:curl -k -u user:password \...
View Article*Nix for Splunk App & AIX cpu usage report
I've got an AIX lab machine forwarding data to my Splunk server running the *Nix for Unix and Linux addon. I am receiving data but I am noticing that Splunk thinks my cpu is flatlined at 100% usage...
View ArticleDBConnect not working with Oracle
I have installed both ojdbc5 and 6. I have tried to manually enter in the entry to the databases.conf file. I am still getting the ORA-12514 error. The credentials work as I can connect with other...
View ArticleSideview if statement to assign a new token
so here's my problem, i have timecharts of failed authentications for the past hour. i drilldown off of that with a sideview Pulldown list to show either users or hosts at the selected time window. at...
View ArticleSplunk On Splunk 3.0 generates tons of dispatch files and constantly...
Hello. I seem to be having a couple of problems with Splunk on Splunk 3.0. First, my setup:Indexer with Splunk 5.0.3 and SOS TA 2.0.4Splunk search head (5.0.3) configured with search head pooling...
View ArticleRegex search on server side
from my understanding | rex ... does the search on client side. is there a way to specify a regex search string on the search head instead to improve performance?
View ArticleDNS.log debug inputs.conf intermittent
Hello, I've setup the dns.log debug logs to input into Splunk AD App and I'm getting the information but its intermittent. I'm not sure why. I see: 06-04-2013 19:50:16.218 -0400 INFO WatchedFile - Will...
View ArticleAll Search results on disk even when "top 100" command used
I have a search that says it is is 5.4GB on disk according to the jobs screen. This search has a "top 100" at the end and cannot possibly be that large. I think all the artifacts are kept even after a...
View Articlefirewall access for splunk servers
Hi All - Could you confirm that I have the connectivity ports correct or if I’m missing any? I just want to use the default port configurations at this point. I have installed splunk on a single server...
View ArticleHow do I troubleshoot linebreak / linemerge issues?
I'm having a problem where multiple events are getting combined into a single event and I haven't been able to figure out how to fix it.For example, the following two events are being listed as one...
View ArticleCan't get events older than today.
I am using the splunk PHP SDK and it seems like everything is golden. I am using offset and count to iterate through the result set. Issue i am running into is it seems that i can't get any events...
View ArticleSearching a sequence of logs
Hi,I made a lot of research and tests but I can't figure how to...Is it possible to search a sequence of differents events in all the logs indexed in Splunk.I mean, if in the search window, I have...
View ArticleWhat does "Events may not be returned in sub-second order due to memory...
What does "Events may not be returned in sub-second order due to memory pressure." mean?
View Article