SOS 2.3.0 on Splunk 5
I have Splunk 5 on Windows, today i installed SOS 2.3.0, but i do not see graphs in Resource Usage>Splunk CPU/Memory Usage, only No results found. Inspect ... Did somebody have the same problem and...
View ArticleSplunk on splunk SOS activity logging
hello,our PCI auditor has had a look at the logging capabilities on Splunk and is concerned about the "can_delete" user's capabilities. One thing that will get him to "like" splunk would be if there...
View ArticleWhat's the meaning of aggregration queue?
I try to look into the performance of my index using SoS. I found aggregation queue seems is the bottleneck in my environment. Anyone knows what's aggregation queue about and how can we tune it...
View ArticleReduce time spent in regexreplacement queue?
I have a situation where my Splunk feed is coming in all via syslog, sourcetyped as syslog, yet containing many different kinds of data. I've set up index-time TRANSFORMS in my props.conf to split out...
View ArticleS.o.S shows error under Scheduler Activity
Hi,I installed S.o.S to two of my Splunk indexer. One works fine and another one shows following error when I go to Scheduler Activity:Encountered an error while reading file...
View ArticleHeavy Forwarder Thruput
Greetz,When using the SoS app along with forwarded _internal indexes from heavy forwarders I get no results under S.o.S - Splunk on Splunk > Indexing Performance for "Estimated indexing rate" and...
View ArticleSplunk TA for *nix installation
I installed Splunk TA for *nix and I'm on the "Splunk for Unix Technology Add-on: Setup" page. I completed my selections and hit Save, then OK, but it brings me back to the same input selection...
View ArticleDB Connect - export results
I'd like to run a query in DB connect and then export it to a file. But, I don't see a feature to export the query results. Is there a means to export the results from a query in DB connect?Thanks.
View ArticleHow to pass our command line arguments to script called from Splunk for alert...
HiI configured an Alert for some search and configured perl script to be called when Alert is triggered. I understand by default Splunk sends some values as command line arguments to script (Ref:...
View Articlechopping up lastlog
I have managed to get our linux hosts' lastlog data in our Splunk> (version 5.0.2, build 149561) easily enough, but what I am trying to accomplish (with any additional app installs, thanks) is "chop...
View ArticleCan Splunk search client machines System log that has Event ID 7?
Hello, Can Splunk search client machines System log that has Event ID 7? We need to scan and retrieve hostnames that have this event ID which is a disk errorThanks,
View ArticleCan I change TRUNCATE and MAX_EVENTS to unlimited ?
I have large logs, with more than 10000 chars per line, and multiline events as large as whole XML file. They are always truncated or cut in multiple events because too long.It seems that the default...
View ArticleHow to Cacatenate and Search in 2 different Sources
Hi Splunk Experts,I have 2 filesFile1:Filer_Name Dept Volume_Name Vol_Total Vol_UsedAbcd Vol1 100 50File 2:Filer_Name Dept Volume_Name Vol_Total Vol_UsedAbcd IT Vol1File 1 is generated by storage...
View ArticleDisplay table values in HTML module
HiLets say the result of a query is a table like below:A B1 Name1 2 Name2generally selecting results[0].A will give me "1" and results[0].B will give me "Name1" and so on.But is it...
View ArticleSetting new keys in context with custom behavior
I am trying to add keys in a custom behavior with context.set(), but am not exactly sure how to return the context afterwards. For example, this does not update the context.In the XML, I have a custom...
View ArticleClik here to view.
How to place the Pulldown below the main search and populate it with a new...
I'm trying to implement the following advanced view:This is a mockup, drop-down boxes A,B,C,D will be populated with values from 4 different sourcetypes. The main data is taken from 5-th sourcetype to...
View ArticleFacing problem with Table module
helloI am trying to color up the rows based on the range they fall under and somehow I am not being able to do it. I guess my issue is with the css or with the rowClass param. Any idea on where I am...
View Articlecreating customized panels within tabs
Hi splunkers,I have a pulldown with a selection oft host, which will be passed down to three different tabs.Is it possible to create panels and Charts oft each tab individually?Amy reference would be...
View ArticleSideview Utils Lookup Updater issue
Hi :)I am using Sideview Utils 2.4 with Splunk 5.0.2 and I am having an issue with the Lookup Updater.I have copied the update_lookup dashboard from the sideview_utils app and put it in my...
View ArticleTable is being reloaded before button is pressed
I have a form of 5 pulldowns modules, which are populated by 2 sets of searches. The first two are populated by the first search, then post process. Same with the last 3.I have a button at the bottom,...
View Article