Splunk is down
Hi,We have our application running on RHEL. All of sudden it stopped working and did not allow users to login, we were getting error Splunkd daemon is not responding: ('[Errno 111] Connection...
View Article"High Availablity" options for License Server?
Most things in Splunk nowadays seem to be good at scaling outwards - multiple indexers, pooled search heads, etc.One piece I haven't seen any HA option for is for the License Server/Master. Right now...
View ArticleOUTPUTCSV -- No Quotes Please
OUTPUTCSV is currently appending search results surrounded in quotes, like "1.1.1.1."Is it possible for OUTPUTCSV to NOT surround the output in quotes?Thanks!
View ArticleIndex time not same as log message time
I just setup another splunk server. Foolishly I forgot to turn on NTP and the system clock was way off. The first chunk of log messages came in via Syslog and are indexed on when the were received by...
View ArticleConnect nullValueMode problems with FlashChart?
Hi,I'm having some issues with the nullValueMode with FlashChart.It appears (at least with 4.3.3, have to test if this is something new) that the connect nullValueMode does not work with some data with...
View ArticleUsing eval with subsearch stats as an argument
Hullo,I have a set of messages as data which are various events being sent from an app. Every single message has the user_id field, and some of them have a log_info field, which indicates that the...
View ArticleDBConnect Database Inputs host column
How do you define the host column in Database inputs for DBConnect? Just seems to do static when filling in "Host Field value"Thanks.
View ArticleJAVA-SDK Summary
Hi,I have created a saved search and now i want to schedule it and run summary indexing on it using JAVA SDK....?How do i do it....?
View Articleaccessing saved report data in json/xml from Splunk RESTful API
I have tried to access a saved report through a browser URL using Splunk's RESTful API. I cannot seem to accomplish this. I am using my_domain:8089/servicesNS/my_user/my_app/ but from there I am lost....
View ArticleRegex for getting slow query logs from mongodb
I am new to SPL. I want to get all mongo queries from my mongo logs which take more than 5 ms to execute. My mongo logs are like this:Thu Jun 13 15:47:25 [conn15] update mydb.mycollection query: { cId:...
View Articlescripted input to run at top of minute
Is it possible to tell Splunk to run a scripted input every 5 min at the top of the minute. Ie Script run at 11:05:00 then 11:10:00? We are running into issues with timeranges and overlap.
View ArticleShould the SoS indexes be replicated in the cluster?
I get that SoS needs to be installed separately across the search-heads, peers and master. But should the sos and sos_summary_daily indexes be added to the cluster replicated indexes?Thanks
View Articlepanupdate command
I am trying to use the panupdate command to feed user/ip mapping data from splunk to PA. I have a search that is getting the addruser and addrip fields successfully. When I pipe my search to panupdate,...
View ArticleGraphing overlay with avg counts in the last month
hey all, im working on a network overview dashboard. what i currently have is a saved search showing the last 7 days (per hour) of firewall denies but that information is useless without a baseline. so...
View ArticleRatio between two distinct counts on timechart
Hey, was here yesterday, made minor improvements...I have a set of data where each message sent corresponds to an input event from an app. Every message contains a user_id. Some of these messages also...
View ArticleMonitor different sourcetype in sub-directories
I have to monitor two source types in this following directory structure\\Server\Path\{can be any name}.log == > sourcetype = FirstLog\\Server\Path\SubPath\{can be any name}.csv == > sourcetype =...
View Articlesplunk on VMWARE Virtual desktops
Installing Universal forwarder on a VDI parent ...will it gather the widows loging and sent them to a indexer ...eg index = index.test
View ArticleFinding overall login time for a user
For a game, my logs log two times, a login event and a logoff event. What I want to do is calculate the total online time of a player in splunk. They are two separate events, and I can find them...
View ArticleIs Splunk the right tool for ESXTOP?
Hello All,I'm outputting VMware esxtop data to a csv and was wondering if splunk was the right tool to index and use the data.I've got esxtop dumping a csv with 30 minutes of data. The csv has a header...
View ArticleAutomatic Field Extraction Using "Translatefix" App
Hi all,I recently had the Translatefix app installed in my company's Splunk environment and it is working great, many thanks to Glenn for creating it!...
View Article