How to calculate rate of change over time for an variable
I have an input value that changes steadily (at constant rate, either increasing or decreasing), and Splunk is capturing every value with a timestamp.I am trying to find a way to calculate the...
View ArticleSearch Very Large Data set
I need to search my firewall logs for the past year and find unique source namesI can do this search index=firewall policy_name=* | dedup policy_namethis still is looking at about 48 billion records to...
View ArticleDBConnect on AIX
Just curious if anyone else has had any issues getting dbconnect to work with aix? We have a dev environment and everything works correctly. It is Windows however. I go to our prod environment and it...
View ArticleUF tries to open two connections at the same time on the same outbound port
On several servers, the universal forwarder tries to open up two connections at the same time on the same outbound port. The first connection succeeds, and the second connection generates event id 5157...
View Articlespliting multiple feed that use udp:514
I have multiple systems reporting over UDP:514. I want to separate the iron port email, Cisco ASA's, iseries as400, and PaloAlto firewall feeds at the global level before sending the data to the...
View ArticleSplunk for Active Directory
I'm having a good time trying to configure Splunk for Active Directory on a universal forwarder using the remote data collection option. What groups does the user need to be added to in order to get...
View ArticleHow do I use a forwarder to send syslogs to a receiving indexing server
I currently have a search head forwarding on port 9997 and two receivers listening on 9997. I want to send syslogs that are being stored in /var/log/messages on the search head over the forwarder to...
View ArticleSplunk JMS Modular Input v1.2.2
I believe I have the JMS Modular Input app installed and running. How do I configure this to monitor a JMS queue on a remote server?
View Articleindexing, segmenting segments, pre-search
I am a splunk newbie, so some obvious explanations might need further clarification.What I have:Advanced medical imaging system of systems that produces a global output log of a specific format...
View ArticleBackgrounded jobs don't send email alerts out when completed.
For a long backgrounded job, it would be really useful to be able to get an alert sent out when it is done. Doesn't appear that my Splunk instances does this.Emails for scheduled searches that generate...
View ArticleCan Splunk be used to sort through emails?
Can emails be sent directly to a Splunk server so it can go through and alert on emails of interest?
View ArticleHow do YOU use splunk! (Search/Query Examples)
Hello everyone,Our company just started using Splunk, and after experimenting with some basic commands it certainly proves to be a powerful yet simple to use search processor. Since our team is so new...
View ArticleHow to Install SplunkAppForNetAppONTAP
SplunkAppForNetAppONTAP - Deploy this app to $SPLUNK_HOME/etc/apps on your SEARCH HEAD only.Can someone please explain what is the SEARCH HEAD? And how do we download, Splunk_TA_ONTAP7, and...
View Articlerenaming fields in search
I have a query like thissourcetype="beta" index="alpha" | table fieldA, fieldB, fieldChow do I rename fields fieldA to A, fieldB to B and fieldC to CThese fields are strings AND numbers (not sure how I...
View ArticleDate Format
I have a field called DATE and it is returning values yyyy-mm-dd HH:MM:SS. I am trying to chop off the hours, min, seconds so I only have yyyy-mm-dd. I have tried to use the convert command but I would...
View ArticleUnable to extract XML for a search - advice sought.
If you have a minute to help, I am trying to search on the: to/ContactURI within the XML found in this result. I have tried several things but it is not working the way I expect/need. This is what I...
View ArticleSpecify Default Index for App
How can I specify the default index to use for a specific app?I have an App with a few inputs defined that put all of their content into an app-specific index, index_myApp. I have a number of reports...
View ArticleSideview Checkbox Layout
Hi, Is it possible to have the dynamic checkbox layout be horizontal rather than vertical? I have about 30 checkboxes having them be vertical takes up a lot of space on the dashboard.Thanks
View Articlesearch lookup table for value
so I can grep the look-up table to find an entryI can see the contents of the look-up table by doing this | inputlookup Domains.csv I want to find a specific entry in the look-up table but I cant seem...
View ArticleDeploy additional FA for VMware
I initially deployed the VMware App with a single FA virtual appliance. What does it take to add additional virtual appliances? What config files need to be changed?Question 2) How can we "pin" a...
View Article