SPLUNK OSSEC
I just installed the current version of Splunk 5.3 on my CENTOS 6.3 laptop (vm) on top of OSSEC 2.7. There is an option at login for Splunk Server. I have no idea what the password is (neither...
View ArticleIssue with Twitter App Installation
hi I am not able to Set Twitter2 App by davidfstr , whenever i am doing the set up with twitter account info and by enabling the Twitter scripted input below, i am getting follwoing error "Encountered...
View ArticleMultivalue field for summary index
I have a multi-value field "activity" that can be very long and contain many unique values (60+). I want to be able to summarize the count of activities per hour per user in order to populate a summary...
View ArticleFaster way to find first occurrence of "duplicate" events
I am trying to chart initial logins over time as follows:index="abc" sourcetype="*apache_access" NOT remote_ident="-" | table _time remote_ident | stats earliest(_time) as _time BY remote_ident |...
View Articledb connect host?
Hi,I want to pull in data from an Oracle database via db connect. I'm looking for some general guidance. I want to pull in data as near real-time. The data gets written to Oracle in 5-minute cycles. I...
View ArticleSplunk DB Connect
While configuring DB connect I get the following error message.Encountered the following error while trying to update: In handler 'localapps': The specified JAVA_HOME is invalid: Unable to determine...
View Articledb connect - input joining 3 tables
HiI have an issue trying to create an input with db connect that throws this error2013-06-12 11:29:23.417 dbx7796:ERROR:TailDatabaseMonitor - Configuration Error: Invalid query specified! Found...
View Articlere-balance disk space on indexers?
We have an environment that had 9 indexers, and we just added 6 more. Our old indexers were all getting up to around 88% capacity, and our new ones are of course at 0. Is it possible to shuffle buckets...
View Articlecount by multiple instances of same field name in one request
I'm using Splunk to interrogate web logs. Users of our site can select one or more parameters in their data requests, identified as p=<param>. I want to get a count by parameter; however, when I...
View ArticleUniversal Forwarder Installation
Quick question, I'm still getting my feet wet with Splunk but I was wondering how long does it typically take to receive data after installing a universal forwarder? Does it depend on the how much or...
View ArticleSet field records & IF Statements
When I search my results I want it to update the field accordingly.For example in my case when i search my Audit logs , The log contains the words "write control" and "Read control" within the text of...
View Article502 Bad Gateway with Create Oneshot in Ruby SDK
Hello, I'm able to connect to my splunk server and do some things with fetching the names of saved searches (but not running them), executing rt commands (with incorrect responses), but the most...
View ArticleUsing Splunk as a log forwarder itself?
I'm looking at Splunk to possibly replace a Kiwi Syslog server, however I don't see one of the features that Kiwi provides for us in Splunk. Logs collected in our Kiwi server are also forwarded to...
View ArticleGetting a count of the number of fields associated with a sourcetype
I've done a little looking and poking around but haven't seen an answer to this - hopefully I haven't overlooked something obvious. I'm trying to build a query that counts the number of fields...
View ArticleAddColTotals
Hi, I want to get the count of errors. So i have a query to get the count by status where status is greater than 400. When i use addcoltotals, it is thinking status as a column and hence it is giving...
View ArticleHow to find the last regex match for a multi-valued field in a transaction
We're finding that when large files are downloaded from the Internet, the application whitelisting client reports a "new file" with a different hash multiple times as the download completes.I...
View Articleproper format for lookup table files
I'm working on defining a new lookup table. I found the tutorial and example files. http://docs.splunk.com/Documentation/Splunk/5.0/Knowledge/Usefieldlookupstoaddinformationtoyourevents When using the...
View ArticleDBQuery and epoch
I am creating a dashboard form that is driven off of a text box, and a drop-down. I am trying to dynamically populate the dropdown with the valid date choices for reporting as stored in the DB. The...
View ArticleRegex for extracting ip port and interface
In my log data I get lines that look like this: dst=10.0.59.59:80:X1 dst=255.255.255.255:67:X0 dst=10.0.59.59:9060:X1 dst=0.0.0.0:0:X0 dst=224.0.0.5:1The first value is an IP address. The next two...
View ArticleWhy aren't my email alerts working?
Splunk newB but I'm attempting to get an email alert to work with no luck. I've double checked my setting in the manager we have a smart relay in house which works fine for all my other systems. I see...
View Article