Organizing Log Data In Splunk
I have installed Splunk 5.0.2 and a universal forwarder on one of the application servers to forward glassfish logs to splunk central servers. After adding a monitor I see all the glassfish log files...
View ArticleAlert if TPS vale is above threshold continuosly for 5min
Hi All,How to implement an alerts if the TPS value is above threshold continuously for 5min or so.I am stuck upto here. index="router" | bucket _time span=1s | stats count by _time hostname | where...
View ArticleErrors: Reached end-of-stream/Streamed search execute failed
Running 4.2.4, these errors show up every once and a while when doing a search on a search head:"Reached end-of-stream while waiting for more data from peer <indexer>. Search results might be...
View Articleuse source name as outputcsv filename
Hello! It is possible? If yes, how this can be done?
View ArticleHow on earth do I edit indexes.conf
indexes.conf is set to read onlyI can't even change my frozenbucket retention period
View ArticleSplunk Forwarding
Hello, Can any one please tell me that, Whether splunk reads event from only splunk installed machine or non-splunk machine also ? Also Please give me idea about forwarding mechanism of splunk. and one...
View ArticleConfigure index and application in Universal forwarder
HiI configured Universal forwarder to push the windows event logs ( adfs logs ) to main splunk server.Can anyone help me how to configure the application and indexer.Thanks in advance
View ArticleSearch Strategies for Complex Data Sets
Hello All,I've searched Answers here and I have not really found an answer to my problem, my apologies if I missed one or two.As the title states, I'm trying to find generic search strategies that will...
View ArticleHTML Module... Sideview... Iterating through an unknown number of results and...
A much more simple version of this question... but along the same lines. All over the google results for this people keep redirecting the questions with "don't use HTML, use a table module" when that's...
View Articleis my custom command reading the sourcetype data?
tis is my coding, i followed http://docs.splunk.com/Documentation/Splunk/5.0.2/AdvancedDev/SearchScriptsimport csv import sys import splunk.Intersplunk import string(isgetinfo, sys.argv) =...
View ArticleParsing of a text field which contains different date format.
Hi, I have a text field in my monthly csv report which contains different date format. Would like to know how can I parse the date accordingly. The format of the date could be in these formats:09, 30...
View ArticleHow to run subSearch run longer than default time
Hi, when i am running a query, it says sub query has finalized automatically after 30 secs. Where is this configurable? can i mention it in the query for how long it should wait before it is finalized?
View ArticleDeleting old cold indexes
Hi, All.I was running the following query[1] on one of my indexers, getting an overview of how many buckets are in play at the moment. Most of the indexes fell into roughly the same number of hot,...
View ArticleSplunk PostProcess Search Query is too large
I have the following error when I paste my search into the search app. There was an error requesting the job listing. Status "400". Error message: "error" When I then reload the page, I get 414...
View ArticleSplunk shuttl and Hdfs on different machines
Hello I have couple of issues regarding Shuttl with HDFS archiving . situation is as follows.i have a CDH3 cluster and on another machine i have my splunk indexer where i have put shuttl app. I have...
View Articlepreserving column order in db connect output
Hello,We have generated our query in SQL Management Studio and have ordered the columns how we would like them but when we place them into splunk it sorts them alphabetically. How can we sort the...
View Articlesplunk java agent
I have downloaded SplunkJavaAgent and set it to run in eclipse by giving arguments for javaagent during Tomcat startup and am getting events in Splunk through TCP but not what I want.Following are the...
View Articleis Splunk DB Connect the preferred method for integrating Splunk with SQL data?
Is this the preferred method of integrating Splunk with SQL data?
View ArticleRestrict search terms & tstats
Greetings,I have a dashboard panel the runs the following:| tstats sum(bytes_sent) AS sumSent sum(bytes_received) AS sumReceived FROM pan_traffic groupby _time span=5m | timechart span=5m...
View Article