Is there a way to accurately determine the volume of events being dropped to...
Is there a way to accurately determine the volume of events being dropped to the nullQueue? I have a standard props & transforms setup to drop events for a given source type by a single regex...
View ArticleHow to Set an Alert on a Moving Average
I am tracking 500 errors on a daily basis. The average usually remains constant but sometimes it will increase more than 50%. If this happens I want to have Splunk send an alert My current search...
View ArticleHow to share a macro globally within the context of my app configuration in...
I have created a macro within an app using the macros.conf file. I am able to see the macro within the Settings -> Advanced Search -> Search Macros if I look under the context of my app. There is...
View ArticleWhere can I get SystemUpTime to configure Anomalous System Uptime in the...
Folks, I am looking to configure the Anomalous System Uptime report within the PCI app. As per the manual: "Relevant data sources for this report include uptime data extracted through scripts from...
View ArticleHow to overwrite a default entry in commands.conf from another app
I'd like to push an app that overwrites which script sendemail uses. For instance I pushed: **email_app** bin/sendemail2.py **local/commands.conf** filename = sendemail2.py **metadata/default.meta** []...
View ArticleSplunk DB Connect 2: How to get the all the rows for a specific timestamp?
I'm currently doing a DB Connect Dump every hour, and the query produces multiple rows. How do I display only those rows as a table? To explain the question in more detail, here is an example. For...
View ArticleThe $SPLUNK_HOME/var/spool/splunk/ directory is filling up with stash_new Files
After upgrading to Splunk version 6.2.4, the $SPLUNK_HOME/var/spool/splunk/ directory starts filling up with files with the extension of .stash_new. This [answers post][1] has been reviewed, but the...
View ArticleIf our Splunk 5.0.2 search head is also a deployment server for 100+...
We are planning to upgrade our search head from 5.0.2 to 6.2.3. The search head is also the deployment server for 100+ universal forwarders. I read in many forums that the upgrade has broken their...
View ArticleError in forwarder : Invalid payload_size=1213486160 received while in...
I have configure my forwarder on my local machine. It is working fine for my local setup i,e, forwarding data to local network indexer. When I am adding my remote server in the outputs.conf file, then...
View ArticleWhy can't the Alert Framework - RedAlert app find my shell script to run?
I have tried many different options on the configuration screen, but I always get the same result in the "Interesting Events : Last 24 Hours" panel: 2015-08-12 15:43:47,571 ERROR [ALERTS] action=SHELL,...
View ArticleHow to upload a file/folder from a remote machine to Splunk using Java?
I want to upload a file/folder from a remote machine using a java program to Splunk on a local machine. I have created the connection with Splunk, but I couldn't figure out how to upload it. Splunk...
View ArticleHow to filter events based on event's datetime as current date?
Hello! Sup? I've been into some trouble when comparing datetimes to strings, I know I should convert'em. Logs I've received are in this format: CAMPAIGN_START_TIME 00:01:05 CAMPAIGN_END_TIME 00:06:12...
View ArticlePass starttime/endtime results to another search
I'm trying to do something similar to what I have below, where I gather the latest transaction for when splunk was shut down, find the start/end values, and then run a search based on what happened...
View ArticleHow write one search to find a percentage using fields from two reports with...
Hi guys, I have a summarized index that contains two different reports, and these reports have statistical data with different parameters. One report (`report=MobilePJTotalClientesUnicos23hs`)...
View ArticleHow do i stop a file from being segmented?
This is the beginning of the file, line numbers for clarity: 1. Log File for: BatchJobOutput_20150801-0139_13516_MonthlyBatchJob_SAMM191.log 2. Started: Sat Aug 1 01:39:22 CDT 2015 3. Using path to...
View ArticleHow to modify simple xml table headers via JavaScript
I have a simple table with a custom renderer, a la: table.getVisualization(function(tableView) { tableView.table.addCellRenderer(new CustomRangeRenderer()); where my CustomRangeRenderer modifies the...
View ArticleAre there best practices for controlling my daily License quota used per Pool?
I am a newbie and just getting started. I'm only pulling local data from the Splunk Server. I do have a few apps installed for Active directory and Utilization Monitor. I have a 5GB limit limit and my...
View ArticleIs it possible to create a field alias based on eventtypes in props.conf?
Hi, I saw a conflicting instructions in the props.conf http://docs.splunk.com/Documentation/Splunk/6.2.4/admin/Propsconf # The following example creates an extracted field for sourcetype...
View ArticleHow to troubleshoot why a deployment client is unable to phone home to the...
We are unable to get the deployment client to show in the deployment console. Other Windows/Linux servers are connected and apps are being distributed fine. Deployment Client: - Windows 2012 x64 -...
View Article[SplunkJS] SavedSearchManager - How to pass a token into the search query?
I have a SavedSearchManager defined in my Django template that I then reference from SplunkJS. It has been running fine, but now I want to extend it by passing a token into the search. I have been...
View Article