Splunk for Unix and Linux controlling inputs
Hi,If I want to reduce the number of things reported by the Technical Addon, do I need to edit every inputs.conf file on every server that has a universal forwarder? Would it be sufficient to edit what...
View ArticleSplunk for unix: Do we need to edit ALL inputs.conf files?
Or is it enough just to do this on the indexer? I'm in the midst of fine-tuning things, and it would be great if I could alter timing intervals and what is being monitored from just one place. I saw...
View ArticleLimit values
I have a search that pipes this:stats count,values(category) by src_user src_ip It returns results with a ton of categories per user and IP. I would like to limit the values(category) to the top 3 per...
View ArticleCisco Log analysis
Hi Guys,We want to built intelligence for cisco logs. Anybody can help us to get it done ?We deal with Cisco Video exp CTMS, CTX and CTMS .
View ArticleBuild in a development environment
Greetings,There must be some cookbook out there but I can't seem to find it. I have a 3 VM environment of a forwarder, indexer, and search head. I would like to create another VM for development. Can...
View ArticleExtracting fields from undelimited binary data?
I've got data coming in that's a hex string (binary fields). They're not delimited, but they do follow a fixed format.Offset 0 , 1 byte = IndexOffset 1, 1 byte = Data TypeOffset 2, 2 bytes = Sequence...
View ArticleError when trying to clone a report [HTTP 404]
Encountered the following error while trying to clone: [HTTP 404] Viewstate object not found; view=* viewstate=tcrjpjmo I do not understand why i get this error when i try to clone a report.Any...
View Articlefield extraction help
I'm fairly new to Splunk so forgive me if I'm asking the obvious. I'm creating an app for my RabbitMQ server and I'm having a few issues with one of my field extractions. I've got a script...
View ArticleGrouping Client Ips
Hi,We have different set of clientIPs and we want to group them so that we can either group them by or exclude that group or something like that..Do you have any suggestions whether to create as an...
View ArticleCount By Date
I have a search created, and want to get a count of the events returned by date. I know the date and time is stored in time, but I dont want to Count By _time, because I only care about the date, not...
View ArticleReal time window'd search doesnt work correctly
I am having an issue querying with real time search with sliding window. Using the query: index=main source="Perfmon:CPU Load"With the real time window view (1 minute window), I get a number of events...
View ArticleClik here to view.
00時00分00秒のイベントが取り込まれない
1秒毎に書き込まれるファイルをSplunkでモニタリングしていたところ、 00時00分00秒の書き込みだけSplunkに認識されませんでした。 (勿論、00時00分00秒のログへの書き込みは確認しています。) 因みにタイムスタンプはログに書き込まれる時間をタイムスタンプとして認識させています。<00時00分00秒のログへの書き込み> <Splunk Webでの検索結果>...
View Articletimechart for a time described in log file
Hello, i would like to know how can i draw a timechart using the log timestamps instead of the event timeStamp.e.g. my log contains the list of events having its own timestamp. while monitoring the...
View Articlecalculate time statistics over an hour, but only find releated events that...
I am trying to calculate statistics for when a transaction enters our application, and when the reply is sent from the application. I would like to calculate statistics over an hour and there are two...
View ArticleDetection of repeating values over a period
I have a log that contains details of policy violations committed by users and this is available for a period of few months. I would like to find users who are repeatedly committing the violations over...
View ArticleUnderscores in inputs.conf...HELP!
Let's say I have the following in my inputs.conf file:[monitor:///splunk/splink/fish/abc_qa/logs/]whitelist = def.log$|ghi.log$|jkl.log$|mno.log$|pqr*.log$sourcetype = applogsindex = riskdisabled =...
View ArticleIndexing Logs in Splunk? Network Bandwith?
Hello, I have some doubts and questions about Splunk Enterprise. I have Jboss and WebSphere logs that are constantly getting to the email automatically about transactions that are going trough the...
View ArticleCan you take multiple time ranges from one search and use them in another?
I currently have a saved search that grabs TPS values for each of my URI's and totals them as total TPS. This runs every 5 mins and is saved to a summary index. I then use the following search to show...
View ArticleSplunk DB connect tarball corrupt?
I've attempted to download the Spunk DB connect app. I get a 3kb .tar.gz file. When uploading it to Splunk it rejects the app. I suspect that the archive file is corrupt seeing that it is to small to...
View ArticleDB Connect Inputs Configuration - TimeStamp Format
In DB Connect data inputs configuration, I setup a query as source with a column (myDateTimeField ) as Output TimeStamp as well as rising column. I also enabled Output timestamp. (Backend database is...
View Article