Getting a count of the number of fields associated with a sourcetype
I've done a little looking and poking around but haven't seen an answer to this - hopefully I haven't overlooked something obvious. I'm trying to build a query that counts the number of fields...
View ArticleSplunk behind reverse proxy
I have tried to configure a reverse proxy (using nginx) to Splunk but not work correctly. Splunk and proxy server are in the same machine. When accessing to Splunk by proxy the browser is redirectet to...
View Articleaccessing saved report data in json/xml from Splunk RESTful API
I have tried to access a saved report through a browser URL using Splunk's RESTful API. I cannot seem to accomplish this. I am using my_domain:8089/servicesNS/my_user/my_app/ but from there I am lost....
View ArticleBTreeCP and snapshot.tmp in the fishbucket: What does it all mean?
I have a continuous repeat of the follow error in my splunkd.log:ERROR BTreeCP - failed: failed to copy/move C:\Program Files\Splunk\var\lib\splunk\fishbucket\splunk_private_db\btree_index.dat to...
View ArticleWhen is old data deleted from indexes?How does frozenTimePeriodInSecs get...
HiI have an index that has its frozenTimePeriodInSecs set to 90 days. When inspect that index with the rest command I see that the index has events from 2008:| rest /services/data/indexes | search...
View ArticleForwarding Mainframe logs to Splunk
I know we can forward logs from a Linux box to Splunk (if we install Splunk forwarder on the Linux box). Similarly can we forward logs from Mainframe - CICS region to Splunk? Do we have any method to...
View Articleprocessing of Mainframe logs
the logs we're interested in from the mainframe are from java WebSphere applications running on Z/os. They're in ascii already. For us to make a pitch for splunk we'd need to demonstrate that we can...
View ArticleWhat are the best practices for installing SoS on cluster?
As written above - I just set up a cluster (Master, 2 Indexers + SearchHead). Are there some good practices for installing SoS on cluster? Is it also pushed from teh master to the nodes or installed on...
View ArticleHow can I calculate in real-time the rate of events (eps) being indexed?
I would like to find out how many events per second my indexer is receiving and indexing.What search could help me find this out?
View ArticleClik here to view.
java verbosegc log files (long pause before log line flushes)
We are trying to forward verbose Java garbage collection log files (java version "1.6.0_34") using Java's "-XX:+PrintGCDetails" option to get detailed information.There is a bug in Java where the last...
View ArticleFiltering Events
I am trying to filter events, and am not having any luck.Log info in Splunk: LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information...
View ArticleSplunk for VMware Forwarder Appliance can't authenticate to ESXi hosts
Howdy all,I'm working on setting up the Splunk for VMware FA and I'm running in to a problem. I've created an appropriate service account in Active Directory and I can connect to vCenter and the ESXi...
View ArticleAmpersand in Map name causes error in generated XML File.
I'll rename the map and it should be fine, but I'm letting you know about the bug. Error text: 400 Bad RequestReturn to Splunk home pageXML Syntax Error: xmlParseEntityRef: no name, line 2, column...
View ArticleProblem with a user's ability to set permissions on a saved search
I have created a role for a group of users for whom we are collecting their Windows Exchange logs and Windows events logs. This role inherits from 'user'. Things have been fine, but one user wanted to...
View ArticleThree different search on single chart
Hi,I've three different types of logs.Sharepoint:04/14/2013 23:51:56.49 wsstracing.exe (0x0B14) 0x1874 SharePoint Foundation Unified Logging Service b9wt High Log retention limit reached. Log file...
View ArticleBest way to implement an external script
We're using Splunk to index events from Bit9 and interact with its API to ban/approve files. We've written a python script that takes a number of command-line switches and values that we want Splunk to...
View Articlefiltering events using NullQueue
I was wondering if there is any way to filter eventcodes, but not every event that is being passed through. For example is there a way to block EventCode 4624, but just the debug messages and let the...
View ArticleHow to get selected values from pulldown module?
Hey,I have a pulldown module wich is filled with search results.< module name="Pulldown"> < param name="name">filiale</param> < param name="label">Filiale</param> <...
View ArticleGetting data from Mainframe system??
Hi all, How to get data from Mainframe systems onto Splunk??
View ArticleDB Connect Tail Command not updating
I am using a tail db command to pull events from a Oracle database every hour. I was able to pull in all of the data the first time it ran but I haven't received any new events. When I looked at the...
View Article