Newbie Question on nullQueue
Hello Everyone,I know there are questions similar to mine, but I cannot seem to transform them into a solution for my problem. I am trying to dump information event logs to the nullQueue so they do not...
View ArticleCan we run multiple universal forwarder instance on one Windows server?
We have situation where other team want to manage their own instance of universal forwarder on the same Windows box. Is it possible to run multiple forwarder under different dir on Windows box? Thanks Nik
View ArticleWindows performance counter question
I'm using the windows app in my splunk instance and for the moment I'm only monitoring a handful of pc's and there perfmon data. What seems to be the issue is that the hosts field doesn't update to...
View ArticleRemove numbers from splunk events
I"m trying to create a search that will show me the count of certain types of events I get in a Windows Event Log. The problem I'm having is that the field I'm keying on (MSG) often has unique...
View ArticleWhat are the hardware requirements for a cluster master?
I have read Managing Indexers and Clusters trying to find what the requirements are for a cluster master. It says 'The hardware storage needs of the master node are obviously lower than those specified...
View ArticleSplunk Forwarder SSL Configuration
Currently we are using a basic splunk configuration for the outputs.conf on all of our clients. [tcpout:indexerGroup] server=server1:8182,server2:8182,server3:8182We are working on enabling SSL which...
View ArticleCIDR Blocks in a lookup table
Hi,i have CSV file for a IP lookups. Question is can i use a CIDR block in the csv file? and when search time will splunk be able to see all the individual IPs from that Blcok.Companyname IP Company...
View ArticleRangemap on multiple fields? Is it possible?
Hi,I have the following in a table that I'd like to do a rangemap on for each - same ranges, just want to do it all at once.6/23 6/30 7/7 7/21 7/28 8/4 8/11 8/18 8/25 9/1 9/8 9/15 9/22 9/29 10/6 10/13...
View ArticleExtracting fields using regex
When i try to extract a field using this (?i)humidity : (?P<fieldname>.+) expression. The result below is given. Is there anyway to extract just 0.82 which is the humidity I needed ? Need help on...
View ArticleConvert seconds into hours, minutes and seconds
Hi allI'm not sure if somebody already asked a question like mine. How can I convert a field containing a duartion (not a timestamp!) in seconds into hours, minutes and seconds? E.g.:3855s --> 1h...
View ArticleGenerated pattern (regex)
I need to extract both of the words, is there anyone that knows how ? I have used this (?i)summary : (?P<FIELDNAME>[\w\.]+) but it extracts only the word Mostly.summary : Mostly Cloudy
View ArticleIs there any Splunk add on available for Microsoft com ?
I want to use Splunk in microsoft technologies( mainly vc++,com,atl technologies). Is there any Splunk add on available for the above technologies. Also is there any IDE( Micrsoft Visual Studio 2012 or...
View ArticleTime on websites (total session times)
Hi there,We have as you would expect a bunch of firewall / content keeper logs in our splunk instance and or splunk guys wish to report on the time a user spends on each website (domain).Basically, I...
View ArticleSplunk DB Connect - dbquery inline search and time filtering not working
Hi all,I am currently working on various Dashboards for my company, for some of them i need to request data from local databases using DB Connect (data are nmon monitoring of AIX Lpar).As i am using...
View ArticleRegex expression Help pls ! urgent !
I have these fields time : 1371877918 windBearing : 209 windSpeed : 6.34 psiAverage : 186 latitude : 1.429463 longitude : 103.835182 location : Yishun cloudCover : 0.73 dewPoint : 69.96 humidity : 0.57...
View ArticleTimerangePicker to calculate the start date
Hello Everyone, i have implemented a case where the events of a log are calculated per day basis. But when i choose the Timerange picker its showing the values according to the events for the last N...
View ArticleBest way to filter clientips as internal/external and group them by class
Given a set of clientip values from internal IP's, external IP's, as well as different classes of internal networks on different interfaces...a) what's the cleanest and most efficient way to classify...
View ArticleHow to specify a day in the alert?
HelloI have a search which creates thresholds and outputs it into a lookup. As of now its looking at 4hr spans, but I want it to look at data at some precise intervals. Like earliest starts at 12:00 AM...
View ArticleFind top n in each group
I have a collection of records in [object_name, execution_time] format. I want to gather top 10 (i.e. first 10 in sorted sequence) execution time values for each object.I could extract execution times...
View ArticleFor how many days we can get the audit.log - in splunk ?
Since 5th December 2012 , I am using Splunk on windows OS. For audit purpose i need the audit.log files from December 2012 to Till date . But, I could found audit.log files available only for this June...
View Article