How do i search indexed data in Warm Db ?
splunkd.log gets indexed in _internal index. From this index , i could able to get data for last 1 month. I need to have splunkd.log for Jan2013 . How do i get it ? Was the data moved to Warm db,cold...
View Articleindexes not appear in cluster dashboard
i have added "repFactor=auto" to each peer's indexes.conf and "rolling-restarted" them all i have put into them some data which can be seen on searchhead but they are still not there
View ArticleNetflow Essential of Splunk is not working.
Essential of Splunk is not working. When i start it it is giving me following error " Controller not started or doesn't write log" . Any idea how to solve this issue?
View ArticleArchitecture diagram explanation
Hi,Is it possible to get some explanation on the architecture diagram appears here: http://docs.splunk.com/File:Architecture.pngThanks, Avital
View Articlelost some events
In Splunk index some events are missing. Is it possible that Splunk skipped some records? Has anyone encountered this problem? Could the server power be the reason?
View ArticleCan single forwarder forward data to two different indexer's ??
HiI am using a UF say in Machine A , its has logs at two different paths say Log Path1 and Log Path2 . Now i want this Forwarder to forward LogPath1 data to one indexer say "C" and LogPath2 data to...
View ArticleSend fields from subsearch to main search
Here is what I'm trying to do: I have two events- both have the field 'requestId'. One of them has the field 'processTime' and another has the field 'operation'. I need to correlate the two using...
View ArticleEmpty csv lookup file (contains only a header)
I'm getting an error message complaining about a CSV based lookup file containing only a header. But it doesn't. It's chock full of CSV lookup goodness, but my Splunk instance is upset with it for some...
View ArticleReindex entire file when file is updated.
I have already read this older thread on the subject -> : http://splunk-base.splunk.com/answers/5426/entire-file-contents-as-a-single-eventWhat i'd like to know is if there is a way to reindex the...
View ArticleSearch for 5 maximal values per field
Hi All,My data in Splunk contains information about sales from different store branches. More specifically, I have the data in the format - Date, Branch_ID, Sales (Number), that describes for each...
View ArticleOffline Google Maps
Hello,Is it possible to use Google Maps App in a network without internet connection? I see that client uses internet connection and a Splunk instance doesn't have any cache of maps. As I guess I need...
View ArticleError configuring hadoop connect
Hi, I am getting this error while configuring hadoop connect ERROR:Failed to get remote Hadoop version (namenode=10.23.227.70, port=50070): 'Version' keyword is not found. anybody aware of this?? if...
View ArticleHow to get selected values from pulldown module?
Hey,I have a pulldown module wich is filled with search results.< module name="Pulldown"> < param name="name">filiale</param> < param name="label">Filiale</param> <...
View ArticleClik here to view.
timechart not showing results when using span
I am really puzzled with the behavior of one my searches/panels.My search does return plenty of results, then I want to draw a timechart graph with those results but it only works if I don't use the...
View ArticleJoin events by closest time
Hello, lets say I have events from two sourcetypes:time, ip, hostnametime, ip, usernameNow I want to match username to hostname based on the time and ip field in the following manner: ip has to be the...
View ArticleIf a cold to frozen script fails, what happens?
Hello,In indexes.conf, we can specify a value for coldToFrozenScript, to run a specific script when cold buckets are rolled to frozen.What happens if the script fails to execute, or returns an error...
View ArticleSNMP Modular Example
Hi, Would it be possible for someone who has this working to show an example please. I'm not too familiar with SNMP MIBs and OIDs etc but I would like to poll Cisco switches to get interface name and...
View ArticleValidation Error
Hi after updating the SetUp of the twitter app with a new user/password I get following message:Encountered the following error while trying to update: In handler 'localapps': Could not validate...
View ArticleHow can i set valusetter module for dynamic pulldown ??
Hi .I have a dynamic pulldown which will have values generated dynamically . Now my requirement is in the dynamic pulldown.. when ever the dashboard is loaded i want the first value of the pulldown...
View ArticleFind range between min and max values for field in transaction
Hi everyone. I have this query which works really well. It is returning an identifier and list of descriptions, dates and sources. However I'd like to be able to find the range between the min and max...
View Article