timestamp in chinese charactors
can splunk extract timestamp in chinese charactors: "2011年2月27日星期日 下午03时13分36秒中国 (上海)" means 2011-02-27 15:12:36, "下" for pm "2012年5月28日星期一 上午10时59分54秒中国 (上海)" means 2012-05-28 10:59:54, "上" for am...
View Articlefield extraction where the data may need a lookup
I'd like to do a field extraction on these fields:proto=udp/67 proto=tcp/http proto=udp/9060Should become protocol/serviceIf the service ends up being something alphabetic like HTTP then I don't change...
View Articleindexes not appear in cluster dashboard
i have added "repFactor=auto" to each peer's indexes.conf and "rolling-restarted" them all i have put into them some data which can be seen on searchhead but they are still not there
View ArticleClik here to view.
Problems with search on chart
I saw this command and tried to imitate it sourcetype="wind" | eval intscale="SCALE"+tostring(floor(scale/10)*10) | chart count over month by intscale | sort by monthWhat is wrong with my command ?...
View ArticleIssus for SNMP Modular Input
Hi expert:I download apps SNMP Modular Input from http:\\splunk-base.splunk.com/apps/88686/snmp-modular-input I have read description in that websit. Download a Cisco Mibs in python "egg" from But I...
View ArticleSplunk Crashing once in 10min
Hi All,My Splunk instance 5.0.1 running in Solaris 10 is crashing. I have updated with the latest Splunk 5.0.3 but made it worse. It used generate crash logs and crash files (in /var/core directory)...
View ArticleProblem with extracted field
Hi,I am not able to see extracted fields in "Interesting field list",however fields are visible in Manager. What can be the problem ?Thanks and Regards
View Articlehandling syslog...
Hi,We are in the midst of implementing Splunk to handle syslog from all of our network devices. I've configured rsyslog to write the logs to a YYYY/MM/DD directory, in a "system-hostname.log" format....
View ArticleRegex for URL parsing
Hi,I want to extract url's from the events as a seperate field.Here is the log file04/15/2013 17:51:58.09 w3wp.exe (0x113C) 0x3D50 SharePoint Foundation Monitoring nasq Medium Entering monitored scope...
View ArticleUniversal Forwader - Cap CPU, memory, Disk usage
Hi everyone, Thank you for your time. My question is sample: is it possible to cap this three parameters: - CPU - RAM - DISK On a Universal Forwarder, installed like a agent for monitoring file and...
View ArticleVIRUS detection
we had a PCI mock scan, the auditor inserted some virus which was been caught by Kaspersky, but i am unable to find a trace or log it in splunk. please help me in in finding it.
View ArticleInstalling Universal Forwarder with no configuration.
I am looking to install the UF across my organization. We will use deployment tool to deploy and manage the the UF + any apps/configs.According to this link the required installation flags are 1....
View Articledbmon-tail stanza has stopped processing data and seems frozen in dbx app
I am querying a Websense database (MSSQL) with 5 DB inputs. 1 Tail and 4 Dump. The 4 Dump inputs work just fine. The Tail input seems to freeze and sometimes crash Splunk. This is the query we are...
View ArticleCPU-bound search. seems related to KV processing.
Ahoy. We've been experiencing a search performance problem and I'm having trouble figuring out what to do about it. I've been following the advice and techniques outlined...
View Articleloadjob performance
What determines the performance of loading the artifacts of a savedsearch? I have a job which ran a savedsearch, and it has 70,000 results. Doing a 'loadjob' on the sid of that job takes 10 seconds....
View Articlewhere to do a field extraction
Hi,I want to extract, and report on (also, put in a summary index), some standard fields from access logs. I have a standard multi-tier setup (uf, indexer, and search-head). I have the props.conf and...
View ArticleMultiple Timeline graphs on a single webpage Javascript SDK
I am attempting to display multiple timeline graphs on the same webpage via the JavaScript SDK. The first graph shows up, but the second one does not. In firebug, I can see both jobs get created, but...
View ArticleSingle drilldown from multiple charts
I have a dashboard which contains three charts all of which present different views of the same data. I'd like to set up my dashboard so that when the user clicks on a data point in one of the three...
View Articleadding a dynamic time to a panel title
I am trying to display the time frame that some of my graphs are displaying, because they are not time charts this information is not dynamic for viewers and therefore less informative. I would like...
View ArticleAPPEND is not UNION?
Splunk version 4.3search A : index=webserver1 type=error | table serverName message method search B : index=webserver2 type=error | table serverName message method search C : index=webserver1...
View Article