SplunkForwarder File Monitor stopped working at 23:59 01.July.2013
As the title says. Forwarder File Monitor stopped working at 23:59 01.July.2013inputs.conf:[monitor://E:\Logs] disabled = 0 sourcetype = mftlogs [WinEventLog:Security] disabled = 0 Debug: 07-01-2013...
View ArticleSetting the timestamp of an event using part of the filename.
Hi.I have an application that runs once a day, just past midnight, and produces a file 20130628_000000_agent_statistics.csv, now since the file is produced at the 29th of June the modtime is 29. ‎juni...
View ArticleSSL Default Cert
I am using my own cert to send events from UF to Indexer. Evens are coming in and everything is working fine. However, when I restart the forwarder I always see the following entry:SSLCommon - Can't...
View ArticleRole based Searching
Hi Everyone,Need some guidance on performing dashboard backend searches based on user role. Lets say I have one Host coming in with a field called Region, values: North America, South America &...
View Articlexvfb package install download
Hello,We are having difficulty finding the xvfb package or rpm. Does anyone know where we can find this for a RHEL 6 64bit server so we can install for our PDF server?
View ArticleSplunk high availability failover and loadbalancers
Hello,We are setting up our splunk environment up with a loadbalancer with a failover search head and have found this article that discusses rsync to keep our search heads up to date together...
View ArticleNeed help to pass _time as variable in the "earliest" field
Hiis there a way to do this?Basically, I want to run the following search, but have the "earliest" as variable depeding on the last indexttime.index=sam earliest=07/1/2013:13:00:00 | stats...
View ArticleCreating custom Commands- Splunk [5.0.2]
I'm trying to make a custom Command using python but I'm running into some errors."Error in 'script': Getinfo probe failed for external search command 'testscript'" For the moment I'm just trying to...
View ArticleWinEventLog:Security/Application/System events are going to perfmon index
When using the TA-DNSServer-NT6 TA from the Splunk for AD app (1.2.0) on a DC, the windows events from that server are not going into the 'winevents' index as they should be, instead going to the...
View ArticleSource error?
I see an error when I click on the "show source" option on an event in Splunk, and it fails to show the source log that event occurred in. I am just wondering if anyone has seen it before, and if there...
View Articleloadjob performance
What determines the performance of loading the artifacts of a savedsearch? I have a job which ran a savedsearch, and it has 70,000 results. Doing a 'loadjob' on the sid of that job takes 10 seconds....
View ArticleWhere is the python API for splunk.Intersplunk?
Just wondering where the API is for the python module splunk.Intersplunk (used for making scripts that work on streams of events).
View ArticleI want to pass multivalue from one serach result to another search result
Hi,I am trying to create a report using couple of searchTemplates. I want to pass one serachTempleates result to 2nd serachTemplate. 1st search might result in single value or multivalue. now using...
View ArticleIs it possible to use one deployment server instance as a deployment client??
I have multiple environments configured with Splunk (Say DEV, Testing,UAT and PROD). My DEV environment has one Search Head, one Job Server and one Deployment Server instance (one Indexer) as well. All...
View ArticleMultiple searchTemplates in form
I have one report form page which contains around 10 panels. now out of these 10 panel 3-4 panel uses different searchTemplate and 5-6 panel uses differet searchTemplate.If I specify searchTemplate for...
View ArticleCan I set Splunk Forwarder Memory Use Limit?
We have forwarders installed on our Domain Controllers to get the Windows event logs. Our Domain Admin is excited about memory usage. Is there a setting in limits.conf that would allow me to cut down...
View ArticleApps in splunk strom
Hi,Can we install apps in splunk storm.?Please also let me know if there is any documentation which specifies the features of splunk sotrm and also which features are not supported in storm.Thanks
View ArticleBundle Replication error
We are getting replication errors on our indexer. we get the below error constantly:admin [01/Jul/2013:13:13:07.196 Eastern Daylight Time] "GET /en-US/api/messages/index HTTP/1.1" 200 341...
View Article24 hour time in search, with US date format?
I'd like to use the 24 hour time format in search results (en-GB localization), but retain the US date format mm/dd/yyyy.Any suggestions how that can be accomplished?
View ArticleNo data to receivers
Not sure what i've missed...but i receive no data to my splunk receive server.installed receiver server, xenapp appinstalled licensing/broker/zdc/server to appropriate xenapp servers, configured...
View Article