indexing load balancing with [script] input
Hello,We have set up a small splunk cluster, with 3 indexers getting data from universal forwarder, which is configured for output as[tcpout:default-autolb-group] autoLBFrequency=40 server =...
View ArticleReal time search of _audit using Python SDK
Using the follow.py example script, I get no events when searching using 'index=_audit action=alert_fired'. When I run this search I can go into 'Jobs' and watch it from the GUI and see records...
View ArticlePush configuration files in cluster
Hi, I have a splunk cluster and have config file props.conf and transforms.conf under master node $SPLUNK_HOME/etc/master-apps/_cluster/local/ I apply the change to its peers using CLI command apply...
View ArticleMultiple searches on one chart
Is it possible to have multiple search results represented on one chart? I have (2) searches defined that extract and return results. I want to coorelate these result sets on the same chart. Is that...
View ArticleFilter WinEventLog
Hi, i need of the filter for Windows Logs, in Splunk Web, ok....more i need in inputs in each machine. TaskCategory="Logon" OR "logoff" Logon_Type="2" OR Logon_Type="3" OR Logon_Type="10" OR...
View ArticleClik here to view.
How to change the text box layout (not panel layout)?
Hi Splunkers,I have a question about text box layout in dashboard or view. In simple XML, we can look at text box in a row as a following image. Can I change to boxes in line ?In addition, in advanced...
View ArticleWhat parameters do the intention have ?
Hi Splunkers, I have a question about the following XML. <module name="ConvertToIntention"> <param name="settingToConvert">index_setting</param> <param name="intention"> <param...
View ArticleWhich ways are the best for missing custom extracted fields ?
Hi Splunkers,I've encounter the same problems that i cannot get search results of my custom extracted fields. I previously investigated this situation and I made a conclusion that those log records...
View Articlesubsearch issues truncated result and timeout issue
Hi I am running a query (Time span 24hrs) sourcetype=ABC Application=XXXX Type=XXXX | chart ... | join .. [search sourcetype=ABC | ...] I am getting 2 problems, 1. Search query truncated to results...
View ArticleSplunkForwarder garble events with \x00
I observe a strange behavior with one of out UniversalForwarders.First I've added a new logfile on the forwarder with CLI. Events looks good on a search.After that I'vre removed the monitor and...
View ArticleCan't set permissions for the navigation menu
I am running Splunk version 5.0.2.I want to add write permissions for the navigation menu to a user role. I go to "Manager » User interface » Navigation menus" as the admin user and click the...
View ArticlePassing earliest and latest with relative time modifiers
hi,I have plotted a time chart for one host(say Host A) and on clicking(drilling down) particular time(say 07/02/2013:11:15:00AM). I want to see all the log entries for all the available hosts(Say Host...
View ArticleDashboard views with values on the chart
Hello, I would like to know if there is any way i can show the values on top of the lines/columns on the chart itself rather that on a mouse focus. Any option available to show it for a particular part...
View ArticleIs there a way to change the search order to be based on a character string...
I want to be able to order my search in ascending OR descending order based on the modtime, which appears to be merely a character string within the main portion of the result. This is not the time...
View ArticleHow do I parse a value from a log message?
I have the log messages in the following structure, the one shown represents a heardbeat from the application.How can I parse the ProcessMemory(KB) value?or Is it best to change the log message...
View ArticleVshield on Splunk
I'm looking for an application to monitor Vshield 5.01 on Splunk . any ideas ?
View ArticleSplit _raw column
Hi., I have the following information in the _raw column. Jul 4 15:41:10 name.domain.net Jul 04 2013 14:41:10: %ASA-1-106021: Deny UDP reverse path check from 172.16.3.62 to 255.255.255.255 on...
View ArticleTime modifiers for Search and Time zones
Hi All,The timezone in my splunk setup is IST (UTC + 5.30)From the examples at http://docs.splunk.com/Documentation/Splunk/5.0.3/Search/Specifytimemodifiersinyoursearchif the current time is Jul 4,...
View ArticleHow to create a new field with values in existing field based on the values...
Hi, I'm new to splunk and seek your help in achieving in a functionality.My log goes something like this,time=12/04/2013 12:00:36, login_id=1, head_key_value=124, txn_dur=12.54, txn_status=success...
View Articlefschange blacklist filter not working as expected
Starting at the parent directory, I have been gradually adding subdirectories to an fschange filter. Once I get to a certain point, it doesn't seem to work properly for sub directories and files...
View Article