Splunk dbx no longer working after java upgrade
After upgrading java to JRE 7 the dbx app doesn't return any search results and after a while even the searchead crashes completely.We have a integration environment and a production environment. Funny...
View ArticleHowto remove sources to not show up on the summary page anymore
We are running Splunk version 5.0.1, build 143156.We mistakenly indexed thousands of log files with each file having unique name. Now when you look at the list of sources its thousands long and we...
View ArticleSymantec Endpoint Reporting App blank
Hi,I've added the Symantec Endpoint Reporting App, but nothing is showing up in the dash.I've setup logs to be transferred via UDP:515. If I search for data using sourcetype=sep11:log or source=udp:515...
View ArticleSingle drilldown from multiple charts
I have a dashboard which contains three charts all of which present different views of the same data. I'd like to set up my dashboard so that when the user clicks on a data point in one of the three...
View ArticleHelp on Transaction command!!
Hi All, I want count of word "ERROR" in the group of events for which i have used transaction command!my search query is source="*.log" | transaction startswith="Hydra is starting Control Channel"...
View ArticleWhy does using bucket span before transaction command give wrong duration in...
sourcetype = abc | bucket span=1h _time | transaction user_ip destination_domain maxspan=20s maxpause=2s | stats count by duration destination_domain This search renders duration for all fields as...
View ArticleSPLUNK for SNORT not working
I am trying to get SPLUNK for SNORT up and running with no luck. I am new to SNORT,SPLUNK, and linux in gerneral. But here is what i have. CentOS running SNORT and producing an ALERT and log file...
View Articlehow do I remove a source
Ok, this is massively frustrating. I downloaded Splunk and installed it on my computer. I ran through the tutorials just to get a feel for how the thing worked. To start, I just indexed some of the...
View ArticleRetrieve events grouped by event order (first 5, next 5, etc...)
I have no clue how to do this. I've tried autoregress, and I expect it shoudl work, but I end up with gaps in the new field...the original field is continuous.What I want to do is get stats on the most...
View ArticleIncreasing rows returned from STAT \ CHART queries
When I run a CHART or STAT query, and the query returns more than 50 rows the output is truncated with the following:-[and xx more values]Is there anyway to increase the number of rows returned?
View Articlededup within timechart
I have several searches that I am trying to optimize now that our platform is on splunk 5+. My preference is to leverage report acceleration because of its ability to dynamically back-fill the way it...
View ArticleToo many source files listed
I noticed that we have > 2200 sources listed (and growing) and researching the matter seems to indicate that I can use a transformer based approach to prevent this from continuing to occur. But this...
View ArticleUsing Join (or similar command) for One to Many Relationship
I have a log file that is writing session data for users using an application in a csv format. The session data provides information about each transaction using "Meta" events and action information...
View ArticleTrying to Search & Filter by Target Account Name
Hi SplunkBasers!Here in our AD environment, we have a Single Splunk Instance, with UFs installed and sending data from our DCs to the Splunk server. I am trying to setup a search and alert so that when...
View ArticleSplunk DB Connect Dashboard
Hi Folks,Today I created a dashboard with some panels using the Splunk DB Connect App. After that, I started looking where the dashboard called "XPTO" was living inside Splunk. The DB Connect's up menu...
View ArticleMigrate and Upgrade at the same time - best practices?
We are planning to migrate from a Splunk 4.3, single server environment to a version 5, scaled new installation (index cluster, etc). Any experiences or recommendation on this? Should we upgrade our...
View ArticleAPPEND is not UNION?
Splunk version 4.3search A : index=webserver1 type=error | table serverName message method search B : index=webserver2 type=error | table serverName message method search C : index=webserver1...
View ArticleMore than one inputs.conf / config directory
Hello fellow splunkers,I know about $SPLUNK_HOME/etc/system/local/inputs.conf and using wildcards to minimize the amount of stanzas in it. I'd like to know if its somehow possible to define some kind...
View ArticleClik here to view.
Changing display from row to pie ? [Used for Google Map Drilldown]
I am working on Google map overlay, is there anyway I can change from displaying row to pie ?<module name="HiddenSearch" layoutpanel="panel_row8_col1" group="Overall Weather Status"...
View ArticleSuggestion for my data with pie chart
Hi I am troubled with coming out ideas for pie chart using my data for weather (below), anyone has suggestion ? I make it run every 5 mins to collect weather data for 6 different location, 'yishun' is...
View Article