Configure timestamp
Hi, How can I configure Splunk to use the day/month and time from the file but pull the year from the filename? I have logs that contain the time, day/month at the start of every entry however, when...
View Articleservices on non standar ports
I want to take a service name "HTTP" then do a dynamic lookup and pull a list of "standard ports". If the application is not running on standard ports I want to report on that. For most apps there is a...
View ArticleSplunk DB Connect and Neo4j anyone?
I am trying to connect to Neo4j using their JDBC driver with no luck. Has anybody done better than this?
View Articletimechart a mapped search?
Here's a summary of what I'm trying to do:Find a job by IDUse the start/end time of that job to bound a search for system performance metricschart the resultsThis is a search that finds the job and...
View ArticleSplunk Hadoop Connect - unable to read snappy compressed data
Does Hadoop Connect support snappy compressed file (on HDFS) for Indexing? All it needs is, to use -text while reading and indexing the file. Without this, it appears like Splunk will be indexing...
View ArticlePush logs from rsyslog into splunk
I was able to setup rsyslog to push logs into splunk but issue is only /var/log/messages are pushed to splunk but i have many more logs such as /logs/server-logs/servername/* on rsyslog server that I...
View ArticleJoin the best option?
I have a search that finds failed jobs from my logs. Each of those failed jobs has a job number. I'd like to then take those job numbers and get all the log lines that contain one of those job numbers....
View Articlenestat metric: m/(Snd|Rcv)bufErrors/
Hi guysdoes any of you know how to get the netstat metric m/(Snd|Rcv)bufErrors/ ?? I have been told that this metric shows up when you do a netstat -s but I'm afraid all I am getting is this:Udp:...
View ArticleSplunk Hadoop Connect installation problem
I got splunk-hadoop-connect 1.1 from here.While trying to upload HadoopConnect-1.1-151409.tgz, I get this error on the web UI: There was an error processing the upload.I also tried HadoopConnect1.0 and...
View ArticleProblem with earliest
hi,I want to subtract 1 min from my earliest and show the log entries for that time.Time is not present time it can be selected by user. how can i do that ?Thanks and Regards
View Articlemoving dashboard into custom app
I now have some dashboards with good stuff on my dashboards. I want to move them into a custom app. I found the directory /opt/splunk/etc/apps/<app name="">/default/data/ui/views and dropped the...
View Articlecapital letter, small letter (combine)
When I put belowsourcetype="splunk_page_search" | top limit=10 keywordthe result..1 AAA2 aaa3 BBB4 ccc...actually, 1 and 2 are same. just 1 is capital letters and 2 is small letters. I want the result...
View ArticleCalculating with the result of stats count.
Hi Base,I tried to calculate a ratio of the occurrence of a value in a field. F.e. the field is Rvals and the values are 1,3,4,4,3,10,5,8,9,10.I want to calculate the occurrence of “4” so my approach...
View Articledisplay several units on x axis time and string
Can we display several units on a x-axis other than time, for example i have a file with 2 fields data date A 20130601 B 20130701 C 20130801___|A 20130601__| Wed 20130605__|B 20130701__|Wed...
View Articlehow to sort two Az lists by Min and Max show the destinationa and Operators?
first list 1 NWT.csvDestination;Rate;Operator AFGHANISTAN;0,257;NWT AFGHANISTAN MOBILE;0,257;NWT AFGHANISTAN MOBILE - AREEBA;0,257;NWT AFGHANISTAN MOBILE - AWCC;0,257;NWT AFGHANISTAN MOBILE -...
View ArticleClik here to view.
Google map is not enough ! enhancements ?
Hi Splunk professional, I need to use Google map for professional presentation, other then http://splunk-base.splunk.com/answers/48631/alterations-to-the-google-maps-app. What else can we really use to...
View ArticleUse timepicker selection in query
Anyone know if it is possible to use the time picker selection in a query?I would like to use this value to calculate availability of a server in base of the time range selected. time picker 24 so...
View Article5.0 upgrade now getting lookup table errors
I am getting a bunch of lookup table errors after upgrading to 5.0 that weren't there in 4.6.6.The lookup table 'endpoint_change_vendor_action_lookup' does not exist. It is referenced by configuration...
View Articleautomatic lookup on a field that is automatically looked up
Is it possible to setup an automatic lookup on a field that is automatically looked up?For example, if I add the following in the props.conf and have the appropriate lookup tables,LOOKUP-foo =...
View Article