Could splunk be used as an ELT or ETL? What is the best Data Integration...
Hello Splunk Experts,what is the best technique to integrate several CSV's arround 58 different type of sources from different machines and build one overall dashboard on the top of those sources, i...
View Articlegoogle maps geoip lookup failing
I always get1 ERROR 2 An unknwon error occured while performing the geoip lookup: <type 'exceptions.keyerror'="">Is there something i have to set up or pay attention to?Splunk 5.1 running on...
View ArticleServer rebuilt using same name - Now I have 2 hosts with same name
Is there a conf file on my splunk instance that i can modify to remove duplicate host names?Example:Swankmpdc1 SwankmpDC1Thanks
View Article10K SAN Drives fast enough for Cold storage?
We are planning to have all of our cold storage for Splunk on SAN. We are planning to use some 10K SAN drives we have available. My question is will the 10K drives provide enough IOPS for searches to...
View ArticleSplunk for Snort Event Question
I'm running a bunch of sample test PCAP files through and getting output in Splunk for Snort but the events seem to be kind of random with different dates, destination IP's, etc within a single event....
View ArticleActive Directory monitoring with multiple data inputs
I'm trying to use the Active Directory monitor data input to monitor AD and I've setup 5 data inputs that start at different OU's. But once the initial Sync has completed only one of them seems to work...
View ArticleLine breaking with custom regex
Hi AllI've got a very bad csv to index, which is basically a csv with 63 columns and tildes as separators, because field contents may include any characters except tildes... However... Line breaking is...
View ArticleSplunk Hadoop Connect installation problem
I got splunk-hadoop-connect 1.1 from here.While trying to upload HadoopConnect-1.1-151409.tgz, I get this error on the web UI: There was an error processing the upload.I also tried HadoopConnect1.0 and...
View ArticleSplunkd errors.
Hello All, I am seeing long set of splunkd errors. Most of them are repeated. I wanted to know if affects the splunk performance? Do i need to worry about the splunk internal errors, which doesn't...
View ArticleMonitoring scheduled searches
Hi folks,I want to monitor my scheduled searches, e. g. I need to know if a schedulded search run while an indexer was down, which could lead to uncomplete results.Does anyone know where to get those...
View ArticleCSV file header in splunk storm
I just started testing splunk storm and have got some machine data (windows event log and application logs are feeding into Splunk).I am trying to upload a CSV (actually an excel table converted to...
View ArticleSplunk Form with regex
Hi,I need to accept 2 user inputs ( 1. Store and 2. "*Exception") in a form and then populate the exact Exception name in a table with the count of this particular type of Exception.I have written a...
View ArticleS.o.S: Topoloy view continues to list a disabled peer as active search-peer...
Why does the Topology view in S.o.S 3.0.1 continue to list a disabled peer as active under the SH detailed information on the right-hand side ?
View ArticleAfter upgrading to 5.0.3, I can only export 100 lines of csv via UI.
Upgraded from 4.3.x to 5.0.3 this week and noticed that exporting from UI only produces 100 lines of CSV. Yes, I checked "Unlimited" and even tried checking the 10000 lines option.Using * | outputcsv...
View ArticleRandom behaviour from splunk
I'm sending syslog messages through to Splunk in field/value pairs. When the field value contains spaces or certain other characters we put double quotes around the value. When the value contains...
View ArticleDeployment Server Does not copy _OUT_ for Splunk App for NetApp ONTAP -...
Has anyone seen the fact that the deployment server does not include the _OUT_ as part of the bundle it creates and pushes out to the forwarders? Is there a way to force it? It then causes an error...
View ArticleHow to have eval use results of accum
I have a chicken and egg issue here which I am having trouble resolving.I have a search which returns data for each month.[base_search] | eval monthlyCost = ((annualCost - totalPaid)/days_left_in_year)...
View ArticleAlert service throwing error
Hi All,I am getting "Dispatch dir= does not exist anymore,canceling search" error while running query from the alert service but the same query working fine while running in normal search.please advise...
View ArticleClik here to view.
How to separate stacked chart ?
I have 3 fields and wanted to display separately but it is all stacked together. How can I separate the stacked chart? I used a search command of sourcetype="CurrentWeatherSGTraffic" OR...
View ArticleRoute Syslogs coming from certain hosts into a separate index
I've been attempting to route Syslog messages, coming from certain hosts, to a separate index with no success. Below is an example of my config:Splunketcsystemlocal\Props.conf [syslog] TRANSFORMS-index...
View Article