Can I add information to the forwarded log?
We now have a splunk server to receive different servers' log. We want to forward these log to another syslog server. However, we cannot identify the log belong to which server in the syslog server...
View ArticleSearch with Join Consecutive identical events
Hi,I'm looking to write a splunk search that joins consecutive similar events. The data is of IP Addresses allocation to machine names, so the lines are of the following format:[Start Time],[End...
View ArticleIssue with Twitter App Installation
hi I am not able to Set Twitter2 App by davidfstr , whenever i am doing the set up with twitter account info and by enabling the Twitter scripted input below, i am getting follwoing error "Encountered...
View ArticleHow do I change the source host IP address shown in Cisco IOS as it uses the...
The Cisco IOS app displays all entries as originating with the "Host" IP Address using Syslog Relay Address instead of Actual IP Address of the devices. The original IP address of the source is...
View Articlemultikv extraction fails when table contains empty fields
Hi,I am trying to use multikv to parse the output of df.sh, which is part of the *nix application. On Solaris, the output of df.sh looks like this:Filesystem Type Size Used Avail UsePct MountedOn...
View ArticleRegex expression
HiI have events like this and i am using the below expression to extract the command before query string.sourcetype="access_combined_wcookie" host=prlws* | rex field=uri "(?P<command>\w+)" | top...
View ArticleStaticSelect and SavedSearches
Hi. Got a big trouble to make this working, hope you can help me :) I want something simple : I got a Timerangepicker that i can use to change all my savedSearches in my dashboard. I yant to add a...
View Articlecalculating the values which is having fixed value and then more than fixed...
I am having a table like below Field value a 1 a 2 a 5 b 6 b 8 c 1 c 8 I want to calculate number of fields which is having 1 and then more than 1 In the above example, ans is 2 bec a and c is having 1...
View ArticleDetermining time spent browsing by user from proxy logs
I have some proxy logs in the squid format. Some entries do not have the user, though most do. I can create a transaction by source ip, and that transaction will give me the duration. However, where...
View ArticleSearcing with empty index
Hi all,I have a Splunk index with records of the following format:recordIndex - an integer key I automatically assign to this record upon insertrecordName - name of the recordrecordComment - comment(I...
View ArticleHow do I get a distinct event out of each log entry?
I have an app that outputs log entries, where every entry consists of key-value pairs. For example, this could be the potential contents of my log file at a given instant:level="INFO" thread="5"...
View ArticleHow to escape double quotes in a Dashboard?
In my dashboard, i display log messages in a table. There are logs which has double quotes. I use custom drilldown to goto search app.Now when i click messages with double quotes, I get unbalanced...
View Articlesplunkd.exe environment variables SPLUNK_HOME PYTHONPATH etc
Hi I installed Splunk on my laptop (Windows 7 64 bit) and things worked fine . I stopped the Windows service and was playing around with some Python modulesNow i am able to start Splunkd from the...
View ArticleRegex to extract a field between 2 fixed words
Hi, I am having events, Number1=ABCDAS Number2=10 Number1=hsd gdsf Number2=1 Number1=ADG FHK Number2=11 Number1=HGSF Number2=4I would like to extract the field value of Number1, Field value does not...
View ArticleOptimal stripe size for RAID 10
Is there a recommended stripe size for RAID 10 storage? Thanks, Carthic
View Articlehow can we add auth to the deploy server command ??
Hi..I want to schedule the deployment of specfic app.how can i do this ? generally for running deploy-server command it will ask for admin username and password ryt ?? i dnt want to specify that in the...
View ArticleExclude Process ID or application from Indexing
Hi,We have a need to exclude unwanted events from indexing. The problem is the majority of them are windows file access events which we need to monitor.What i need to know is if we can exclude...
View ArticleMultivalued field mapping
Hi,I have events of the form---- name ---- Drive: C: Free Space: 894.1 GB Total Space: 953.1 GB Drive: D: Free Space: 89.1 GB Total Space: 113.1 GB My events contain multiple drives with different...
View ArticleCalculate Percentage Difference Between Two Searches
When running a single search on bandwidth data I can calculate the percentage between bandwidth In and Out using this eval fucntion:| eval percent_difference=((BandwidthIn/BandwidthOut)*100) | table...
View Article