splunkweb service wouldn't start
I have 2 Splunk instances. one as an indexer and search head and one just as a dedicated search head(on a VM just for testing and eventually moving to production). Everything was fine and...
View ArticleMonitoring Symantec client for old virus definitions
Is it possible to monitor below 2 situations via SEPM logs forwarded to Splunk via externla logging feature on SEPM console : Virus definitions x days old - If we want to alert on machines which have...
View ArticleChanging the Linux Scheduler for indexer filesystems
I've been thinking alot lately about the possibility of changing the Linux scheduler for the filesystems on my hot & cold indexes. My storage is all on EMC VMAX arrays, so I'm thinking that setting...
View ArticleSplunk for Netapp api-* rights
All, Our storage team states that a service account with api-* isn't acceptable. can someone tell me the specific rights it needs so we are not giving it global rights?
View ArticleSearch Returns Events but Job Inspector Reports "No matching index found " --...
I am seeing what is for me a very odd situation. We have a scheduled search to alert on one of two specific errors that might occur in an application we are monitoring. What I am seeing in Job...
View ArticleSplunk Dispatch Command WARN - unable to search on searchheads
I am currently not able to search on my search heads. I am receiving the following WARN message in the splunkd.log. WARN DispatchCommand - Expected common latest bundle version on all peers after sync...
View ArticleERROR DistBundleRestHandler - Problem untarring file
Running 5.0.1 on Linux, receiving this error over 500 times a day spread across 34 indexers. Using the splunk service account, I was able to untar the the bundle fine so I do not believe it's...
View ArticleTwo timerange pickers in one panel to compare custom time ranges
I would like to compare events from two different custom time ranges. If I put two timerange modules in a panel, how could I get the values of those, to populate the earliest and latest variables in...
View ArticleClik here to view.
Search Query to always display specific row help pls
I have this search query sourcetype="CurrentWeatherSGMap" Message="Yishun" | eval Description=case(current_summary="Rain", "Poor" ,current_summary="Cloudy", "Good", current_summary="Partly Cloudy",...
View ArticleHow can i retreive only some fields ?
Hi i'm using this app and i have some trouble to reduce the indexed volumei will reduce the flow selecting only some fields : i modified the file fw1-loggrabber.conf :...
View ArticlePulldown modules arrangement and Saved search
Hi all 1)May be somebody knows parameter for arrangement pulldown modules on view? not layoutPanel="panel_row1_col1" but i need inside row1_col1 arrange pulldown windows 2) Is it possible to save...
View ArticleHow do I create key/value pairs from a _raw field with only values?
I have a Symantec Messaging Gateway syslog input that provides syslog with no keys, only values. For example: 2013-07-11T13:13:16-04:00 appliance-name ecelerity:...
View ArticleCheck Hosts for Phishing Sites Visited with Phishtank csv
Hey all,Phishtank.com has a downloadable csv file that contains thousands of verified phishing urls. I want to compare these urls with all the weblogs of my hosts so that I can be alerted when one of...
View ArticleNavigation menu default.xml changes not visible in app
In the Manager>>User interface>>Navigation menus I am trying to edit the default xml file. I edit the xml and save. The changes are not viewed in the app.I also have looked in d:\Program...
View ArticleURL Monitoring using Webmon
I am trying splunk and wanted to see the URL monitoring using Webmon. I have installed Webmon and added the following into urls.conf file. I am using IE 8.0[Google] url = <url> indexResults =...
View ArticleSplunk app forActive Direcoty - All data are going to main index
HelloI'm having an issue with Splunk app for Active Directory All the data are index to the main index, that make the app unsable as it search into the index msad, perform and winevents.I've installed...
View ArticleSplunk Simulator
Hi All,I was wondering if any of you knew of a Splunk simulator (where I could upload a CSV and check my searches without having to create an entire testing environment/run tests on production...
View ArticleStuck on "Allocating Project Resources"
Hi --I was invited to a project; the inviter has proven access to the project data. I set up my account; the project I was invited to shows up in my project list. Yet, the 'Explore Data' icon remains...
View ArticleSnort for Splunk via rsyslog
I have a central syslog server forwarding snort alerts to my Splunk system via rsyslog. These snort alerts are currently the only data being received by Splunk. The input is configured as syslog and...
View ArticleProper REX command
What would the proper REX command be to extract the following:SPACE:SPACE then a numeric stringso ends up being ' : 949495'
View Article