What does splunk do with overlapping index definitions?
Greetings. Suppose I create an indexes.conf file to be distributed to all of my indexers which contains a HOT and COLD volume definition. Then I distribute several apps to the indexer, which each...
View ArticleSpecific day to Specific day in panel
I'm trying to display results within my panels on my dashboard for the previous week Sunday at 12am to Sat at 11:59:59pm. I've tried using -w0 to -w6, but it keeps throwing date range error. And I...
View ArticleDeactivate alarm the day
Hello. Wondering whether when creating an alert, Section: Throttling - After triggering the alert, do not trigger it again for: 24 Hours In see of waiting 24 hours to skip the next alarm, are all other...
View Articlesummary index drilldown results to raw events
It's probably not best practice but, is there a way to have the summary index results clickable drilldown link to the raw events(by host for example) I saw some examples here on answers using...
View ArticleNo data showing on Splunk Palo Alto Networks App
Hi,I recently installed Splunk (5.0.3 trial version) with Palo Alto Apps version 3.2.1. When I connect to the PA-200 (ver 5.0) and set up PA box to send syslog to Splunk, I cannot see any data showing...
View ArticleHow to remove duplicate column values in table?
I have a table that contains several columns. The table looks something like this:timestamp,region,product_number,status,count time1,americas,12345,done,5 time2,americas,23456,fail,4...
View ArticleShould I convert existing Summary searches to Report Acceleration?
Hi, before Splunk 5 we have created about 40 saved searches that are populating summary index and about 70 other saved searches plus a handful of dashboards that query against the summary index. Now...
View ArticleHow can I set a custom splunk banner/warning?
I'd like to set a custom banner to notify users of outages, for example, a single indexer is down and OPS is working on it. Can I do this?
View ArticleSet a banner message from configuration file?
Does anyone know if this is saved to a .conf file anywhere?Just wondering if I could have a message pushed out to search heads via deployment server during changes. (yes I know there is a rest call I...
View ArticleF5 Networks iRule req_elapsed_time=0
trying to implement the irule supplied by F5, we can get the irule to log to splunk.We are having and issue with the req_elapsed_time field as it is always returning 0Anyone else using that value and...
View ArticleField Extractor Naming Everything "FIELDNAME".
Hey All,So, the field extractor in Splunk is working great. I can search by any of my custom fields. The only problem however seems to be that no matter what I do, it calls all of my custom fields...
View Articlesplunk for f5 Networks - please correct spelling
i think you have some spelling mistakes in your transformstransforms.conf:[no_memebers_available] please fix name to be members (also update props.conf entry to match)[pool_member_src_ip_2] REGEX =...
View ArticleSplunkd ProcessTracker Error
Hi All,I am getting lots of these errors in splunkd.log. My instance "Splunk 5.0.3 build 163460" is running on Redhat linux 5.8.Any idea what this error means ??? Could anyone please help ?ERROR...
View ArticleRedirecting to different views based on click value
Hi,I have a chart which shows errorcount by host(SP,DB,CRM,etc). now i want to do a drilldown suppose if i click on SP i should get a dashboard showing charts for SP only similarily for other two...
View Articlesplunk could start due to splunkweb time out help !!
I used cmd to restart splunk but splunkweb time out. I only know how to restart using cmd as I saw some people say:1 stop splunk 2 check the presence and owner/permissions on...
View Articleis it possible to remove coulumn names
hi, is it possible to remove column names from a table? i dont want to rename it, just want it to be removed can i? please help Thanks for your time
View ArticleCapturing syslog messages in Splunk Storm from Gateway appliance
Noob alert! Have searched thru a number of threads/queries, but I'm still missing something. I have a Gateway server/appliance that generates syslogs and sends them out over UDP on port 514 to an IP...
View Articlemaildir indexing?
Has anyone indexed maildir formatted email archives/folders before? I'm thinking this might be crazy but useful to ingest my archived mail, which is all on local disk on the system running...
View ArticleSplunk Alerts -> Custom Scripts -> Sharepoint tickets?
Hello, I was wondering if anyone has used Splunk alerts along with custom scripts to create tickets in a custom (not complex) Sharepoint ticketing system.We are a pretty small shop and can't justify...
View ArticleRegex expression (Field extraction)
I need to extract the date and time from this:<d:message>(22/7)17:53 Accident on AYE (towards Tuas) after Jurong Port Rd Exit. Avoid lanes 2 and 3.</d:message>Currently I am using this...
View Article