linebreaking issue
I need some help getting Splunk to line break properly. I have a poorly formatted log file that is pulled from a mainframe so getting the formatting of the message changed would be extremely tough. I...
View ArticleClient is not authorized to perform requested action: search/jobs
The user can search normally but cannot search real-time. It gets the following message:[HTTP 403] Client is not authorized to perform requested action;...
View ArticleHow to send alerts to as a text message?
I know that Splunk can send alerts to email addresses, we are doing this on a daily basis, what I want is send alerts to a cell phone number. How can I achieve that?
View Articlesum the number of events based on list of possible values
I have an event with a field = message_id. I have to count the number of occurrences of this id based on a input list of possible values eg. [value1,value2,value3]something like -> | stats count by...
View ArticleSMS Alerting
My group manages the email servers at our corporation, and we receive email alerts from Splunk just fine. But we need to be alerted if our WAN/Internet connection goes down, and obviously we then...
View ArticleRunning a query with info from another table in a Splunk app
Currently I'm running a query with info from a dropdown, and displaying the results in a tabular format. Now, I want to narrow down the results, so when a field in the table is selected, I'd like to...
View ArticleCombine Field Values within Top Search
Hello,I currently have a saved search. The command is as follows:rt_idp (source_address=[ip range]) | top limit=100 source_address, attack_name, threat_severity, source_zone_name, destination_zone_name...
View Articletimechart span in saved search
Is there a way to pass a timechart span variable to a saved search being called from a drop down? Is there a way to pass it strictly through the xml?
View ArticleExtract fields with a regular expression
I have fields in the format of LOG_ID, DEVICE_DATA, USERNAME, that I'd like to extract, and I'd like to exclude the default Splunk fields like _time, *_raw, and timeendpos, timestartpos, etc. Is that...
View ArticleMultiple forwarders on single WS don't work in v5?
Hey everyone, I am running into some issues right now. I have a dedicated forwarding machine which has 5 instances of the universal forwarder (our tech support rep from splunk stated that the...
View ArticleUser keyword Lookup and Replace
I'm trying to use lookups to do a keyword search and I can't grasp my brain around the right way to do this.I've got some web logs I'm looking at in splunk that contain data that identifies what...
View ArticleEVAL JSON Consistency
With JSON formatted events, I can do fun things like this:sourcetype="microBreadcrumb" | stats sum(message.totalIdle) as sumTotalIdle | table sumTotalIdle As you can see, there is no problem accessing...
View ArticleEating Nagios event logs without installing Splunk for Nagios app
I have hunted high and low for documentation of appropriate sourcetypes.conf and props.conf stanzas for the Nagios event logs, without installing the SplunkForNagios app. I don't want all the fancy...
View Articlesplunkweb process is not startingup
I'm getting this error while starting splunk (./splunk restart). My trial licence was expired and we got the licence to renew. so after login with admin user I'm seeing this error.[build 105575]...
View Articleis there a way to find if a field itself is not being sent
Hi,we have a cookie that we pass in the web logs. Sometimes some of the requests are not sending the cookie itself. Is there a way to find this using splunk?
View ArticleMultiple Charts, One Report
Is is possible to create a single scheduled report with multiple graphs? For executive-level reporting purposes, I'd like to receive a regular report containing four separate graphs: top attackers...
View ArticleLog4g (via Syslog) not working for multiline indexing?
I'm working on trying to get our application server's log4j working so that events will show up in searches for multiline events as a single event. There is also a problem where there are "..." breaks...
View ArticleProblems with running drilldown examples using advanced XML
I'm trying to run the drilldown examples on this page, and I get the error foud an invalid value for layoutPanel - 'panel_row3_col'I'd paste the code here but for some reason, it doesn't recognize the...
View ArticleCount number of occurrences inside an event
Hi everyone. I am working to analyze an XML output file from a vendor application we use. Inside, there is an element called <row>, and within that there can be 3 child leaves. A single output...
View Articlednslookup works until the search completes, then exits with code 1
Tried using your dnslookup app and it appears to work while the search is running. Then when the search completes, all my results disappear and are replaced with the following error:External search...
View Article