help needed with splunk search
hello i have a problem with splunk results. in some of the RAW logs i have a field called as "ref" and in some logs i dont have that field. i want splunk to display the results even when a a particular...
View ArticleCan I export dashboard or form into powerpoint?
Hi,Can any body let me know, Is it possible to export Dashboard/form to powerpoint instead of PDF?thanks
View ArticleSideview Utils - Textfield Default Values from URL
My question is fairly identical to this old one here: http://splunk-base.splunk.com/answers/83479/pass-foo-value-to-textfield-defaultIt seems that user was having the same problem as me, and his issue...
View Articlewhy does this form search work
Can anybody enlighten me on why the form below (shortened) works when it's designed exactly this way, but not in any other? (using splunk 4.3.6)Specifically, in the <searchPostProcess> I wanted...
View Articlehow to limit characters length in splunk result
Is there a way to limit the length of the results for a particular field? For example, if the URL/ref field is 100characters long it will make our report box look like a mess because it will have a...
View ArticleHow to allow different search timerange based on index?
I would like to allow my user to search a longer range (1 year) if within summary index. For main index, I would like to limit search timerange to 30 days. Is this possible?Are there any hidden role...
View ArticleHow to Restrict search terms for role based on a dynamic parameter?
We want to restrict certain usergroups possibility to search in Splunk based on a dynamic parameterFor instance Merchant group A should have this search restriction: index=business-events merchantid=1...
View ArticleCustom search command: preop only works when retainevents is false?
I have a questions about custom search commands and the streaming_preop option. Is there some reason why the preopt is only honored if retevs (retainsevents) is false?I have a situation where I would...
View ArticleCrash logs galore :(
Trying to figure out what these crash logs mean, I get some every minute, sometimes multiple times:[build 149561] 2013-08-02 14:40:02 Received fatal signal 6 (Aborted). Cause: Signal sent by PID 22532...
View ArticleAuthenticationManagerLDAP Error Message and BaseDN setting
Hi All,We are currently getting the following error ERROR AuthenticationManagerLDAP - Could not find user="nobody" with strategy="LDAP DC02" host=somethingNot sure what error is causing this error. Is...
View ArticleGoogle Maps - Keeps saying Update Available
We installed the latest Google Maps app (1.1.3) upgraded from 1.1.2 - and Splunk still tells us that we need to update to (1.1.2). Why is the current version listed as 1.1.2, but the latest version is...
View Articleinstalling apps
trying to add an app to my install I get the following:AuthorizationFailed: [HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/services/apps/remote/loginusing admin...
View ArticleClik here to view.
join table outer search
Hi all, I need to join two table up and do a count of rain. Below is my search query is there anything wrong ? I can't seems to display my count of rain over places.sourcetype="ltaTraffic" OR...
View ArticleSplunk ingesting MSMQ Message
I have a legacy logging application that sends its messages to a MSMQ queue. Can splunk be configured to read data directly from the queue? Or do i need to write a listener application that reads the...
View ArticleCreate user using the REST API
I'm developing some stuff using SDK, accessing data inside Splunk. As mentioned on this page (http://dev.splunk.com/view/splunk-sdk/SP-CAAADP7), "each of Splunk's resources (apps, users, searches,...
View ArticleSplunk DB Connect Bug
Good Morning/Afternoon to all!!I have a query regarding the dataset returned by |dbquery. If the Database has a time field while viewing the result it shows wrong value which it converts to some other...
View ArticleUnable to Index XML file
Hi, I would like to index a whole folder which contain XML files for SSO system.The XML log file format end with .svclog. The XML file contain such info:<e2etraceevent xmlns="xxxx"> However, when...
View ArticleUsing a result to aid in an ongoing search to display on a Dashboard
Hi,My main goal is to build a Dashboard/Form that accepts a user input of a filename. The Dashboard/Form then filters through the logs to display the movement of a file across numerous processes,...
View ArticleSummary index for rolling 30d count not working as expected
I've just started using summary indexes - I have two searches that work as expected on querying data in just the previous day.I also what a job that queries our unique users over the previous 30...
View ArticleNagios or Net-SNMP
Hi I'll start to work with SNMP and before start i would ask your advices. We are using Splunk as an unique interface to display all monitoring informations. I'll start to work with the Brocade SAN...
View Article