MS Exchange App - Heavy Forwarder
What is the point of the heavy forwarder outlined in step 4 of the docs?Next, install a full Splunk instance that has an outbound connection to the Internet. Note: This server should be separate from...
View Articlerfc5424_syslog is not showing in source type list
After I installed rfc5424 app, rfc5424_syslog is not showing in source_type drop down list.Is it suppose to show? or I need to set it rfc5424_syslog manually?
View ArticleSideview utils valuesesetter - what fields are actually available?
In the sideview utils documentation is says "ResultsValueSetter allows you to reach up into the server's search results, grab some field values from the first row of the current search results".This is...
View ArticleCreate a User using the PHP SDK
I'm building a PHP web app that uses the Splunk PHP SDK and I've hit a brick wall trying to create a new Splunk user.Ideally when a user account is created in my app, a corresponding account should be...
View ArticleSplit forwarding - locally indexing Splunk internal audits; forwarding system...
I should probably know the answer to this, but it eludes me.The search head of my deployment also acts as the enterprise licence server. I want to forward all the operating system logs to be indexed on...
View ArticleClik here to view.
windows app task category incorrect
Hello,We have the Splunk windows app setup to monitor the system eventlogs on our citrix server and it appears to be pulling in the wrong information for task category. Below is an example of the event...
View ArticleWriting to socket using .NET SDK
Hi!I'm keeping a socket connection open using Receiver attach() method to send events to my Splunk Server. But I'm not able to see any events coming until close the socket.Now I'm using a very ugly...
View ArticleDispatch Directory question
We keep getting the message: "WARN DispatchReaper - Too many search jobs found in the dispatch directory (found=3575, warning level=3500). This could negatively impact search starting times".As you...
View ArticleDate Time parsed incorrectly
We have data coming into Splunk that looks like:DATA_FEED[00ZA044]:08/07 06:59:59 Got 'ABCDL NO PENDING TRANSACTIONS FOUND FOR REQUEST ' in file - LaLaStuffDATA_FEED[00ZA044]:08/07 06:59:59 Queued time...
View ArticleStripping header from input file
Is there a way to strip the header from a data input? This is coming from a universal forwarderexamplethis is garbage this is also garbage end of garbage HEADER DB_NAME DB_ID IO timestamp test_db 1...
View ArticleChanging Pulldown selection causes upstream search to run again
I'm building a view that roughly looks like this:TimeRangePicker Search using inputlookup Pulldown populated by Search above Search building larger result set Pulldown using static config Pulldown...
View ArticleSearch TCP Data Input
Hello! I adds TCP Data Inputs and indexes the TCP port 80.I use local forwarder and indexer.How can i search this logs? What sourcetype? Syslog?Sorry, but i can`t find answer..
View ArticleHow to insert host name into event
I have a real need to insert a hostname into an event at collectionindex time not at search time. Seeing that most of the IP's that I'm looking to resolve to hostnames change very frequently I need to...
View ArticleAPPEND is not UNION?
Splunk version 4.3search A : index=webserver1 type=error | table serverName message method search B : index=webserver2 type=error | table serverName message method search C : index=webserver1...
View ArticleSplunk DB Connect App not putting data in Splunk index
Hi: I'm trying to get SplunkDB Connect app to pull data from an Oracle database into Splunk.Working:Database ConnectionDB InfoDB Query with the SQL statement I'm usingNot Working: When I go to setup...
View ArticleSearch results may be incomplete, peer 's search ended prematurely
Hello, I'm occasionally getting the above error on splunk web but I'm not sure where to start troubleshooting it. Any tips on what could be causing it?Thanks
View Articlewhy transaction does not create mv-fields?
hi, we have a transaction that doesn't generate mv-fields but a single field with blank-seperated values like starttime="123 345 4565" instead of the expected starttime="123" starttime="345"...
View ArticleSplunk login error - "Undefined index: roles in ssoScript.php"
Several of us here in my office have a lot of trouble logging into Splunk. After entering my username and password the Splunk login web page gives the error: "Invalid username or password.". It is then...
View ArticleEntitlement issue for Pooling Search Head
Hi, I am using 2 linux servers to create a splunk indexer cluster and the version is 5.0.3. Besides, I have 2 search heads with the feature of pooling search head meaning the knowledge bundles are...
View ArticleI'm trying to add Reddit as a data input, getting back only one result
I'm using this endpoint - www.reddit.com/domain/xxxx.com/.json Do I need a modhash for pulling domain data? www.reddit.com/dev/api/ Has anyone done anything like this for social media?
View Article