Why I am getting the error below when executing a simple query from the DB...
![I am using Oracle 11 release 2. I have also downloaded the corresponding JDBC driver ojdbc6.jar from the Oracle website.Whe I am trying to execute a the query SELECT 1 FROM DUAL in the query tab I...
View ArticleFiltered search from 2 searches
I have 2 searches: 1. Search(AAA)|rename _time as TimeA|table TimeA host; 2. Search(BBB)|rename _time as TimeB|table TimeB host How to create a new search: Search(???)|table host; (or Search(???)|table...
View ArticleDiscarding events using TRANSFORMS-null
I'm trying to bring in Cisco CDR files for some very basic splunk searches. The standard CDR format has a header row, then a "datatype" row, then the actual data. So the first two rows look something...
View ArticleEver wonder which dashboards are being used and what users are using them?
The dashboard below should help answer that question for you. The User dropdown uses a `|rest` search to get a list of LDAP users so if you don't have access to run `| rest` or aren't using LDAP then...
View Articleerror during deleting index
Hi I was trying to delete index from Setignes - > Indexes - Delete option I have got such error message: Timed out while waiting for splunkd daemon to respond (Splunkd daemon is not responding:...
View ArticleMerge case sensitive and not case sensitive username event windows
Hello, thanks all in advance for your response. Can i merge events of windows, in particular field User_Name, when there are multiple occurrences with upper and lower case in username? For example:...
View ArticleWhat does sendCookedData actually do on a heavy forwarder (i.e. what does...
What transformations / processing happens when data is cooked on a heavy forwarder? Is it the same as the data being indexed just without local storage (barring also setting indexAndForward to true)?...
View ArticleAre there a standard set of attack vectors to search and alert for?
So I wanted to field this question out to the community. I'm looking to ensure that I'm covering as many attack vectors with my alerting as possible. I know that all environments differ in many ways,...
View ArticleHow to change my stats sum(x) search to an hourly timechart sum(y)?
Hi I have the following search which displays the sum of a field, but I am trying to put a time chart in hourly which shows the sum of that particular hour. …..My Search……| rex "value(?\d+.\d+)" |...
View ArticleCan I add more details to my license usage by time search to see how much is...
I use the License Usage search (generally when I click through on a host or source from the License Usage page) and can manipulate the hosts or time blocks with no problem. But I'd like to narrow down...
View ArticleHow to Restrict the permissions to a Dashboard to only certain users in LDAP?
I know there is a way to do that by creating a role and assigning that role to the Ldap Group, but I want to know is there any other way that I can assign directly to certain users that I prefer to...
View ArticleFailed to load search page, 500 internal error
After loading the login page, I log in with my local account. Then it redirects to the following page. Any one else ever encounter this issue? Splunk version 6.0.5 ![alt text][1] web_service.log...
View ArticleAttempting to run Splunk, why am I getting "Problem parsing indexes.conf:...
[volume:primary] path = opt/splunk/splunk_data maxVolumeDataSizeMB = 2000000 [3rdIndex] homePath = volume:primary/3rdIndex/db coldPath = volume:cold/3rdIndex/colddb thawedPath =...
View ArticleAfter updating the Splunk App for Web Analytics to version 1.42, why do I now...
I updated the Web Analytics app, and now I get zero results. I get nothing in the real-time dashboard which, data model aside, I should be seeing. It did work before, not sure what happened... Anyone...
View ArticleHow to manage tsidx files? Can these files be stored on an indexer or indexer...
I have recently written Splunk searches which will search proxy logs for "unique" destination hosts (domains). My initial search filters out domains that we are not interested in receiving in the...
View ArticleUsing the transaction command to determine the length of an "active" session.
I have a system for which I'd like to be able to report on how much time individual users spend logged in. However, there are a few constraints: * When a user opens a new session, it is logged as a...
View ArticleI have a huge JSON event... How can I parse it in splunk
Hi team, I have a huge JSON event out of which I want to parse only a few fields. I am using splunk 6.2.2. I tried to use field extractor but it behaves vague sometimes. It doesnt show up the value...
View ArticleHow does Splunk 6.3 provide native support for ingesting data retrieved by...
Hey all, We've recently upgraded to Splunk 6.3 and I had a quick question about this release note: "Powershell Input. Native support for ingesting data retrieved by Powershell scripts. See the Splunk...
View ArticleSetting of alert_actions.conf does not populate saved searches default...
I was going to use my application's setup screen to populate the following items in the alert_actions.conf file. [email] action.email.cc = me@myserver.com action.email.to = him@myserver.com...
View ArticleSendemail command: How to include the "view dashboard" link when scheduling a...
Hi I am scheduling a PDF for a dashboard using the sendemail command. Why does it not print "View dashboard" link in the message? Is it possible to add it?
View Article