How do I use a token in a dashboard panel chart search query that is...
I am using the following Simple XML for a check box in a dashboard (Splunk Enterprise 6.4):Exclude blacklisted transaction codesNOT [|inputlookup tran_blacklist.csv] That is, I have a single check box...
View Articlemonitoring log file in splunk
am monitoring the one log file in splunk by declaring the bleow stanza in inputs.conf file.but the problem is whenever i added an event to that log file then its updating( means that event available in...
View ArticleDos anyone is indexing EMET logs
hi splunkers ! I Begin to work on Windows EMET logs. From scratch, this software gives a lots of information. Does anyone began to get relevant information from EMET logs ? Thank's. Olivier.
View Articlecreating an 'other' field with eval
I am quite knew to this and not remotely wedded to eval as the solution for this problem, I am eager to know if there is a better way to do this. I am currently using this query: index=cpdata | eval ua...
View ArticleHow to group and calculate the program execute time in group?
Hi expert, currently I am study Splunk and have some question, could you help me to resolve them? Thank you in advance. 22-Apr-2016 12:04:56.213 **start-1** 22-Apr-2016 12:04:57.228 -exec_1 22-Apr-2016...
View ArticleSearch/Macro using a variable as a condition
Hi all, I am trying to use a variable as a search condition based on input in a text box. In order to make it simpler for users, I want them to be able to enter as many potential search strings as...
View ArticleShould I use an index-time field extraction?
Dear fellow Splunkers, I have seen the [docs](http://docs.splunk.com/Documentation/Splunk/6.1.3/Indexer/Indextimeversussearchtime) on index-time field extractions and a few related answers...
View ArticleHeavy Forwarders
Quick question about HF. Do you necessarily need two separated Splunk instances for Heavy Forwarding data? (One for receiving and one for forwarding). If not, how can you do this without tripping up...
View Articleissue with Case statement when using multiple rex
I have the below search query which gives good result but when used in dashboard it says "Search is waiting for input", but when I remove the Rex from second statement it works in dashboard...
View ArticleConnecting to splunk enterprise using splunk sdk for java
Hi, I am getting the below exception when trying to connect to splunk enterprise using the splunk SDK Exception in thread "main" java.lang.RuntimeException: Unrecognized SSL message, plaintext...
View ArticleSplunk Search Head giving 500 internal server error after upgrading to Splunk...
Hi, I just upgraded my Splunk Deployment from 6.3 to 6.4. While I am still able to authenticate to the search head, I am getting 500 Internal Server Error which is preventing me from doing anything on...
View ArticleWhy can't Splunk index my entire log file?
I am trying to index a somewhat long log file (about 38805 bytes according to the tailing processor). This log file contains 417 lines, but Splunk only indexed 47 lines. I thought it might be the...
View ArticleOrphaned Scheduled Search (cannot delete)
Hi, I'm in a Search Head Cluster environment and while looking at our scheduling load, I found some references to schedule ID's (seemingly from Unix/Linux app) that don't seem to exist. The report...
View ArticleWhy does splunk think it can't parse my timestamp
I am seeing some odd behavior. My setup is this: Splunk 6.3.1 Enterprise, 1 search head, 4 indexers, 1 forwarder Plus licence manager/deployment server. The Props.conf file is on the search head, all...
View ArticleDefault Table sort order not working as expected
host="*" index=main sourcetype=WwanSignal uid="3F77F61645E8323E205F832212" | table _time deviceName user quality prevQuality prevDuration RSRP RSRQ RSSI SINR SQ lat lon is returning in this sort order....
View ArticleHow to build a query to find the request and response of the main service and...
Hi, I have a request and response logs for service.here is the question. service A(main service)(id:1111): ---Internal service1(sub service)(id:1111) ---internal service 2(sub service)(id:1111)...
View ArticleNone Domain Environment
I have Splunk at work and am new to it so I want to learn as much as I can. I installed it at home on my Windows 7 PC and I installed the Forwarder on another Windows 7 PC. Can I use Splunk in this...
View Article500 internal server errors with /search/data/transforms/lookups page
We are using Splunk 6.2.4 build 271043 on Ubuntu and we are seeing a couple of pages in the Lookups section that are giving 500 internal errors. When clicking on the Lookup Definitions link (see...
View Article/opt /syslogs/ file system space issue in heavyforwarder
Currently I am facing a file system /opt issue in the splunk heavyforwarder server, this server is used to monitor and forward the syslogs information to the indexer clusters. Files size is keep on...
View ArticleHow to check status of specific indexed file using...
I have imported "xyz "folder into splunk and after indexing I want to check status of particular abc.txt file from that xyz folder. how should I do that?
View Article