Stats by date
Hi , I need the below splunk search to be shown in stats. Stats should be in date wise. please help. | eventcount summarize=false report_size=true index=test| eval size_MB=size_bytes/(1024*1024) | eval...
View ArticleCant Install
When I double click on installer, which is : splunk-6.4.0-f2c836328108-x64-release.msi it gives me the following message : http://screencast.com/t/hXnFkDR9T (see attachment) Can someone help me out ?...
View ArticleMonitor indexing twice
Hi, I've been around this issue for so many hours. I have a log folder that I am monitoring: [monitor://xxxxx\log] index=monitor2015 whitelist = SCCObjMgr_enu.*\.log$ blacklist = .(filepart)$...
View ArticleWhy splunk do not scan all events to search a specific keyword?
Suppose I have 1 Lac events with sourcetype = java and i am searching for keyword "xyz" with query: sourcetype=java xyz I think search should scan all 1 Lac events and then return should matched...
View ArticleSplunk Email Alert\Report is not working with the following error
Hi Splunkers, sunddenly im getting the following message while schedule report (or alert) trying to send an email 2016-04-23 14:58:45,138 +0000 INFO sendemail:1100 - Generated PDF for email 2016-04-23...
View ArticleSplunk Reindexes File that gets a new first line when closed
Hello, My problem is simple to explain: I have an app that generates logs that are written whenever a new action is performed. The problem is, when the session is over, the first line of that log is...
View ArticleWhy result of upperperc95 are smaller than avg some times.
I am running a querie to calculate the upperperc95 and avg for the number of conections in my firewalls, but some times the result of the upperperc95 are smaller than avg results. If the upperperc95...
View ArticleREST modular input not showing on settings>Data inputs
Hi, I am using Splunk 6.4.0 and REST app version 1.4 but i am not able to see REST when i went to setting>data inputs Has it changed in the new version of Splunk? Can anybody let me know how to use it?
View ArticleHow i can calculate average of each event type
index="sc-general" info AND(heartbeat OR Successfully) NOT(created) | rex ":\s+(?\w+)" | eval entry_type=if(entry_type == "Successfully", "File", entry_type) | timechart count by entry_type Now, I want...
View ArticleDealing with multiple fields from different sourcetype that have the same name
Hi, here is my problem : I have a sourcetype A with a field X and Z and a sourcetype B with a field Y and Z. The thing I would like to do is using the field X and Z of sourcetype A and field Y of...
View ArticleOverflow /opt/splunk/var/spool/splunk directory
Hello, We have overflow /opt/splunk/var/spool/splunk directory. It contains **stash.new** files from 2014 year to today. Splunk doesn't clean their itself. We used script **fill_summary_index.py** for...
View ArticleLicense Usage dashboard empty after switch to Multisite Cluster
Hi all, so we switched from a Single-Site to a Multi-Site Cluster recently - I used the procedures as described in the docs and everything went smoothly. But the problem now is that, although a lot of...
View ArticleWhen trying to configure S3 input for ELB, Getting "BotoClientError: When...
Splunk Add-on for AWS: 3.0.0 Splunk App for AWS: 4.1.1 Error Splunk App for AWS S3 Configure Input: Unexpected error occurs. In handler 'splunk_app_aws_aws_s3buckets': Unexpected error "" from python...
View ArticleParameterized search and dashboards
Hi I am using splunk enterprise. I am using it for integration with service now. So i am creating a link in service now with the path to the things.. example a application named xyz in service now.....
View ArticleWinEvents Filtering on Heavy Forwarder (drop the end of event)
Hello guys I'm tring to drop the end of all Security events: This event is generated when a logon session is created. It is generated on the computer that was accessed. .... My conf files on Heavy...
View Articlewhat ports and IP addresses need to be open from Splunk Enterprise toward...
I encountered issue with Splunk Enterprise when instlaling add-ons as I only permit traffic from Splunk IP address toward splunk.com Please provide me a list of IPs and ports that the Splunk Enterprise...
View ArticleHigh CPU usage on a certain indxexer
We have 8 indexers and all are connected to search heads through distsearch.conf (the names are mentioned sequentially, e.g. idx01-idx08). We have bunch of RT searches running along with normal...
View ArticleYour MINT license has not been added yet. Upload it here
I installed and configured Splunk Enterprise Free Trial on my linux box and then installed mint app but while configuring it i am getting Your MINT license has not been added yet. Upload it here While...
View ArticlePull Based Scalability
Working on development of an app with a customer. App is similar in design to ITSI. As such the data collection is the main issue and complexity. System data via PUSH with SNMP / Syslog provides basic...
View ArticleHow do we calculate the RAM usage by applications on different servers?
I am trying to figure out that how much RAM an appool on a windows server is consuming for a given index.
View Article