How to select only specific events from the search to do stats on?
Need a way to select only specific events from the list of events, so here the example I have a query on iis logs which gives me around say 60000 events so I want to select every 12th event from the...
View ArticleDoes anyone have experience and recommendations for ingesting NetSuite and...
Does anyone have particular experience or lessons learned implementing an automated solution for ingesting Log Files from NetSuite and Fieldglass into Splunk for log analysis?
View ArticleWhy is my search not populating the visualization tab with data?
When I run this search, everything runs fine, but I don't understand why my visualization tab does not populate. Does anyone have any idea what I might be doing wrong? What I am trying to do is convert...
View ArticleSplunk DB Connect 2: How can I get Splunk to reflect the current status of a...
I have a DB Connect 2 MySQL database that gets updated on a regular basis. How can I get Splunk to reflect the current status of the database versus the originally indexed version of the database?
View ArticleHow to create a chart with static values from log file?
Hi I have extracted 2 fields from log file & now I have to show a chart based on these 2 values. How can I do that? The value of these fields will be derived from the log file. Field 1 - Process...
View ArticleWhy is one of our hosts down and we are getting these errors in splunkd.log?
Hi, We have noticed one of our hosts (search head) is down and got an alert that a universal forwarder is not responding. Then we noticed this error below in our splunkd logs at that particular moment...
View ArticleKV Store lookup failing with error about KV store initialization failure
KV store lookups are failing with the following error: Error in 'inputlookup' command: External command based lookup 'kvstore_lookup' is not available because KV Store initialization has failed....
View ArticleTrying to search by CIDR but getting no results
So I did a search by one IP in this range, and I get matches. My thought was to try searching for any IP in the whole range that matched this criteria, but then I get nothing, not even the IP that I...
View ArticleDoes the new Punchcard visualization in Splunk 6.4 Punchcard support standard...
I've got the new custom visualization Punchcard displayed just the way I want it to, but I can't seem to set a token when I click on a circle. For example, assume I have a query such as ... | table...
View ArticleWhy am I unable to delete TCP port 1514 in Splunk Web?
I am not able to delete port 1514. After I tried deleting it, it's still there. Please help on this. Please refer the screen shot as well. ![alt text][1] [1]: /storage/temp/126273-data-input.png
View ArticleWhy does my Splunk 6.3.2 dashboard sometimes return incorrect results when I...
Hello, I found that my dashboard returns incorrect result sometimes when I configure the saved search with acceleration. I notice that this happens when the dashboard returns the results quickly (w/o...
View ArticleHow to create a timechart with the count of open events that did not have a...
Hi there, I have events which indicate opening and closing of an event. I want to see the amount of open events (that did not get a closing event by that time) at a given time. Snipped from my search...
View ArticleHow to configure Splunk to use a field/column from a flat CSV file as the...
Hello, We have a CSV file which is flat file. It has a column named 'RUNDATE' where the date is in '2016-04-20' format. Currently, Splunk indexes all the lines in this CSV as time modified of the CSV...
View ArticleHow to deploy Splunk Apps over stages via Splunk Web?
We have three stages of Splunk. We develop Apps as usual in a dev environment. My question is: 1. How do I transport the App via GUI to my next stage? Is there a recommended way, without manually...
View ArticleWhy are others users getting "Error in 'lookup' command: The lookup table...
I'm having trouble with the following error after creating a lookup command. Error in 'lookup' command: The lookup table 'Port_Description' does not exist or is not available. I don't receive the...
View ArticleGet DNS resolution as part of search results.
So I have a search that gives me IP addresses of internal servers. Would like to modify it so that it gives me the IP and DNS name of the servers. Looking through other answers, I have created a...
View ArticleDoes the AMQP modular input supports AVRO as the transport format?
Hi, customer has data in AMQP message bus. Data is encoded using AVRO. Assume binary format, not JSON. Questions: Is there a need for an additional message handler described here?...
View ArticleHow to set specific execution time in Splunk DB Connect 2?
Hello, I have a created an operation that i would like to run everyday at 7 AM. I understand that the execution frequency is in seconds, which is what i have now, but it doesn't run until mid day. I...
View ArticleSplunk DB Connect 1: Error in 'dbquery' command: command="dbquery", Database...
I have created a DB Connect that set up without any issues. However, when I try to run a `| dbquery`, I am receiving an error saying that the database does not exist. Any suggestions? Thank you in...
View ArticleSplunk Add-on for McAfee: How to collect McAfee Intrushield IPS and Firewall...
Hi all, We are currently collecting McAfee Intrushield firewall and IPS logs via syslog into Splunk without any EPO integration at all, as we don't have that component. We are using the Splunk Add-on...
View Article