Splunk Add-on for Java Management Extensions 3.1.1: Why am I getting error...
Installed the Splunk Add-on for Java Management Extensions 3.1.1, and after restarting, I'm getting the error: Unable to initialize modular input "jmx" People have mentioned that the path to Java might...
View ArticleDoes someone have a practical example on using the collect command?
I read the doc about the collect command. I understand how it works and what it does, but I wanted some practical example. Because it is something that uses an index, so I'm afraid to touch it. Thanks!
View ArticleTry and add Monitoring to folder - get error "In Handler monitor cannor...
Hi guys, bit of a splunk newbie here, but muddling my way along with all the great articles on here. Im having an issue where I want to set up monitoring on a folder in C:\Program...
View Articlehow can I sift out TRACE and DEBUG entries so that splunk doesn't index them...
Hello, our splunkforwarders are configured to pull in certain logs from various clients with a "[monitor://]" entry in the inputs.conf file on each client. there is still on-going development work on...
View ArticleHow to set a conditional token in a Simple XML dashboard?
I have a drop-down input field that uses a token `$office_token$` to set the default value. $office_token$ is received from another dashboard when doing a drilldown as part of the http request. If the...
View ArticleHow to set the timestamp format to YYYY-MM-DD?
I need to use the field email sent to YYYY-MM-DD format for timestamp. How to set the timestamp for the YYYY-MM-DD format? Thanks.
View ArticleHow can I edit my search to chart relationships between values for a certain...
I have a simple search parsing project activity logs to pull a list of projects and people working on those projects: index="main" | dedup Author Proj_repo | stats list(Proj_repo) AS Project by Author...
View ArticleWhy does the Splunk service (Linux) disappear after some time?
So I have been using the "free" 500mb version of Splunk at home for about 6 months now and I have had to reinstall Splunk at least 5 times. The reason....it disappears! I know this sounds crazy, I will...
View ArticleCan I have a transforms that routes based upon host and sends to different...
Hi, I have a bunch of different hosts going to a network port for syslog, and need to route to different indexes/sourcetypes based upon the hostname. Can I have one tranforms that does both (for each...
View Articledashboard help - chart, limit, sort question
Greetings, I am trying to replicate the dashboards found in the Tenable PVS environment. First, this is the dash I am after: ![alt text][1] Note the IPs are top 10 and the colors are the severity. From...
View ArticleWhat is the exact Raspberry Pi (Debian) CLI command to download the Universal...
Sorry... total numbnut here... not much experience with *nix commands I'm sorry. I am wanting to download the UF directly onto the pi via PuTTY SSH session. Do I use `wget`or `apt-get`... have been...
View ArticleHow to search a string having multiple lines?
I want to search a string "call_before_download = function(){ showInstallInstructions(); }
View Articlesearch multiline keywords
I want to search a string "hello welcome to splunk how to use splunk? pipeline splunk" but splunk doesnt support this to search as a single keyword. how to handle new line, spaces and tab splace in...
View ArticleHow to measure the amount of data getting into splunk heavy forwarders from...
There are two heavy forwarder with F5 load balancer placed behind this servers to manage the load(syslogs) and this two servers are used to monitor and forward the syslogs (tcp port) information to the...
View ArticlePulling data from Fluentd Plugin to Splunk
We are pulling data like Red hat logs, Apigee, Ansible etc. from AWS through fluentd plugin which is forwarding data to Heavy Forwarder in AWS, and then from that HF to another HF in a DMZ to another...
View ArticleDrop Events at the source with UF
All, Just reading - http://blogs.splunk.com/2016/05/05/high-performance-syslogging-for-splunk-using-syslog-ng-part-1/?awesm=splk.it_x0t And it's mentioned that we can drop events at the source with the...
View ArticleIs it possible to create input field with textarea (html) and set token?
I can populate the field with the following in simple xml with html tags however the token is not getting set if user enters any information and then click on submit button Here is the explanation....
View ArticleSum events by IP
Hi, Sorry for poor english, it's very late. I have problem with grouping numbers of occurrence of events by IP. Let's say i have 6 requesting IP. IP #1, #2, #3 are from client A, #4, #5 are from client...
View ArticleReturn latest events where one field is equal to a certain value
Hi Guys, I have got a problem which I need to return results when 1 field is of a certain value **BUT** only after a certain events. Serial_No Complete 7 0 5 0 4 0 3 1 2 1 1 0 In the case above, I only...
View ArticleWorkable to set up DMC in distributed mode on a test or demo search head ?
We have a testing or demo environment configured as distributed search that contains one search head, multiple indexers and heavy forwarders. The search head has some saved searches and dashboards. I...
View Article