Linux monitoring ps.sh for cpu usage > 100% is normalized to 0
I've the Splunk_TA_nix add-on installed to monitor Linux systems (all VMs). Researching a recent server issue there's a process running at %500 CPU usage. This is only possible because it's a VM....
View ArticleHow to overlay/combine line charts with two different time spans?
I have two line charts I'd like to display in one view, but I'm having trouble combining them **because they're using different time spans.** The first chart is `index=os | search sourcetype=cpu...
View ArticleHow do I place a hyperlink in dashboard pdf report?
I am creating a splunk dashboard with a few reports. On one report (outputted as a table), I want a long url to be replaced by a short number. When clicking that number (VIA THE PDF DASHBOARD REPORT) ,...
View ArticleXMl token defaults to * for a field and the need is to initialise * to output...
I have a drop down which populates the list of servers in the environment and the default value of the server token is * which gets all the servers and some extra as $server$=* , whereas i need * to be...
View ArticleCannot get custom sourcetype to do line breaks correctly
We have Splunk Enterprise with SH, Clustered IX (2), HF and many UFs. I have created an app in the deployment apps folder (with inputs.conf and props.conf) on deployment manager and deployed to server...
View ArticleSplunk not storing time in milliseconds
I am extracting the timestamp from events in microseconds (%Y-%m-%d:%H:%M:%S.%6N). But when index event timestamp is not showing in sub seconds. Always I see zeroth subsecond in timestamp. Is there any...
View ArticleProblem with lookup for disabling alerts during maintenance
Sorry for the simple question, I am new to the Splunk world.... I have a CSV loaded (StandardMaintenance.csv) which has two rows UnderMaintenance NO I want to add a check to each alert so that they...
View ArticleHi. I am indexing data from a ticketing tool.
I need to see what tickets were opened at end of each month. I've done a initial charge of the database, because of this, I can't use the _time indexed, otherwise I have to use open_date and...
View ArticleOSSEC server not seeing/reporting file changes in Splunk
I've configured the agent on my machine to monitor file changes for a specific folder and validated that Splunk's OSSEC Reporting and Management app is seeing my agent, and my workstation shows up...
View ArticleCan I Build A Dashboard Using Data Pulled From DB2 Using DB Connect?
I am potentially working on building on a Splunk dashboard. It is meant to take data every day that is in a DB2 database, and put it into a dashboard. I've watched some DB Connect videos but it just...
View ArticleGet list of VM's from splunk
Is there a way to get the list of VM's which is forwarding data to the Splunk ?
View ArticleSplunk Drill Down Option Issue
Hi , I am trying to create a dashboard for Error OR fail* from application logs. There are three hosts from where data is reporting to splunk instance. Now i have run search query Error OR fail* and...
View ArticleIs there a link to filter on apps with an additional pricetag?
Is there a link to filter on apps with an additional pricetag? I'd like a list of premium apps not only made by Splunk (ITSI, ES, UBA...) but also from partners like sideview apps, Qmulos apps etc....
View ArticleXML token defaults to * for a field and the need is to initialise * to output...
I have a drop down which populates the list of servers in the environment and the default value of the server token is * which gets all the servers and some extra as $server$=* , whereas i need * to be...
View ArticleSplunk is not working. localhost refused to connect.
This site can’t be reached localhost refused to connect. Did you mean http://localhost8000.com/? Search Google for localhost 8000 ERR_CONNECTION_REFUSED -- OS: Windows Server 2016 ![alt text][1] [1]:...
View ArticleHosts sending logs to an UF
Dears, I have one UF that is receiving logs from many servers. This UF forward logs to my indexer. How can I see which devices are being sent from this UF? I tried the following search: index=_internal...
View ArticleUsing Splunk DB Connect to join splunk index to a table in sql server and...
Hi, I am new to SPL and Splunk. I use the following query to find PTP violations per server index=indexwintimesynclogs|eval offset=Delta|where offset>0.0001 and like(ServerName,"%PRD%") | stats...
View Articlehow to find out if someone modified an index or deleted eventdata from an...
I had a test_index index created where I was sending all test data. However, out of nowwhere, today I see all data gone from it. How can I find out which user messed up with this index ?
View ArticleHelp me with rex regular
Hello All, I have a file with data: --------------server1 2018-07-----SQL2008-- Number of Success Logins: SOFTPOINTPERFOMANCEEXPERTLICENCEUSER - SQL SERVER AUTHENTICATION - xx.xxx.xxx.xx -...
View ArticleWhen is it necessary to upgrade universal forwarders?
We are planning to upgrade our splunk instances and we are wondering if its necessary for the forwarders as well? if not, then when? both are running in Splunk 7.0 and environment is distributed,...
View Article