Quantcast
Channel: Questions in topic: "splunk-enterprise"
Browsing all 47296 articles
Browse latest View live

Linux monitoring ps.sh for cpu usage > 100% is normalized to 0

I've the Splunk_TA_nix add-on installed to monitor Linux systems (all VMs). Researching a recent server issue there's a process running at %500 CPU usage. This is only possible because it's a VM....

View Article


How to overlay/combine line charts with two different time spans?

I have two line charts I'd like to display in one view, but I'm having trouble combining them **because they're using different time spans.** The first chart is `index=os | search sourcetype=cpu...

View Article


How do I place a hyperlink in dashboard pdf report?

I am creating a splunk dashboard with a few reports. On one report (outputted as a table), I want a long url to be replaced by a short number. When clicking that number (VIA THE PDF DASHBOARD REPORT) ,...

View Article

XMl token defaults to * for a field and the need is to initialise * to output...

I have a drop down which populates the list of servers in the environment and the default value of the server token is * which gets all the servers and some extra as $server$=* , whereas i need * to be...

View Article

Cannot get custom sourcetype to do line breaks correctly

We have Splunk Enterprise with SH, Clustered IX (2), HF and many UFs. I have created an app in the deployment apps folder (with inputs.conf and props.conf) on deployment manager and deployed to server...

View Article


Splunk not storing time in milliseconds

I am extracting the timestamp from events in microseconds (%Y-%m-%d:%H:%M:%S.%6N). But when index event timestamp is not showing in sub seconds. Always I see zeroth subsecond in timestamp. Is there any...

View Article

Problem with lookup for disabling alerts during maintenance

Sorry for the simple question, I am new to the Splunk world.... I have a CSV loaded (StandardMaintenance.csv) which has two rows UnderMaintenance NO I want to add a check to each alert so that they...

View Article

Hi. I am indexing data from a ticketing tool.

I need to see what tickets were opened at end of each month. I've done a initial charge of the database, because of this, I can't use the _time indexed, otherwise I have to use open_date and...

View Article


OSSEC server not seeing/reporting file changes in Splunk

I've configured the agent on my machine to monitor file changes for a specific folder and validated that Splunk's OSSEC Reporting and Management app is seeing my agent, and my workstation shows up...

View Article


Can I Build A Dashboard Using Data Pulled From DB2 Using DB Connect?

I am potentially working on building on a Splunk dashboard. It is meant to take data every day that is in a DB2 database, and put it into a dashboard. I've watched some DB Connect videos but it just...

View Article

Get list of VM's from splunk

Is there a way to get the list of VM's which is forwarding data to the Splunk ?

View Article

Splunk Drill Down Option Issue

Hi , I am trying to create a dashboard for Error OR fail* from application logs. There are three hosts from where data is reporting to splunk instance. Now i have run search query Error OR fail* and...

View Article

Is there a link to filter on apps with an additional pricetag?

Is there a link to filter on apps with an additional pricetag? I'd like a list of premium apps not only made by Splunk (ITSI, ES, UBA...) but also from partners like sideview apps, Qmulos apps etc....

View Article


XML token defaults to * for a field and the need is to initialise * to output...

I have a drop down which populates the list of servers in the environment and the default value of the server token is * which gets all the servers and some extra as $server$=* , whereas i need * to be...

View Article

Splunk is not working. localhost refused to connect.

This site can’t be reached localhost refused to connect. Did you mean http://localhost8000.com/? Search Google for localhost 8000 ERR_CONNECTION_REFUSED -- OS: Windows Server 2016 ![alt text][1] [1]:...

View Article


Hosts sending logs to an UF

Dears, I have one UF that is receiving logs from many servers. This UF forward logs to my indexer. How can I see which devices are being sent from this UF? I tried the following search: index=_internal...

View Article

Using Splunk DB Connect to join splunk index to a table in sql server and...

Hi, I am new to SPL and Splunk. I use the following query to find PTP violations per server index=indexwintimesynclogs|eval offset=Delta|where offset>0.0001 and like(ServerName,"%PRD%") | stats...

View Article


how to find out if someone modified an index or deleted eventdata from an...

I had a test_index index created where I was sending all test data. However, out of nowwhere, today I see all data gone from it. How can I find out which user messed up with this index ?

View Article

Help me with rex regular

Hello All, I have a file with data: --------------server1 2018-07-----SQL2008-- Number of Success Logins: SOFTPOINTPERFOMANCEEXPERTLICENCEUSER - SQL SERVER AUTHENTICATION - xx.xxx.xxx.xx -...

View Article

When is it necessary to upgrade universal forwarders?

We are planning to upgrade our splunk instances and we are wondering if its necessary for the forwarders as well? if not, then when? both are running in Splunk 7.0 and environment is distributed,...

View Article
Browsing all 47296 articles
Browse latest View live


Latest Images

<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>