Indexer Discovery on Heavy Forwarder
Is it possible to enable indexerDiscovery on a Heavy Forwarder? I followed instructions here (http://docs.splunk.com/Documentation/Splunk/6.6.2/Indexer/indexerdiscovery), but haven't been able to get...
View ArticleI do a search for an index and it finds it. I look in the web interface for...
I do a search for an index and it finds it. I look in the web interface for indexes and it is not listed. I look in data inputs and it is listed there as an index. Why does the web interface not show...
View ArticleHow to push updates from SH deployer and Index Cluster master?
I had to update a props.conf and I am trying to push it via my Index cluster master and my sh cluster deployer. what is the command to push from my index cluster? when I try pushing from SH cluster...
View ArticleHow to add an add-on icon using Splunk Add-on Builder App?
Hi, I am trying to add an icon or logo to the add-on that I am creating with Splunk add-on Builder App to be downloaded on Splunkbase before packaging it. I could not find a documentation on this. Can...
View ArticleIs there a better way to represent varying data sets in chart visualization?
Hi all, I am having an issue with a dashboard that I am working with. The values of the bucket I am using vary from 1 to ~800. Because of this, it makes it impossible to effectively convey the data...
View ArticleHow do I take data from a search and output it to REST API?
I need to pass data from Splunk to an external system based upon a triggered Alert. Could I use the REST API to pass the JSON data or would a python script be a better approach?
View ArticleReport on the latest events
Hello, I am trying to create a report that only looks at the latest events by a sourcetype. The sourcetype is an indexed text file, and it its pulls in the events every time the file changes. This is...
View Articlegroup similar url's into single event ?
I am doing a search to get the total count of different URIs and their response times. My result has multiple events of similar URLs - search/abc/1/mno/count/ctr/div/1/link/4...
View Articlegroup similar url's into single field ?
I am doing a search to get the total count of different URIs and their response times. My result has multiple events of similar URLs - search/abc/1/mno/count/ctr/div/1/link/4...
View ArticleDashboard set input variables with a token from another input
I'm in the process of building out a new dashboard that will have 3 input selects. 1. Datetime 2. Input1 3. Input2 Input1 is dependent on Datetime and input2 is dependent on input1. I'm using search...
View ArticleEvents lost when exporting to csv
Hello When searching from the Splunk Search Head, get thousands of events. When I export the result to a csv I only get 64 lines. What could be the problem? Thanks!
View ArticleCan triggered alerts be sent to a separate Search Head?
Imagine, several stovepipes exist... all separately configured... Due to constraints, your customer doesn't want to turn the stovepipes into Heavy Forwarders and build an indexing tier and Search Head....
View ArticleData Visualization Collision
Hi all, I am having trouble with data visualizations. Two of my data points are layered on top of each other. I have tried adjusting the scale and size of the visualization and can't figure it out....
View ArticleHow to sort in groups in splunk
How to sort in groups In addition, do you have functions similar to Oracle?![alt text][1] [1]: /storage/temp/255716-η»ε ζεΊ.png
View Articleworking with IP addresses - creating a table of old IP addresses
**Background:** I have a directory/folder of CSV files containing the following fields: mac ;IP;devicename;interface;vlan which is being indexed into switchlogs. [collected from all my LAN switches]...
View ArticleIndexing Data from NFS without mounting
Hello, I'm relatively new to Splunk, so please bear with me. I wanted to know whether there was any way to point to my shared storage data without actually doing an NFS mount. Can I maybe point the...
View ArticleIndexing data with multiple forwarders on the same host
Hello, I googled around for similar questions but could not find anything, so I'm sorry if this question has already been asked before. If i want to index large amounts of data using multiple...
View Articlehow to get the result of sorting in the group.
I want to get the result of sorting in the group. ![alt text][1] [1]: /storage/temp/255717-range.png
View ArticleHow to configure splunk to get field value from Splunk DB connect data pull
Hi - we have a requirement to get the data from DB Connect. In pulling data, we also need to take the value of a field (data field) and append that value to the splunk Source field (source=filename_)....
View ArticlePaloAlto APP Eventgen
In the old Paloalto APP there was an Eventgen but I can not find it now. I want to generate a log automatically, is not there a good way? Thanks guys.
View Article