Forward Data to Syslog Server and Indexers?
What I am trying to do is getting a particular sourcetype forwarded from the heavy forwarder to a syslog server. In addition, I want the data to also go to my indexers. Is it possible to do this? What...
View ArticleNeed help to parse & flatten XML Attribute data in nested format.
We have data coming in XML in the following format: Sample Event 1: Sample Event 2: Please note that the data is exclusively in XML **attributes**, and not in elements. I am aware that we can possibly...
View ArticleHow do i reset the admin password or create a new admin in Splunk 7+.
Renaming etc/passwd to passwd.bak and using user-seed.conf doesn't seem to work. I'm on mac..
View ArticleHow do you chart two searches with separate time range on the same chart
I'm trying to chart open tickets (using a time range of "All-time" and resolved tickets by user for the current month. I've been able to chart the two fields data in the same chart but am looking for...
View ArticleSourcetype Inheritance: How to inherit parent sourcetype to child sourcetypes?
Hope you all have faced this situation.. We got incoming mixed data from a single source (eg source=my_application.log) . This currently is parsed at arrival as `sourcetype=my:application` . But this...
View ArticleCustom time picker
Hello, I am looking to remove some extra options from Time picker. I have disabled them through GUI (User Interface >> Time ranges). When I check using CLI it shows these are disabled but those...
View ArticleUpgrading Splunk server to RHEL 7.5
We are planning to upgrade the VM server to RHEL 7.5 with splunk distributed deployment installed in them. Do we have any documentation or best practices regarding steps? thanks!
View ArticleDrilldown in Bar chart with value that is not contained in grouping
Hello I have the following chart set up and would like to add a drilldown on a value that is currently not contained in the query. Runtimesourcetype=avq_test_case type=run task_templ="$task_templ$"...
View Article"java.sql.SQLException: JZ0SA: Prepared Statement: Input parameter not set,...
Issue Description : Configured Sybase to Connect with Splunk and works Fine.While USing Rising Column option for the query below we receive this error : "java.sql.SQLException: JZ0SA: Prepared...
View ArticleHow can I redirect splunkd.log to splunk forwarder container's stdout
With splunk 6.6.3 release, I am able to see the error messages in splunkd.log. These error messages are about connectivity failure messages from splunk light forwarder to splunk heavy forwarder. I...
View ArticleUpload CSV files for Monitoring using Splunk Universal Forwarder
Hi I have a Splunk Universal Forwarder installed on Windows Systems and I am able to get Installed Softwares (1st phase PoC) Now I intend to get CSV reports from AV server for all Windows Systems and...
View ArticleI want to trigger an alert if an continuously number repeats more than 5 times
say an example. i have an fields which has repeated numbers. if an number repated more than 5 times i need to clear an alert. for example if number "3" repeats more than 5 times. i need to filter it. 1...
View ArticleAIX 6.1 data to splunk 6.6.4
Hello, Having trouble getting splunk forwarders to report from AIX 6.1 systems to splunk. Facts: System: AIX 6.1 Forwarder: splunk forwarder 6.5.9 for AIX...
View ArticleHow do I copy the dashboards from the search app to a new distributed search...
We have created a new Splunk 6.6.3 cluster environment with 3SH and 6 indexers. I've been asked to copy the saved searches, dashboards, etc from the old system to the new system. Unfortunately it seems...
View ArticleSH Cluster Member's Reporting
When I run the search below, only one SH shows in the results...But... I do know that there are 18 SH's out there which do show up in the SH Clustering page with the role of Member. Does the search...
View ArticleSplunk App for Infrastructure oddity
I have installed the Splunk App for Infrastructure (ver 1.1.1) and have 3 test Linux boxes working perfectly. However, a Linux box was rebooted and now the app says that the server is now "inactive". I...
View ArticleSearch Head > Indexer > Forwarder
Hi, quite new to Splunk. I have had a look at the various documentation and have managed to come this far (see below). I have installed a Universal Forwarder on two of my machines. This is sending logs...
View ArticleJoin Multiple Source Types with Common Field and Search
When I try to join three sourcetypes on CommonField, I don't get all the fields to populate in a table. Example: sourcetype1: CommonField, Field1, Field2, Field3 sourcetype2: CommonField, FieldX, Field...
View ArticleUnable to filter on extracted fields when searching using JS SDK.
Hello, I am using JS SDK for splunk, and have written a Node App. Now when I do a search, I get the results back, but I would like to remove duplicates and would like to use dedup on an extracted...
View ArticleINDEXED_EXTRACTIONS on summary events?
It would be really cool to be able to have all of the fields in a summary index automatically converted to indexed fields. You could then use tstats against a summary index directly with significant...
View Article