How to Identify that Linux Application Server is UP or Down?
How to Identify that Linux Application Server is UP or Down? I don't have access to admin so that i cannot search for index=_internal.
View ArticleWhy isn't Node App I wrote using Javascript SDK filtering on extracted fields...
Hello, I am using JS SDK for Splunk, and have written a Node App. Now when I do a search, I get the results back, but I would like to remove duplicates and would like to use `dedup` on extracted...
View Articlepresent run time values only greater than the average for the past 30 days
Hello - we are looking to present daily run time values of events in a search, but only display the daily run time values that are greater than the calculated 30 day run time average. I've tried the...
View ArticleHow can I join multiple source types with common field and search?
When I try to join three sourcetypes on CommonField, I don't get all the fields to populate in a table. Example: sourcetype1: CommonField, Field1, Field2, Field3 sourcetype2: CommonField, FieldX, Field...
View ArticleHow do I present run time values only greater than the average for the past...
Hello - we are looking to present daily run time values of events in a search, but only display the daily run time values that are greater than the calculated 30 day run time average. I've tried the...
View ArticleHow do I copy the dashboards from the search app to a new distributed search...
We have created a new Splunk 6.6.3 cluster environment with 3SH and 6 indexers. I've been asked to copy the saved searches, dashboards, etc from the old system to the new system. Unfortunately it seems...
View ArticleSplunk App for Infrastructure: Linux box is "inactive" after reboot
I have installed the Splunk App for Infrastructure (ver 1.1.1) and have 3 test Linux boxes working perfectly. However, a Linux box was rebooted and now the app says that the server is now "inactive". I...
View ArticleHow do I present run time values for the past 30 days, but only display those...
Hello - we are looking to present daily run time values of events in a search, but only display the daily run time values that are greater than the calculated 30 day run time average. I've tried the...
View ArticleHow can I get AIX 6.1 data to Splunk 6.6.4?
Hello, Having trouble getting Splunk forwarders to report from AIX 6.1 systems to Splunk. Facts: System: AIX 6.1 Forwarder: splunk forwarder 6.5.9 for AIX...
View ArticleAre there any best practices for Upgrading Splunk server to RHEL 7.5?
We are planning to upgrade the VM server to RHEL 7.5 with splunk distributed deployment installed in them. Do we have any documentation or best practices regarding steps? thanks!
View ArticleWhy does my search result show only one Search Head, while my Search Head...
When I run the search below, only one search head (SH) shows in the results...But... I do know that there are 18 SH's out there which do show up in the SH Clustering page with the role of Member. Does...
View ArticleDisconnected from splunk web server
I have amazon aws in which I have install splunk as well as in splunk i have installed "Splunk add-on for Aws". But when i try to open this addon i get this error as below Disconnected from splunk...
View ArticleSplunk stopped indexing
I've tried browsing around previous topics but couldn't find anything that worked for my particular situation. I have a very simple test setup with a Universal Forwarder, a Debian 9 machine running the...
View ArticleAnybody have this running on Windows servers?
Yes, I read the documentation but "not supported" is often different than "doesn't work". Anybody have this working on Windows before I spend too much time on it? Any tweaks or anything to make this work?
View ArticleSplunk Free Edition stopped indexing after set-up
I've tried browsing around previous topics but couldn't find anything that worked for my particular situation. I have a very simple test setup with a Universal Forwarder, a Debian 9 machine running the...
View ArticleHow do I find missing information from query 2 and query 1
I am trying to find missing stores from query 2 in the below script. However, it returns no results, or all results depending on the search. For the purposes of my search, I know the correct result is...
View ArticleEmbedded JSON column in excel looses data when imported to Splunk
I am new to Splunk. I have an excel file that has a column which contains embedded JSON. When I Import the csv, I lose some of the data. {"CreationTime":"2018-05-12C413:09:34", "Id":"Y97H080-09D",...
View ArticleHow can I compare sum(bytes) in two time period using sub-search?
Hi. im new to Splunk. I'm trying to compare the sum(bytes) for an hour ago, and the same hour one week before by certain field, and calculate the percentage change for these data. I have tried the...
View ArticleIs there a Splunk App that supports pulling data from citrix xenapp 7 DB? If...
Is there a Splunk App that supports pulling data from citrix xenapp 7 DB? If not--is there a workaround?
View ArticleIs there an easy way to delete namespace data in a clustered environment?
Is it possible to delete the contents of a namespace in a clustered environment from the search pipeline or a settings menu somewhere? Or do they need to be deleted by hand on each indexer?
View Article