Bonnie++ report different from array report
Running bonnie++ with this cmd on a RHEL 6 server with a striped FS across several LUNs from a FibreChannel SAN array: bonnie++ -d /sys_apps_01/splunk -s 512G -u splunk -fb The bonnie++ result is: 189...
View ArticleWhy we are unable to add a cluster member via CLI to our existing search head...
Hi, We created a new Search Head Cluster that includes one Deployer and 2 Cluster members with one being the captain. Deployment went well and the cluster members can recognize each other. Captain:...
View ArticleHow can I turn my search into a visualization to track the rate/speed of...
I have this search that I'm using streamstats with to show agents upgrading source=client_data COMPUTER_NAME="*" AGENT_VERSION="*" | streamstats current=0 window=1 global=f last(AGENT_VERSION) as...
View Articlelist all attributes from data model in a search
is there a way to query and list all attributes from a data model in a search? For example if my data model consists of three attributes (host, uri_stem,referrer), is there a way to query the data...
View ArticleHow to combine 2 search results and calculate error rate?
I am trying to determine the error rate. Total Count per URI: index=applogsprd java_class="*content.common.spring.LoggingInterceptor*” uri="*/api/v*" | fields uri | stats Count as count, by uri Error...
View ArticleWhy am I getting error "Could not use regex to parse timestamp..." for...
Using Splunk 6.4.0 on Ubuntu Server Trying to index a file that goes back in years. Working with the Timestamp to get it indexed correctly - I ran into a problem with it for Time Stamps before...
View ArticleHow to do a percent query for this data set?
First of all I am very new to splunk! :) My data can be simplified to look something like this. Employee = (UniqueId Id, EmployeeId ManagerId) So we have an employee record which has a Id field and a...
View Articlehow to create time chart of children within json
I am receiving JSON into Splunk in the following format.Im trying to figure out how i can do searches to plot average values for this nested data. I need to be able to plot a line for each node over...
View Articleerror info "insufficient permission to access this resource" when i use...
Dear Splunker, in our splunk environment . we build a search head cluster(SHC) with 3 search heads and 1 deployer (both version 6.3) for some reason , I upgraded my deployer to version 6.4 after that ,...
View ArticleHow can I Filter search results to only show sequential time buckets?
I have the need to filter the results of my search to only show 30 minutes of consecutive 5 minute time buckets. In other words, 6 consecutive time buckets. Example of results I want to see _time Event...
View Articlelist of Systems not reporting to to symantec antivirus server
Dears, We want a notification about the workstations who don't have any antivirus solution installed. how can we achieve that.. one suggestion is that. maintain the list of workstations who...
View ArticleHow to use erex in a CLI search
I'm running into an issue with the syntax for a CLI search using erex. The problem seems to be with the double quotes. I've tried single quoting the erex examples and counter examples, but none of it...
View ArticleIs eventstats a "Distributable" command ?
Hi All, I am trying to improve my run time for a large search and i need some help to identify whether **eventstats** is a **Distributable** command. From the documentation i know **streamstats is...
View ArticleSplunk LDAP Search
I need to find all the users in a OU in Active Directory, currently I run | ldapsearch domain=internal.local basedn=,OU=Finance,OU=Users,DC=internal,DC=local" scope="sub" search="(objectClass=user)"...
View ArticleHeavy Forwarder System Requirements
Hi All, We are trying to size a AMI Linux VM Heavy Forwarder for a new installation of 6.2.6 and have found the Splunk recommended system requirements of 2x six-core, 2+ GHz CPU, 12 GB RAM at the...
View ArticleGroup Report
Dear all. I have different kind of scheduled csv report. I would like to group them into one email. May i know is it possible? Thanks
View Articlessl / TLS Universal Forwarder SA-LDAPSerach
Hi, Is it possible or does it make sense to install the sa-ldapsearch on the domaincontroller with the universal forwarder? the topologie is as follows: Domaincontroller with universal Forwarder...
View Articlessl / TLS Universal Forwarder SA-LDAPSerach
Hi, Is it possible or does it make sense to install the sa-ldapsearch on the domaincontroller with the universal forwarder? the topologie is as follows: Domaincontroller with universal Forwarder...
View Articlehow to create funnel report in splunk
Hi, Hi I have 3 searches from 3 different device, I would like to have 1 report which contains data from the 3 devices into 1 line. I am tracking a respondent who started his survey from log in to end...
View ArticleDisable search in specified index for certain users group
Hello. I have a simple question: I would like to have specified index with sensitive data in it, But - of course - i don't want to every user have access to it, but only few. How can i do it? Do i...
View Article