Splunk to UCMDB
Hi, We are planning Splunk to UCMDB integration and I have questions about that. We are on Splunk Enterprise 6.6.5 presently. Which version of UCMDB is supported to make this connection happen from...
View ArticleOpinions on using a single SAN mountpoint for both hot and cold buckets?
We're getting ready to deploy new Linux indexers with VMAX storage and I'm thinking of just sending all of my buckets to a single VMAX filesystem. Any opinions?
View ArticleEvent breaking during index time own sourcetype
Hi all, this linebreak/eventbreak problem drives me crazy... searched all day to find a solution but nothing helped: We have a universal forwarder monitoring a logfile: (line by line) Sep 6 15:49:27...
View ArticleEnable higher permissions only in a dashboard
Hi, There's a bit of blurb so this makes sense. I work in a call centre and have higher permission level than the people I want to have access and view this dashboard that I've made. The dashboard...
View ArticleRegarding my SH clusterring
Hello, I have 2 SH’s and 2 indexers and 1HF and 1 Deployment in my environment. Deployment is acting as a cluster master for SH and indexer and SH1 is acting as a captain. But I got a problem now with...
View ArticleSplunk Sales Rep 1 certificate download error
Hi, I am getting errors when downloading the Splunk Sales Rep 1 error, I have recently completed the exam and in my profile under accreditations, the course certificate does not appear, This means I...
View ArticleUsing Heavy Forwarder
We are going to use syslog-ng and a heavy forwarder for the SecretServer. Could it be that we only need to change the props.conf in the SecretServer app to [SecrectServer] rather than the default...
View ArticleTIme value differnece in duration: getting value as 0d
HI All, I am able to get the time value difference in epoch and able to convert it to string with the following command:- eval LeadDays = ( Answer_Time - Bookingdate) | eval LeadDays =...
View ArticleWhat is the opinion on using a single SAN mountpoint for both hot and cold...
We're getting ready to deploy new Linux indexers with VMAX storage and I'm thinking of just sending all of my buckets to a single VMAX filesystem. Any opinions?
View ArticleSolaris TA for Solaris 11 spark version having error with one of the script...
Hi Guys, I have installed a universal forwarder on solaris server 11 and looking to populate the default dashboard with solaris app Their are few errors I can see in the splunkd.log and would...
View ArticleHEC and Indexer Clustering
The setup we have is as follow Master x 1 Indexers x 3 Search head x 1 I am trying to enable HEC on the indexers through the inputs.conf and outputs.conf setup as described [here][1] I have setup the...
View ArticleSplunk Add-on for Microsoft Cloud Services - Metrics supported?
I looked through the documentation page for the add-on and didn't see anything stating Azure Metrics are supported. Can I Splunk Azure metrics via this add-on?
View ArticleTime value difference in duration: getting value as 0d
HI All, I am able to get the time value difference in epoch and able to convert it to string with the following command:- eval LeadDays = ( Answer_Time - Bookingdate) | eval LeadDays =...
View ArticleDoes KV store cleanup delete license ?
My Splunk license had expired and I got a new license and installed it. After adding the license I was getting "KV Store initialization failed" error. I check the KV store status and it showed as...
View ArticleHow do I plot 60 days worth of data on the line chart?
I have data coming in from our NetApp storage controllers that shows aggregate space free every day. I need to plot each day's values and then show a chart that shows the last 60 days as dots on a line...
View ArticleWhy does BREAK_ONLY_BEFORE work only for some events?
I have applied regex in the heavy forwarders as below. But this works only for few events and a lot of events are not getting parsed with the regex in BREAK_ONLY_BEFORE. pulldown_type = 1...
View ArticleHelp with Split-Shift View on Dashboard
Hopefully I can explain this in a clear way. I am going to post the pictures below, so please take a look at them, as they will be necessary to understand my question. The way I have my dashboard set...
View ArticleNeed help on search to exclude logs with extensions
Hi In my data I have API calls with several extensions like (.html, .com, .php and many more). I am trying to exclude the logs that have these extensions. I tried the below. index=abc NOT...
View Articlepassing some subsearch result fields to the result
I'm trying to figure out if the following can be done with subsearch or requires a join. I'm running a search that boils down to: index=indexA sourcetype=outer [search index=indexB sourcetype=inner...
View ArticleHow to list a count ONLY if the value within a query is above a certain...
Hello. Today, I have several panels in a dashboard to provide us daily, weekly, and monthly counts of certain problem areas. When it comes to one of the scripts though, I would like to only provide a...
View Article