ERROR BucketMover - aborting move because could not remove existing
We have a 6.4.0 multi-site cluster running on Windows 2012 and the Splunk service runs as a Managed Service Account (MSA).We have begun to have these sorts of errors: 05-25-2016 10:26:21.800 -0400...
View Articlewhy is the URL field in the Splunk Add-on for Cisco CWS sometimes empty?
The Splunk Add-on for Cisco CWS: url field is sometimes empty causing DM vulnerabilities in Enterprise Security filling up with unknown field values.
View ArticleEmpty /etc/deployment-apps/MyApp/local/inputs.conf after deployment???
Hello guys, I have an indexer as a deployment server, and I create a local app MyApp Inside the local folder I have a inputs.conf with: [WinEventLog://Application] disabled = 0 index =...
View ArticleSplunk Forwarder and Splunk Enterprise 6.4.1 on the same Winodws Server 2012 R2
I have installed Splunk Enterprise 6.4.1 on a VMware Windows Server 2012 R2 instance. I am able to install the Splunk Universal forwarder specifying the same server as the receiver, but when I attempt...
View ArticleCount the number of string occurences in columns
I want to add two columns to a table which add up the number of times the word "TRUE" and "FALSE" occur in a row (which means, per host). Example: Host | HasA | HasB | HasC | HasD |NumTRUE|NumFALSE|...
View ArticleHow to change time zone on data collection node to eastern from pacific time
Hello, I'm trying to deploy the latest VMware App and i'm seeing that my ubuntu linux search head was the correct time but my data collection node deployed from the ova does not. There is a three hour...
View ArticleFailed to initialize, stanza - Helloworld to work
Hi Today i am trying to get JMX working on SPLUNK. I have been trying all day... I have downloaded "**Monitoring of Java Virtual Machines with JMX**" and i have tried to get the most basic data into...
View ArticleHow do i get average of the response times from the following sample ?data
Hi Here is my sample data, 2016-05-27 08:36:30,497:INFO :WebContainer : 12: Total time to execute service _prc:aaaa : 796 ms [system]: InvokeSOAPWebservice 2016-05-27 08:36:30,497:INFO :WebContainer :...
View ArticleERROR ScriptRunner - stderr from 'C:\Splunk\bin\PYTHON.EXE...
I receive this error every 10 seconds as o365dataimporter app connects, downloads, identifies new changes, but then fails to save and index it. 05-27-2016 11:44:55.448 -0400 ERROR ScriptRunner - stderr...
View ArticleIncrease results per page
I'm on Splunk 6.3.3 in my drop down for results per page, my available options are 10 per page, 20 per page and 50 per page. Is there some setting somewhere I can bump this up to 200 per page or 100...
View ArticleHow to apply a filter on events before it gets into Splunk Indexer from...
I am using "Splunk app for Servicenow" & "Splunk add-on for ServiceNow" which is integrated with ServiceNow. I want to extract only those incidents in Splunk indexer (snow) from ServiceNow where...
View ArticleSplunk Add-on for Microsoft Azure: Azure Security Center logs?
Is it on a roadmap to pull Azure Security Center logs? They are stored as a blob in a storage account.
View ArticleSplunk Add-on for BMC Remedy setup error
Following the documentation for install and when I get to the setup of the add-on I get the following error. This is the point in the documentation that I get the error....
View ArticleImporting XML data with null element
I have an XML file from Jira. I am using KV_MODE = xml and it is importing fine, except for the customfields that Jira supports. Below is a snippet of the custom field codes. KV_MODE = xml will return...
View Articlehow to exclude .txt file in log directory from monitoring??
Hello, i have log directory in which all files need to be monitored but i need to exclude file with .txt am sure that i can do it with by mentioning black list but the problem is my log file will be in...
View ArticleAPI Login not working - Splunk 6. 4 Free
Hi all, I am not sure why this python code is not working: import splunklib.client as client service = client.connect( host="192.168.2.125", port=8089) All I get is the following trace Traceback (most...
View ArticleDb Connect query doesn't work in db connect 2
Hi, I have the following query which works in db connect 1, but will not work in db connect 2: select trunc(sum(hd.average * hd.value_count) / sum(hd.value_count), 2) as Average, \"g Analysis Time\" as...
View ArticleSplunk Password Management Policy (암호 관리 정책)
최근 Splunk의 자체 시스템 보안 강화의 요구가 증가됨에 따라 몇가지 요구사항이 있어서 다음과 같이 질문드리니 답변 부탁드립니다. 1. 시스템의 Password는 다음과 같은 규정을 만족해야 한다. (정보보호관리체계(ISMS) 인증 관련 Password Policy 참조) - 암호화 알고리즘 사용여부: SHA512-crypt 사용 - 암호의 최소 길이:...
View ArticleHow to find searches that use dbquery
Hi, How can I find searches (and their owners) that use dbquery? We are migrating to DB Connect2 and want to do some analysis.
View Articleinputs.conf
#Get hostname of the machine [default] host = $hostname how to get the hostname of the name into inputs.conf
View Article