Can I add website monitors directly to config file instead of using interface?
I have over a hundred servers I want to monitor and using the manager to add them is exhausting. I would like to be able to make a text file and paste it into a config somewhere. Is there a proper way...
View ArticleWhy am I getting an error saying my .tgz file is not in gzip format when I...
Getting an error saying my .tgz file is not in gzip format when I try to open the downloaded Splunk file.
View ArticleWhy is Splunk not throwing an error when the time range I selected for my...
I have a basic search like this: index=pqr host=xyz* NOT TYPE="*ABCDE*" | fields X, Y |timechart limit=0 span=10m count, avg(X) by Y And I search it using the date range. Today, I tried choosing a date...
View ArticleDanger to splunk infrastructure running old apps?
We are getting requests for apps which haven't been updated since Splunk went from 5.x to 6.x. Besides the fact the app may not run (not an issue with this particular app), is there any reason to...
View ArticleWindows Event Log Inputs - Combining whitelists of EventCodes and SourceNames
I am trying to collect a whitelist of about 200 EventCodes in the Windows Security log, in addition to ANY event in the Security log that has a SourceName=MSSQL*. Here is what I have:...
View ArticleHow do I edit my search to filter XML content and only show failed status for...
I have an XML results input that is indexed on per Test Suite. Each Test Suite has many Test Cases, and each Test Case has many Test Steps. I am trying to create a report where we would like to find...
View ArticleHow to deploy a Splunk Universal Forwarder through GPO and MST setup?
I have been trying to push the Splunk Universal Forwarder out to my client systems via GPO. I would like, however, to generate an MST file that: a) Accepts the EULA and b) sets a predefined Receiving...
View ArticleHow to configure third party certificates for deployment server and...
I am trying to replace the Splunk certs with a third-party certs and following http://docs.splunk.com/Documentation/Splunk/6.3.0/Security/Securingyourdeploymentserverandclients I am a bit confused...
View ArticleUsing a search base with inputlookup, how do I add a static value to the data...
I've basically created a base search and am using it with a lookup. The results of the base search are all my regions. However, I want to have an "All" option in the drop-down without updating the...
View ArticleHow to get information from one file (metadata.json) to each entry...
Hello All, I have a collection of folders, each representing a test run. On each folder, I have a `metadata.json` which contains the information on which machine/firmware... the test was executed. Then...
View ArticleHow do I edit my timechart search to create a column chart of average...
I am trying to create a column chart that represents the average session time over a period of time with a 1 day span. My current search string is: index= ... | where duration<86400 | timechart...
View ArticleData Model search times out
I have created a new data model specifically for filtered proxy events. The root object of the data model is an eventtype which filters a list of common/undesired URL hosts (*symantec.com,...
View ArticleHow to pass time tokens to html content on the same panel as my timechart?
Search string: index=_internal | timechart count I am able to display a timechart with count, but I want to display some html content as follows on the same panel. start time: 11/5/2015 12 PM End time:...
View ArticleHow do I write a search to calculate a moving average using the current...
Need your help, Please refer the below data structure. We want to calculate the and display moving average of the current value, previous 2 values, and the next value. Input: Month, Value 201501,100...
View ArticleHow do I edit my search to compare a list of IPs from a lookup to IPs in...
I'm still new to Splunk and trying to figure out the correct syntax for lookups. My goal is to compare a list of known IPs associated with a botnet and see if there is any traffic to/from the IPs in...
View ArticleHow to edit my search to show a unique count of each value by hostname?
I am trying to get a rough idea of the number of iphones, ipads, and androids connecting to our internal network. I am using dhcp logs which contains the hostnames. Luckily a lot of folks leave the...
View ArticleIs there a way to create 6 months of historical data in Splunk for...
Is there a way to create 6 months of data in Splunk so we can test an application we are creating? I've looked at Eventgen, but don't see a way to create data starting 6 months in the past.
View ArticleSplunk search to find the disk utilization on multiple servers
I've 5000 linux servers and I would like to do a splunk search to get their disk utilization. Its not possible to do a df on 5000 servers, I'm doing a dashboard for servers that crosses 85% utilization...
View ArticleUniversal Forwarder resends entire Security Event log after upgrade.
I have recently started upgrading Windows universal forwarders from 6.0.3 to 6.2.6. After I upgrade them they seem to be resending the entire Windows Security log (2GB) instead of continuing where they...
View ArticleBuilding a test indexer cluster using CloudFormation worked, but why not in...
Hi all, I built a pre-production indexer cluster using CloudFormation and it works like a champ. However, following the same procedure in production gives me an unusable cluster. I have searched all...
View Article