Adding an NFS mount for cold data, why doesn't Splunk start and locktest just...
Hi, We are adding a new NFS mount that will hold our cold data. When we configure colddb path for an index and start splunk, it hangs on "Checking Indexes...". I then used the locktest program and it...
View ArticleHow do I search for added signatures in Splunk Enterprise Security?
How do I search for added signatures in Splunk Enterprise Security?
View ArticleHow to make the html Dendrogram panel scrollable?
Hi, I've like 20 nodes in the Dendrogram which is an html panel. After opening 6 nodes, it neither shows the node to expand or no scroll bar is shown? How can I make it scrollable horizontally? Thanks.
View ArticleI have installed Splunk DB Connect 2 on a heavy forwarder, but why does the...
Hello, I have installed Splunk DB Connect 2 on a heavy forwarder and the queries with Oracle DB are working fine. My question is, however, how can I see something in the Health Dashboard? The health...
View ArticleIs it possible to access the Splunk CLI locally without credentials, or limit...
I have a script which runs on the deployment server and maintains the contents of ../deployment-apps/... out of a git repository. After any change, it should reload the deployment server and thus needs...
View Article수집되는 데이터 중에 일부 Row를 지우고 수집하는 방안에 대해 문의드립니다.
문의드립니다. 아래 샘플데이터 중에 2015-11-27 00:02:44.277013 INFO MM_01@06472 LINEDEV = 0 , EventDEV = 223 , EVENT = TDX_PLAY (0x81) 중에 LINEDEV 라고 들어간 row 들만 제거하고 데이터를 수집할려고 합니다. 웹로그에서 이미지 파일 필터링 하는 방식으로 사용하려 했었는데 잘...
View ArticleCan audit.log be forwarded to another index?
Hello There I'm trying to index a few Splunk internal logs like splunkd, metrics, web*, audit, etc under /var/log/splunk to another index, however, all the logs are populating in the other index except...
View ArticleHow to monitor a file input with the same filename?
I have an input, which is a CSV file. I want to use this as a batch input. The file is generated every day, with the same name. Most of the time, the beginning of the file is also the same. That's why...
View ArticleHow to implement a new Retention Policy, and what changes take effect after...
Hi, I'm currently researching on the use of Retention Policy on Splunk by setting it to only keep data for 6 months. I will most likely be editing `frozenTimePeriodInSecs` attribute in `indexes.conf`....
View ArticleIf we currently have 5 heavy forwarders sending logs to a single indexer, how...
Dear Experts, We have a Distributed environment using around 5 heavy forwarders across various locations sending logs to a central indexer. Now we have a requirement to forward the raw logs to another...
View ArticleHow can I load a highchart library in a custom view?
Splunk Enterprise version 6.4.1 highchart version 4.2.5 My source code: define(function(require, exports, module) { var _ = require("underscore"); var mvc = require("splunkjs/mvc"); var...
View ArticleWhy are alert emails not using the text from the Send Email action?
We have a scheduled alert that is configured with the Add To Triggered Alerts and Send Email actions. The alert appears to be running and triggering correctly, however, the emails do not contain the...
View ArticleDoes Splunk DB Connect 2.2.0 require access to a dLicense Master?
We have been running Splunk DB Connect for some time now without issues. When I tried to upgrade v2.1.3 to 2.2 on a Heavy Forwarder server, it stopped working. When I looked at the logs it mentions the...
View ArticleDoes anyone have a sample CSV file with server health data (timestamp, CPU,...
Hi, Could anyone please provide some information on the below? If you have an excel/csv file with server health details for every 1 or 5 minutes that includes server information for positive and...
View ArticleCombine and dedup results to only show one row per user
I have the following search index=iis | eval WebShellActive=if(match($Webshell$,"true"),"Yes",WebShellActive) | eval LauncherActive=if(match($cs_User_Agent_$,"NeoNative*"),"Yes",LauncherActive) | eval...
View ArticleError occured attempting to remove Application: In handler 'remote_eventlogs....
I'm new to Splunk. I get the above error when trying to remove Event log collection inputs (from a forwarder) under settings-Data Inputs-Forwarded Inputs-Windows Event Logs. I no longer want to collect...
View ArticleCan bucket rotation be turned off?
I would like to keep "All" data in a single bucket. There is a potential performance impact when Splunk rotates data from "Hot" to "warm" to "cold" with respect to the underlying storage and how it...
View ArticlePage Not Found
Installed the splunk addon for bluecoat SG and missing something. It displays a page not found when i try to launch the app. url goes to: server:port/en-US/app/Splunk_TA_bluecoat-proxysg/setup --- 404...
View Articlecidrmatch IPV4in6
We have log files with a mixture of IP Address formats (IPV4, IPV4in6, IPV6). cidrmatch seems to be misbehaving, in that it isn't matching an IPV4 address against an IPV4in6 subnet definition, or...
View ArticleIssue related to events not found in one of the searchheads.
Hi , I have two search heads A &B . I am trying to search the windows event logs from both of them. I observed that some event codes are only visible in searchhead A but not through searchhead B. I...
View Article