How to change the time format before or while logs are being parsed?
I have a database log that comes in with a time stamp which is used by Splunk as the time stamp. However, I noticed the time is in UTC which is neither my time zone nor the time zone the server is in,...
View ArticleTrying to filter ASA syslogs before indexing to avoid license violations, why...
I've created this filter and placed them in the config files mentioned below in the following directory: D:\Program Files (x86)\Splunk\etc\system\local props.conf [cisco:asa] TRANSFORMS-null = setnull...
View ArticleStream and Wireless Monitor Mode
How can I enable monitor mode on wireless networks that the Stream TA get all the data on the wireless (at least on one choosen wireless channel)? Not just the date which is addressed to the wireless...
View ArticleUnable to manipulate serverclass whitelist via REST
We're trying to script some whitelisting of hosts in serverclasses, hit a snag. We create a test serverclass named 'posttest' with one app and nothing in the whitelist. When we try to add a host: curl...
View ArticleWhat is the easiest method to move all alerts,reports and dashboards from...
Hi Everyone, Can you please suggest me the best and easy way to migrate all the alerts,reports and dashboards from distributed splunk to Splunk cluster? In our old environment we have kept everything...
View ArticleActive directory add-on - is windows app required to use Active directory...
I have installed the Splunk for Active Directory. Is the Windows App required for this add-on?
View ArticleInvalid header received from stream generating script hdfs
I have hadoop connect working find. However, when I try a hdfs command out of hadoop connect app and run it under one of our apps, I get this error this error in search.log: 06-08-2016 14:13:53.270...
View ArticleDoes anyone knows how to give a Ruby code for splunk and splunk forwarder...
They were going to deploy the splunk and splunkforwarder via puppet, They are asking the ruby code.
View ArticleUnable to use token authentication on universal forwarder
Hello the Splunk community I'm trying to use the token authentication between an indexer and an UF. All seems to be good on my indexer. But the UF don't want to understand the configuration. This is my...
View ArticleSplunk DB Connect 2: How to pass a Splunk username in my dbxquery?
I am trying to run a query with variables using the `dbxquery` command. I want to pass Splunk username in my query. I have tried following, but was not successful: |rest...
View ArticleDrilldown to new views going to Search & Reporting app ???
Drilldown from a page to a new dashboard changes the app to Search & Reporting and brings the Search & Reporting navigation menu instead of the custom menu. How can I stop this from happening ?...
View ArticleSingle value visualization goes red when value==zero
Hi, I have a single defined like this:ParNew duration as % of TPS durationeventtype=mlc sourcetype=tps host=$host_token$ | ... | eval par_new_%_of_tps =...
View Articleforward email client logs to splunk
Hi, I am sending emails through email client,(say for example mailgun), it have logs in the mailgun which would store my email logs only for 30 days, i would like to forward those logs to splunk. Is it...
View ArticleSplunk forwarder is not starting on host
Hi, TOday, we have disk space issue in our host and splunk failed on that host, we then cleaned up and make the host free from space. When we try starting splunk, it is not starting and also not...
View ArticleUpdates for systemd based hosts?
I've noticed the following errors in splunkd.log on many of my RHEL 7 based systems. Is there an update in the works to address this deficiency with the service.sh script? 06-08-2016 07:12:12.638 -0700...
View ArticleWhy am I getting "500 Internal Server Error" trying to set up Splunk DB...
I deleted all files for dbx and downloaded Splunk DB Connect 1.2.2 (the only 1.x option available for download) from Splunkbase. Did a fresh install on my search head, restarted, but when I go to use...
View ArticleNMON Performance Monitor for Unix and Linux Systems: Why am I unable to set a...
I have installed the Splunk NMON app and have started to receive data successfully from several clients. So the installation of both the app and add-on's appear to be working as required. I decided to...
View ArticleHow to create a start time from only an end time and duration?
I'm trying to create a table of VPN connection statistics where the easiest way to see the data is to look at the time the VPN tunnel is closed (_time) and the duration field from our ASA....
View ArticleHow to write a search to show all unused Ethernet ports on a network?
Does anyone have any suggestions on how to write a report that will show all unused ethernet ports on a network. Thank you
View ArticleConfigure splunk to not look inside archive files
Hello, By default: Splunk Enterprise decompresses archive files before it indexes them. It can handle these common archive file types: tar, gz, bz2, tar.gz, tgz, tbz, tbz2, zip, and z....
View Article