How do I use the rex field to extract the last digit from the time value in...
[2015-11-05 00:48:03,058] [/172.21.21.171:57533] [K123456789] created event: 8 How do I use rex field to extract just the last number on this, for example here, it would be 8? The log format is the...
View ArticleSplunk for Tivoli Netcool: Is the Netcool Flat File Gateway needed to produce...
The documentation shows that a Netcool flat file gateway is needed. I am assuming the netcool flat file gateway will produce a file that will be ingested by the forwarder. How does Splunk know to...
View ArticleHow to keep all most recent events for a specific field and remove all others?
My question is similar to this: https://answers.splunk.com/answers/35759/keping-only-most-recent-events-for-a-fixed-field.html Basically, I have scan data that looks something like this:...
View ArticleThruputProcessor - Current data throughput (266 kb/s) has reached maxKBps. As...
What does the message in the forwarder server "ThruputProcessor - Current data throughput (266 kb/s) has reached maxKBps. As a result, data forwarding may be throttled. Consider increasing the value of...
View ArticleShowing events in a raw web browser window ? literally have a very basic raw...
Hi, I have a strong request from my client that wants to be to be able to view events resulting from a SPL search in a very very basic We browser window. Literally, what they want is the same kind of...
View ArticleUpgraded to 6.2.6 in Search Head Cluster (SHC) environment and dispatch is...
Under 6.2.6 in my Search Head cluster (SHC) environment, I am starting to see the number of files grow in dispatch that are beyond their ttl and causing me to constantly monitor disk usage. Dispatch...
View ArticleSSL Certificates after upgrade
I am trying to find a quick answer if possible from the community. I need to renew the SSL certificates on a forwarder, and at the same time I need to upgrade it to 6.3. When I do the upgrade with this...
View ArticleWhat is the best practice for getting logs from a Docker container into Splunk?
So, I have about a thousand ways to index logs from a Docker container, but what I'm looking for is some kind of best practice for getting logs from a docker container into splunk. None of the...
View ArticleLookup files not being populated with data
None of the lookups associated with the Splunk App for Windows Infrastructure are being populated with data. I confirmed the jobs are running and do return data. The issue is surrounding the key value...
View ArticleHow do I write the same search that populates the "Data Summary"?
I need the event data from the "Data Summary" because I need to create a search to find when hosts stop sending logs to our Splunk server via UDP syslog. Thanks.
View ArticleHow can I average a dynamic column created using eval {Field}=Value
I would like to display some data that has columns based on dynamic data from the search results. e.g. Assuming I have a query to calculate which two servers have the most users logging into them. I...
View ArticleTrying to chart ONLY the reprocessed cartons.
(Data coming from a PLC Conveyor system.) I'm trying to show how many cartons were RE-processed manually, each day, during the last 7 days. My first thought, was to subtract count(SCarton)-dc(SCarton)...
View Articletracking lookup table usage
After seeing Martin's demo of the Knowledge Object Explorer during the recent "Optimizing Knowledge Objects" presentation, I was wondering is there a search that can be run to determine which saved...
View ArticleAfter updrading splunk6.2 to 6.3, my App's some components does not work. help
my current splunk Enterprise 6.3 my App using django Tag & javascript problem component : single_value , events_viewer. my app working well in splunk 6.2, but after upgrading 6.3, browser(crome)...
View ArticleSplunk App for Windows Infrastructure not supported with SH clustering?
I am building a distributed environment with search head clustering. I want to use the **Splunk App for Windows Infrastructure**. One of the requirements is the **SA-LDAPSearch** (a.k.a. **Splunk...
View ArticleSplunk nessus add-on does not seems to fail to get plugins information
Hi, I've installed the add-on and configured the 2 data-inputs, one for the scans and the other for the plugins. For scans everything works fine, I get the results without problems. But for plugins it...
View Articleneed help in displaying specific fields from below output
Hi Need help in displaying Client and /use71-mobstor-bf1/vol070 with dedup, as logs has similar entries. Nov 2 19:13:54 netapp-master9.bkp.bf1.yahoo.com NetVault[2655]: NetVault: Client:...
View ArticleSplunk App for CEF not sending data
After installing the app Splunk App for CEF and running through the setup. We have restarted the Splunk SearchHead. We have configured our CEF outputs and verified our query by using the preview...
View Articlehow to map timestamp from my CSV to _time variable.
Date Time Sail Date Ship_Code Duration Activity_Code Book_Type Cabin # Channel Id Location Code 20151023 **000001** 151116 FS 5 NBK I R57 IC IC
View ArticleWhy are our REST limits so low, how do we change that in 6.2.6?
Some of our Deployment Servers going offline with these events flooding SplunkD.log: WARN HttpListener - Can't handle request for...
View Article