"There are no fired events for this alert" - alert not working
Hi, I am new to Splunk. I am running the evaluation version. I am streaming data into splunk every minute. I have setup a fairly simple alert: - used a search that returns new results every minute (I...
View ArticleHow do we set up the deployment server?
Hello all, I am new to Splunk. I want to know how can we set up a deployment server? Can any one please point to a document that is helpful in setting up the deployment server. Also, do I need to make...
View ArticleIs there an alternative to using regex in my search for better performance?
hello, After reading some answers, I see that if I use regex for searching events corresponding to a pattern, it will take a lot of time as Splunk reads all events from disk. For example: I use...
View ArticleDump command splits results in many files. How to consolidate to have a...
I have used the dump command to extract data from production server and play with it on my local. I have 6 different hosts in Production, so I'd like to run 6 dumps so that the host segregation is...
View ArticleWhen I configure a site in Pinger to use https (ssl=true), why am I getting...
HI, When I configure a site in Pinger to use https (ssl = true), I receive this error in the log: message="EOF occurred in violation of protocol (_ssl.c:604)" This is on Windows Splunk 6.4.1 Any idea?...
View ArticleSplunk Add-on for Unix and Linux: Splunk ignoring host entry in inputs.conf....
I have a system that has a different system name from the desired name in the etc/system/local/inputs.conf. I'm using Splunk_TA_nix to pull the system logs. I believe the props/transforms is changing...
View ArticleLIcense Usage by Source Type
Can someone help me include sourcetype to my search below? I am trying to run a report for the past 60 days and need it by Sourcetype or Host. However, I don't see sourcetype as a field to choose from....
View ArticleDoes anyone have a rough number on the licensing volume for the Qualys VM App...
All, Anyone have a rough number on the licensing volume from Qualys VM App for Splunk Enterprise? Rough number on say 2000 hosts.
View ArticleWhy is my summary index search timechart not displaying?
We have a summary index called summary_site_stats, One of the saved searches that adds data to that summary index is named: summary - count by status not 2xx: count=* and status=* This search has 2...
View ArticleSplunk DB Connect 2: What is the serviceClass for MongoDB Java driver?
I'm trying to use the Unity MongoDB jdbc driver with Splunk DC Connect 2.2.0. serviceClass is a required configuration option in local/db_connection_types.conf, but I don't know what to enter for this.
View ArticleIntrusion Detection data model: Is host not really a tag, but treated as such...
This is more of question for my understanding... In the examples section of CIM Add-on manual (for OSSEC) there is a statement that the Intrusion Detection data model requires the tags ids, attack, and...
View ArticleOrphaned Scheduled Search doesn't work
The Orphaned Scheduled Search that runs on 6.4 is not working. I have looked at it down to the point that I know that this search doesn't work: | rest splunk_server=local /services/saved/searches...
View ArticleRex on Value from Dashboard Textfield
Hi There! Splunk newbie here! I'm using Splunk 6.4.1. Issue: I have a dashboard with a text field. I want to use certain components of the text field value in creating a dashboard panel. For example:...
View ArticleIs there a way to validate setup.xml fields?
I am in the process of developing a Splunk app that I would like to eventually release on Splunkbase. In my app I need user credentials to pull data from. I have created a custom endpoint, handler, and...
View ArticleTrying to enable eStreamer, why am I getting certificate errors after setting...
I am having issues with getting the eStreamer from our SF Defense Center up and running. I have moved the cert from the D-Center to a folder and set the path in Splunk. However, I get the following...
View ArticleHow can I have full queues and plenty of system resources on a heavy forwarder?
All, I am trying to understand how I can have full queues on a heavy forwarder but have plenty of CPU and RAM available. Is there something I am supposed to do to get Splunkd to use the resources...
View ArticleIs it expected behavior for post processing to alter the search time range?
Hi, I have recently refactored two searches using post processing. From this: eventtype=mlc sourcetype=sun_jvm host=$host_token$ service_name=$service_name_token$ | eval...
View ArticleHow do I display percentages dynamically,when we have more transactions ?
How do I display error percentages dynamically,when we have more transactions ?
View ArticleSplunk 6.4.1 Adding Second Site to Index Cluster
I have a set of four nodes on site (site1) local L2 network to the splunk cluster master. I changed cluster to have second site defined, now adding the four remote index nodes. They are on seperate L3...
View ArticleWhy does the drop-down to drilldown in my dashboard not work with my current...
I am trying to activate a drop-down such that when I choose any of the items, a drilldown activates and goes to a new view. I cannot activate this drilldown. Following is the code.State...
View Article