,ERROR BatchSearch - STMgr::distinct_apply_terms failed (rc=-33) while...
The search logs are full of these errors. Does anyone know what these are because none of our real time alerting is working for this. Thanks
View ArticleHow to troubleshoot why a Splunk search head is stuck on "Waiting for data"...
Hi I have an issue with a Splunk search head unable to return any search results. It is stuck on "waiting for data" page. I have deleted the dispatch folder and restarted Splunk, but to no relief....
View ArticleHow to get a list of all emails sent out by Splunk and all associated reports...
Our Splunk server sends out dozens of emails every day. I want to find out the list of all the emails that are sent out by Splunk and associated jobs (whether alerts or reports) that are configured by...
View Article"Error in 'tstats' command: This command is not supported in a real-time search"
I currently have a working tstats search, but when I use real-time, it returns the following error: Error in 'tstats' command: This command is not supported in a real-time search
View ArticleHow to secure inter-splunk-communication with my own certificates?
Hi fellow splunkers, I'm currently trying to secure inter-splunk-communication with self-signed certificates. I recently secured Splunk Web with my own servercertificate, so I now am trying to secure...
View ArticleHow do I edit my props.conf for proper line breaking of my sample CSV log file?
I have a simple .csv log file that I'm trying to break with: [software_summary] LINE_BREAKER = ([\r\n]+) SHOULD_LINEMERGE = false Here is a sample of the log: Back to Index, HOST INFORMATION, Software...
View ArticleHow to convert seconds to hours and minutes?
How to convert the search results in seconds to hours and minutes? This my search: index=pan* (type=TRAFFIC AND vendor_action=allow) OR (type=THREAT AND vendor_action=alert) | eval MB=bytes/1024/1024...
View ArticleHow to create a timechart search to compare the count for the previous 24...
I am trying to create a search to show the previous 24 hour count using timechart so I can show the previous 24 hours with a trend on the single value in a dashboard. This dashboard will be used in...
View ArticleSplunk App for NetAPP Data ONTAP: No results returned for PerfHandler
We just set up the Splunk App for NetApp Data ONTAP, and we're having some trouble getting any of the PerfHandler data. We're running NetApp v 8.2 in Clustered Mode, DCN is a Splunk 6.4.1 Heavy...
View ArticleHow to create a real-time chart of a cumulative metric
I have a metrics log that prints cumulative numbers once a minute on the minute. The log contains name=value pairs and one of those pairs is RecordsIn=. I'm trying to create a real-time chart that will...
View ArticleHow to make a scheduled report from a dashboard in the Splunk App for Windows...
I used the Splunk App for Windows Infrastructure to create a dashboard to view the user accounts belonging to and recent changes made to a specific Active Directory group that needs to be monitored....
View ArticleSwimlanes in Splunk Enterprise
Hello, My business requirement is to have a view that shows the number of batch jobs on the Y-axis and the Time (in hour) on the X-axis. The rows events I have is looks something like below:...
View ArticleI just installed the Fire Brigade app in Splunk 6.4.1, but why are no hosts...
Just installed Fire Brigade, but no hosts are shown in the menus. Ideas? I'm using Splunk 6.4.1
View ArticleWhy am I unable to access my Splunk login screen and just get the message...
Today when I went to log into my Splunk as admin on the main page, after using Splunk for the past 90+ days, it stated that the version of Splunk was outdated and I needed to update it with the latest...
View ArticleAlert Manager 2.0.5: No alerts are listed in Incident Posture
I had Splunk 6.4.0 and an older version of Alert Manager running. With the exception of the display issues, everything was running great. I downloaded and installed the 2.0.5 version of Alert Manager...
View ArticleIs Splunk PCI DSS compliant?
HI Is there documentation that says Splunk is PCI DSS complaint? Thanks In Advance -pa1
View ArticleHow is the Splunk Heavy Forwarder used to buffer/cache until indexers come...
All, I have a Splunk heavy forwarder collecting data from various endpoints, which then passes up to the Indexers. We recently had a config error that disconnected the HF from the IDX for a few hours....
View ArticleDistributable transforming commands OR does Splunk map-reduce stats?
As @chris points out in [another question][1], the following paper implies that Splunk uses map-reduce in a particular way: [http://www.splunk.com/web_assets/pdfs/secure/Splunk_and_MapReduce.pdf][2] He...
View ArticleHow to get Splunk to run my Python shell script?
I am trying to use the Splunk Synthetic App in order to set up and monitor fake transactions that I create with Python. I am running into problems when I try and get Splunk to run my shell script...
View ArticleHow to configure Splunk to extract the correct year from the date stamp in my...
I am not sure how to fix the date extraction from a raw log which is done by default by Splunk. Splunk extracts date by default and it's not doing the year correctly. This is the raw log: Jun 21...
View Article