How to interpret DMC iostats reports
Hi, We just upgraded to Splunk 6.4.1 this weekend (yay team!). I'm looking into the awesomeness of the DMC, and two reports have me perplexed - the "Maximum IO Bandwidth" and the "Median Disk Usage". I...
View ArticleHow to combine common fields from search results into one column?
I have three devices, each with its own sourcetype. I am trying to combine the fields **src** with **src_ip** and **dst** with **dest_ip** into new table fields called **Source IP** and **Destination...
View ArticleUpgraded to 6.4.1 and patterns tab and download button are not appearing...
Hi, We just upgraded to 6.4.1 and some users are now stating that they are not seeing the "Patterns" tab after searches run, and the download icon is not appearing as well. The app version is 6.4.1....
View ArticleReturning field from subsearch to eval displays no returned rows in table
I am attempting to return a field from a subsearch into an eval statement. No errors are thrown, but when the table populates, the "79 events" that are returned are blank. I know there are a lot of...
View ArticleWhy am I seeing a lot of name=cooked_output events in _internal?
All of a sudden, noticed getting tons of events in _internal with name=cooked_output. What could be causing this behavior?
View ArticleIs it possible to use NOLOCK in DB Connect Queries?
Hello All, My DBA is requesting that I use NOLOCK in all of my DB Connect queries, but I can't seem to figure out how to do so. Is it possible, and what would the syntax be if so? Please find an...
View ArticleIs anyone ingesting Ganglia data into Splunk?
I'm looking for anyone who is ingesting Ganglia data into Splunk. I have a customer interested in doing this but were wondering about other customer doing the same. What has your experience been, use...
View ArticleHow to write a search to graph average time by site specific location using...
I'm trying to graph the average time of an event: July 18, 2016 10:02 -> INFO -> Done with sync of project-high-med-2016-spf-1-0_amss_standard_oem_milestone to **eurdc** of 272 MB in...
View ArticleHow do I run a universal forwarder on an indexer that's handling non-IT data?
I need to create a standalone Splunk instance to handle health data (about the health of humans. Non-IT data). So, I want to forward its `/var/log/*` data to my main indexer like any other server. Is...
View ArticleIs it possible to automatically update drop-down options with custom...
I am wondering if the following is possible, and if so, how. Currently I have a custom drop down-menu in a dashboard with a token for the options that are hard coded in XML. Is it possible to create a...
View ArticleHow do I get these feeds indexed to Splunk ?
Hi, I want to import these feeds to Splunk and compare the domains to the domains in the firewall log. Importutil is not working for me. Getwatchlist gives me 1 or 2 columns. I want all the data in...
View ArticleHow to edit my regex to extract the type and message fields for the exception...
I am trying to extract the type and message field for the exception information in the application logs. I have abstracted the logs because they are quite long. The logs can have between 1 to 3...
View ArticleTrying to update the Splunk Add-on for Unix and Linux from 5.2.1 to 5.2.3, do...
I'm trying to update Splunk_TA_NIX from Version: 5.2.1 to version 5.2.3, but the admin/passwd doesn't seem to be working. The admin passwd has been changed since the app was originally installed and I...
View ArticleDo I still need to take the Splunk prereqs in order to take the Splunk 6...
I have been performing Admin level work in our current Splunk instance. I want to take the training for the Admin Cert. Even though I have been performing upgrades, building content. editing conf...
View ArticleHas anyone used the AppDynamics app for Splunk? How big was your environment...
My company is looking at AppDynamics for APM, just trying to get a ballpark for what I can expect.
View ArticleWhere do I start with troubleshooting full queues?
So, there's this... Looking for documentation/advice on where to start. ![alt text][1] [1]: /storage/temp/149174-fullqueues.jpg
View ArticleWhen and why is system bin directory executing these commands (admon.cmd,...
We are defaulting the provision of virtual machines with Splunk Forwarder as part of baseline. By default, each VM will get a set of apps, but I don't have any inputs defined for them yet...
View ArticleHow to configure connections for the Monitoring of Java Virtual Machines with...
I have downloaded latest release of Splunk and am using a trial license. Goal is to demo this to my team. I have two Linux servers (RHEL 6.6) Websphere 8.5.5 with Splunk forwarder on one, and Splunk...
View ArticleNeed Help Configuring my Indexes.conf to enforce 45 day retention.
Using Splunk Enterprise 6.4.1 on linux. Hot/warm/cold are all on the same partition. All data should be deleted after 45 days, but searchable for the entire 45 days. Is there a formula of some sort...
View ArticleHow to search and display two sources in a table?
I found this thread, but wasn't able to get it to work for me: https://answers.splunk.com/answers/74245/joining-data-from-2-data-sources-in-splunk.html I have 2 sources that I would like to display in...
View Article