which mechanism used in indexers ?
Hello guys, Recently i have interviewed with a question like, which service or mechanish is used to get data form forwaders to indexer. Kindly help me in this case
View ArticleTableau System Logs
Hello everybody, i am wondering if anybody already do some Tableau System Monitoring with the Logs Tableau provided? I was a little bit suprised not to find a App or some inputs.conf recomendations. As...
View ArticleWhat is the difference between the results of this add on and the Splunk Add...
I'm trying to identify how this add on improves parsing over the Splunk version
View ArticleDbquery is slow
Hi. Hi, I have a dbquery and his execution is very slow, we migrate splunk from 6.6.11 to 7.2.3. I can see that the process "dispatch.evaluate.dbxquery" consume the half of the running time, is...
View ArticleTstats - how to add a "not" condition before 'count' function?
Hello, We use an ES ‘Excessive Failed Logins’ correlation search: | tstats summariesonly=true allow_old_summaries=true values(Authentication.tag) as "tag",dc(Authentication.user) as...
View ArticleBlocked Queue on Splunk HF
hi, I can see blocked=true in metrics.log of Splunk heavy forwarder. Blocked Queues are: typingqueue, aggqueue, parsingqueue, indexqueue, splunktcpin. Anyone is having any idea on this issue? Note:...
View ArticleSplit json into multiple events and sourcetype
Lets say I have the following json data onboarded. { "slaves": [{ "id": "1234", "hostname": "12556" }, { "id": "1245", "hostname": "1266" }] "masters": [{ "id": "2234", "hostname": "22556" }, { "id":...
View ArticleMigration - will Splunk re-index a directory?
Hello. We are migrating to a new Splunk server. In our current environment, Splunk receives syslog by crawling /logs/////. The /logs directory is an NFS mount. Our current plan is to migrate our...
View ArticleFeature Request: AppInspect to check for absolute paths
All one has to do is search Splunk Answers as such: https://answers.splunk.com/search.html?f=&redirect=search%2Fsearch&sort=relevance&q=ImportError%3A+No+module+named&type=question To...
View ArticleSearch Wineventlog to find latest login by users and then search for any > 14...
Background: as part of our account management auditing, I'd like to schedule a weekly report that shows me user accounts that haven't logged in in over 14 days. I currently have this search:...
View ArticleMultiple AND conditions in Eval w/ if statement
Hello there from someone in healthcare it industry. I'm working with multiple conditions and I want to make sure my syntax is correct here. | eval goodClaimStat = if((catCode != "E0") and (catCode !=...
View ArticleSplunk Add-On for AWS - Should I use 1 or many SQS for the various inputs?
I am currently utilizing SQS ingestion for all the inputs within the app. I am noticing some duplicity with the sources indexing across 2 different indexes. Should I be using a different SQS for each...
View ArticleSplunk Scheduled Report Filtering and Dashboard Panel
Hi, I have a scheduled report in Splunk that runs nightly. It is accelerated for 7 days and runs back in time for 7 days also. This report provides me comprehensive information about all my assets and...
View ArticleSplunk Add-On for AWS: should I use 1 or many SQS for the various inputs?
I am currently utilizing SQS ingestion for all the inputs within the app. I am noticing some duplicity with the sources indexing across 2 different indexes. Should I be using a different SQS for each...
View ArticleCan you help me with Splunk scheduled report filtering and dashboard panels?
Hi, I have a scheduled report in Splunk that runs nightly. It is accelerated for 7 days and runs back in time for 7 days also. This report provides me comprehensive information about all my assets and...
View ArticleCan you help me with a search involving multiple AND conditions in eval w/ if...
Hello there from someone in healthcare it industry. I'm working with multiple conditions, and I want to make sure my syntax is correct here. | eval goodClaimStat = if((catCode != "E0") and (catCode !=...
View ArticleHow do you search Wineventlog to find the latest login by users and then...
Background: as part of our account management auditing, I'd like to schedule a weekly report that shows me user accounts that haven't logged in over the last 14 days. I currently have this search:...
View ArticleCreate a Legend based upon another table
Hello gurus. I have a panel with a STATS COUNT chart where the y-axis is numeric value. What we would like is a legend where the description of the y-axis number is given. I know that LOOKUP is...
View ArticleUDP Heavy Forwarder to Heavy Forwarder.
Trying to set up a test enviroment to be used in production. Will be taking data from another Splunk HF and sending it to our HF. Must use UDP to transmit the data. I have played around with creating...
View ArticleHelp with input look, tstats, and visualization
Hello, I have a lookup table for all the source types. I'm trying to use stats or tstats to show all the source types, and if they have no data coming I want to show 0 for those source types. I'm...
View Article