Having some trouble with sub searches and makemv/mvexpand
Im trying to do some data mining on twitter for a project. I trying to find keywords that are most popular, and then remove the stop words using a CSV lookup. Here is my query: index=football-twitter...
View Articleearliest=-1w does not work
Hi, I have the following simple search. sourcetype=ib:reserved1 source=ib:user:user_login index=ib_security earliest=-1w When i run this search i do not get results. But when i remove the earliest...
View ArticleHow to enable iplocation
How do I "enable" iplocation in Splunk Ent. 6.2.2. I thought it might be just an automatic function now that the database is default. When I try searches using "iplocation" context it brings up...
View ArticleCount by values for two fields like a table
I have events coming with two distinct key say "Key1" and "Key2". Expected value for these keys are 1 to 3. I want a table where I can see the count of each key for every possible value like......
View ArticleHow to find elapsed time between now() and event?
Hello. I am trying to find the amount time that has passed from the time and event occurred to the present (now()). I tried subtracting the time of the event from the current time, but I got an Epoch...
View ArticleMissing data in Stream Examples App
I've been playing around with the Splunk for Stream and Stream Examples apps to see if they might be useful for us. http://www.splunk.com/en_us/products/splunk-app-for-stream.html I have a couple of...
View ArticleEfficient way to get high-level messaging stats
I'm looking at behavior of a service which consumes messages about products, the unifying factor being a field called UPC. In theory there should just be a single message sent across per UPC, but I...
View ArticleDeployment client is not indexing data to the Deployment server?
Hi the following were the splunkd.log messages in the deployment client 11-06-2015 20:06:35.618 -0500 WARN TcpOutputFd - Connect to 10.200.160.13:9997 failed. Connection refused 11-06-2015 20:06:35.618...
View ArticleSplunk datamodels for checkpoint firewall
Is there a pre-built datamodels for splunking checkpoint firewall logs.. ? I have installed splunk app for opsec lea - and successfully configured my CMA device to pull checkpoint device logs.. any...
View ArticleDeployment client is not indexing data to the Deployment server? (50 credit...
Hi the following were the `splunkd.log` messages in the deployment client. I don't know why it isn't showing any warnings or errors and also it didn't indexing anything. But you can see that it took...
View ArticleNavigation menus dislocation
Nested Navigation Menu Dislocation still on Splunk Enterprise 6.3.1,pls Help to solve this problem ![alt text][1] [1]: /storage/temp/70171-navi.jpg
View ArticleAfter upgrading to version 6.3, I'm getting a stanza=_blocksignature error....
*Search peer Splunk has the following message: Found stanza=_blocksignature in indexes.conf. The block-signing feature is no longer available in Splunk. Please remove stanza=[_blocksignature] from the...
View ArticleHow to post splunk results to twitter
How do I post splunk results to twitter. This old script by Splunk no longer works. #!/bin/sh # tweet.sh - Post Splunk saved search result to Twitter. # Greg Albrecht (gba@splunk.com) # (c)2010 Splunk,...
View ArticleParsing multiple hosts in one file
I have a source file which looks like the following: a = 2 b = 3 c = 4 ... a = 2 b = 3 c = 4 ... a = 2 b = 3 c = 4 ... What would be the best way to extract the data based on this file? so I can search...
View ArticleHow do I break multiple events by Regex into single event objects
I would like to break this into individual events before the ",{type" : { "type": "FeatureCollection", "features": [{ "type": "Feature", "geometry": { "type": "Point", "coordinates": [34.7500, 31.5000]...
View ArticleWhich method to do Cisco Firesight data collection: estreamer vs syslog?
eStreamer has got lot of disadvantages (eg extra perl modules, pull technology etc..). So was planning to use "syslog" from Cisco Firesight/Defence Centre. Does anyone know if there are issues with...
View ArticleHow to connect Splunk ODBC with R in R Studio using R ODBC?
I want to send results of a Splunk Search into R Studio to do further statistical analysis on it. Based on suggestion here by @melonman > h t t p s : / / answers . splunk . com / answers / 49583 /...
View ArticleHow to remove path from spath field names
Hello, So I love the spath command. With just one call, it will automatically extract and make searchable each and every field from each JSON log entries. The only problem is that the spath command...
View ArticleFind old vs new errors with counts
Folks I am new in splunk so pardon the basic question here. I am trying to find in my application what are the new errors over the past 24 hours that we never encountered in the past week. Here is my...
View ArticleHow to save PDF report do disk
We cannot use email when sending scheduled PDF reports. Is there a way how to save PDF reports to disk? What kind of python/perl script is needed? There was an answer 26492...
View Article