Anybody collecting VOIP RTCP data?
I understand RTCP is a binary protocol and saw a old post from 2010 that somebody else wanted to collect this data as well. Anything on the Splunk front to support RTCP these days? If not what...
View Articledistribute outputs.conf to forwarders using deployment server???
Hello, i need to distribute outputs.conf file to my forwarder using deployment server. i have set up deployment server and pointed the deployment clients. am able distribute apps to all my forwarders...
View ArticleConsolidating table entries
192.168.1.7 |table Realm, Role I have a search and I'm trying to consolidate to unique combinations of Realm and Role. Realm Role Realm A Role A Realm A Role A Realm A Role A Realm A Role B Realm A...
View ArticleService not available error.
I am getting an unknown error service not available error. Nothing seems to function and I cannot find any errors in the logs. Is anyone else having this issue? It looks like a great enhancement that...
View ArticleSearch head not able to send data to the cluster
I have two search heads, which are not clustered, only my indexers are clustered, the search heads are separate. Both worked fine, but recently I must have misconfigured something (unintenionally...
View ArticleAccess Row Fields in BaseCellRenderer
I am working with a custom HTML dashboard. I see how to use the TableView and the BaseCellRenderer together to customize the contents of a given cell in the table. However, when the BaseCellRenderer is...
View ArticleCreating a search table on dashboard
Hi I have different data logs on splunk that has specific information about call logs. I need to create a dashboard that can search the call logs by inputting a ConnId number which results in a table...
View ArticleShow a chart based on host found in another search
Ok, So I have two searches that work great. One will find computers with slow ping times. The other will create a chart of the ping times based on one host name. I would like somehow combine these two...
View ArticleDUO Log Add-on for Splunk: Why am I getting error "ModularInputs - Validation...
I get the following error for the DUO log Add-on for Splunk: 07-20-2016 18:45:36.396 -0400 WARN ModularInputs - Validation for scheme=duo failed: The script returned with exit status 1. Wondering if...
View ArticleWhy is the Splunk Add-on for Nessus indexing running Nessus scans, even after...
I'm having an issue where Splunk is indexing running Nessus scans despite having changed the `index_events_for_unsuccessful_scans` option to `0` in Splunk_TA_Nessus/local/nessus.conf. I've tried...
View ArticleHow to merge multiple messages into a single message with a single timestamp...
I have a limitation of message size from the originating system and need to merge a message. The messages are separated for the first message by `...` (three periods) and the beginning and end of the...
View ArticleHow to best send our Java app's logs to Splunk?
Our Java app, developed in-house, has easily-parsed logs. I'd like to get them into Splunk real-time, and in an elegant way. (Nicer than Splunk tailing log files?) I can edit our Java app to do...
View Articleeasy way to change _TCP_ROUTING = * ?????
I'm working on doing some data cloning. As a first step, outputs.conf (on a virgin 6.4.1 universal forwarder on Windows) looks like this, and all is well. [tcpout] defaultGroup = default-autolb-group...
View ArticleHow do I edit my Splunk search to identify the top database queries with the...
I have a Splunk search that extracts from the events for various queries executed and time taken by them. I want to find the top 10 queries in terms of total runtime irrespective of the count of runs....
View ArticleHow to use OAUTH v1 with REST API and the Splunk Add-on Builder?
I am currently in the process of using the Splunk Add-on Builder. I want to use REST API as the data source. The issues that I am having is how to use OAUTH v1 with the Splunk Add-on Builder? The error...
View ArticleWhy am I getting no search results after uploading a CSV file in Splunk Web?
Hi, I uploaded a .csv file through Splunk Web. The sourcetype is a csv, and it just went into the default index, but when I search for it, I can't find it anywhere. I've tried `sourcetype="csv"` by...
View ArticleMonitoring of Java Virtual Machines with JMX: Why am I unable to get...
Hi All, I use the app Monitoring of Java Virtual Machines with JMX and it works really well to get some attributes from java.lang. However, I tried to retrieve some other values coming from other...
View ArticleHow to index data which is forwarded to DNS?
Hello I am using DNS lists for load balancing. I am pointing my forwarders to send data to my DNS, but I was wondering how can an indexer listen for data which is being forwarded to DNS? I searched for...
View ArticleSubsearch not Working
I believe I fully understand the concept of subsearches and have used it a few times perfectly, however, I can't get it to work in this instance. Below is my search string; index=main...
View ArticleHow to configure 90/180/366 days retention for an index?
We would like to enable frozenTimePeriodInSecs and enableTsidxReduction = true with timePeriodInSecBeforeTsidxReduction. Keeping both settings as the same values, can we achieve the targeted days of...
View Article