Configure how often data will be send
Is there a possibility to configure, how often the data will be send, especially the gps data? Thanks, Basti
View ArticlePut over 100 results into one line?
Good morning Splunkers! I need help please! I am working on a dashboard that shows a list of MAC Addresses and sometimes the list is over 100 different addresses depending on the area. So basically I...
View ArticleHow to reset password via splunk db connect app
Hi, I have a splunk_apps_db_connect installed in my environment with db_identities, db_connections and db_input configured in order to pump in the logs from our db into splunk. Currently attempting to...
View Articlejson files truncated in index time (I think)
Hello, I'm having problems parsing our client's json events. But when I add them locally with the Add data menu it works just fine. Even if I index them, I search on my test index and the parsing works...
View ArticleHow do I check my kvstore size
I have a SHC and one of my search is consuming full memory which is running only in kvstore, not going to even Indexer. I'm just looking for a command to check the Kvstore size because the same search...
View ArticleLogs files missed to get index in Indexer from UF
I don't see 3-4 log files missing while searching on Searchhead. Is there any command to check if Splunk has already read the file on Universal forwarder. I'm running on older universal forwarder...
View ArticleCouldnt able to login web url of splunk
After splunk indexer server restart we are getting 500 inetrnal server error , though the splunk service is up and running . We are getting below error . fyi: 500 Internal Server Error Return to Splunk...
View ArticleQuery to see the forwarder does not send logs
Guys, I need to see which forwarders not send events in a period of 3 hours. For example: if a forwarder do not send logs, or do not connect with a indexer, in the last 3 hours I need to create a...
View Articlerex ip between fix characters
Hi all, i was wondering how can i write a splunk rex to parse out the ip between two words. for example 8.8.8.8, 2.2.2.21.1.1.1, 2.2.2.2, x.x.x.x I am able to write a search but in results it parse out...
View ArticleStream app's distributed forwarder management page doesn't come up
We updated Stream to 7.1.2 to a new searchhead using a deployment server. The _internal logs don't have any error from splunk_app_stream. Most of the other pages in the Splunk-app-stream UI seam to...
View ArticleNeed to exclude all lines with INFO or WARN from being indexed
I have been reading through a lot of the previous answers to exclusion, but non matched what I need. I need to exclude all INFO and WARN lines from one of my indexes so that they are never processed....
View ArticleIs there a way to select a range of results/values?
Good morning Splunkers! Need help sorting through a list of MAC Addresses. I have a dashboard that lists them in a drilldown table. I have some list of 900 MAC Addresses and using the command below...
View ArticleSplunk Indexing .gz files as compressed/raw data and not the uncompressed...
![alt text][1] Attached is an example of the data, I have also extracted the data from the gz files and it was able to import the data fine that way. The stanza for the monitor is...
View ArticleAttempting to Install the Splunk Add-on for Unix and Linux
Hello, This is what is listed in the documentation for the **Splunk Add-on for Unix and Linux**. https://docs.splunk.com/Documentation/UnixApp/5.2.5/User/InstalltheSplunkAppforUnixandLinux Create an...
View ArticleVerifying multiple indexes time sync
We have upwards of 50 different security technologies reporting into Splunk. I'm being tasked of verifying that all the technologies reporting are properly time synced. Without going into each...
View ArticleUsing lookup table for whitelisting CIDR ranges in SPL and getting zero results
I'm brand new to Splunk and I've having difficulty getting a query to return the results I'm looking for. I've checked the knowledge base and I see references to using transforms.conf and props.conf,...
View ArticleIssue building cluster
I manage a couple of small splunk clusters and for the 1st time I need to build one form scratch. I am testing in our sandbox env but when I bring the cluster up I end up with index issues that cant...
View ArticleFind top 3 fields per dimension (for all dimensions) grouped by platform
Let's say I have dimensions like country, content, subscriptionType and I'd like to get the 3 most common fields grouped by platform say web, app, etc. How would I go about doing this. An ideal output...
View ArticleCIDR Matching a subnet in a list of subnets
So IP to a subnet Cidr match has always worked in Splunk. No issues there. BUT a request came where we need to do a subnet to subnet cidr match and other than hacking my way out of it , don’t think the...
View ArticleError Message when Installing VMware App
I am trying to install VMware app, When i am trying to set up page and save it i got an error message Encountered the following error while trying to update: Error while posting to...
View Article