how can i create graphs using java sdk
I am creating a java API that calls splunk. Now i require to add the graphs or export the graphs or visualizations into my java Application. How can i do that?
View ArticleHow to get max for each row?
I want to get the max stats_value for each row (that is a sum of stats_values) but my query works in a way that it aggregates ALL the rows instead of each individual row because of the way my input...
View ArticleHow can I determine the lag between when an app's scheduled search is...
Our scheduled searches seem to be lagging behind. I need a search to identify the delay between the scheduled time and the actual run time.
View Articlesplunkfowarder is passing passwords from auditd
I've got a splunkforwarder installed on a server. This server is also logging it's commands via auditd. When I do something like "sudo su -", auditd captures the output, but doesn't expose passwords....
View ArticleLog rotation breaks indexing
Hi, I noticed that, right after a logrotation, the data is not being indexed anymore. Data is still going through /var/log/myapp.log and /var/log/messages (rsyslog UDP) so it all arrive on the machine...
View ArticleAdd blank rows in the table
Hi friends!!! I am using the delta command to show the difference entres two values, but need to stay right every two lines include a blank line. ![alt text][1] Thank you. [1]:...
View ArticleHow can I maintain a lookup table of host to IP mapping?
All, So there are situations where folks ask me to "check the logs on everything on subnet 1.2.3.x/25" Rather than by host. Especially with PCI. Is there a meta data relationship stored in Splunk from...
View ArticleVPN users (same user login from 2 different locations in a specific time range)
i'm search for vpn users that might login into two different locations in a specific time-range and im getting the following result: index=cisco_acs src="*" AND src!=10.0.*.* | iplocation src | stats...
View ArticleBest way to get Symantec AV data - (reworking an old instance of Splunk)
Hello, I am new to Splunk and was recently given our organization's old Splunk project. Long story, but basically it's been sitting idle for about 6 years. The first thing I want to do is gather...
View ArticleDistributed Splunk workflow understanding
Hello Splunkers! I am currently setting up a distributed Splunk system in our company. It consists of: 2 Indexers and a Cluster Master Node, a standalone Search Head and a standalone Deployer/License...
View ArticleGenerating props.conf and transforms.conf from Splunk web
Hi all Since I'm quite new at this, I was wondering is it possible (on Windows) to generate props.conf and transforms.conf from Splunk Web (or to just slap some command from the command line)? I've set...
View ArticleHow to filter out audit id field from Brightmail logs in Splunk?
Hi Splunkers: I have an issue filtering out a field called **Audit ID**. Each email is assigned this number as it passes thru a mail exchange, so the conventional wisdom would be that if I search on...
View ArticleDoes anyone know if the Splunk Add-on for Cisco IPS works on 6.4.x?
Currently, the Splunkbase page for the Splunk Add-on for Cisco IPS only shows support up through 6.3
View ArticleHow to remove \ (backslash) using from URLs rex sed?
I am trying to remove the escaped characters of "\" from the URLs coming in via a Twitter REST feed. Does anyone have the secret sauce for forming a rex field= mode=sed? Sample URL:...
View ArticleIs there any negative impact deleting the .bundle files and files under...
Hi all , Recently we had an issue with /opt as it is consuming 100% memory. We have gone through and checked .bundle files are consuming a large amount of space under this, so we have deleted some...
View ArticleHow to compare same field values at different times?
How can I do a comparison with values from same field at different times? The logs belongs to the same index/sourcetype. There's a field called **lagtime** which basically denotes how long it took to...
View ArticleAre there best practices with handling duplicate hostnames/IPs across...
I was talking with someone who may have assets with the same IP across multiple data centers. In other words, the same IP ranges are allocated in different data centers, so any given IP may appear...
View ArticleIt is possible to use the delta command to calculate the percentage difference?
Hello! I wanted a way to calculate the difference as the Delta, but in percentage. It's possible? Thank you!
View ArticleWhy is my search not producing an average in the resulting stats table?
Hello Splunk Ninjas I'm trying to create a SPL query that displays the avg and max response time. When I run my search, only the max values are displayed. How do I edit my search to fix this?...
View ArticleHow to assign a Splunk status result to a variable in a script?
hello I am working on a script for running Splunk. I want to check status of Splunk and assign the result of the status to a variable for further use. Can any one please help me with this?
View Article