Monitoring of Java Virtual Machines with JMX: How to get composite attribute?
Hi All, I am trying to retrieve attributes of type javax.management.openmbean.CompositeData. If I use dumpAllAttributes="true", all the attributes from the MBEAN are retrieved except this one ......
View ArticleHow do I use a common field found in two sourcetypes to output a...
I have two sources with different data in each except one common column in each sourcetype called "DeviceName". In sourcetype two (device), I have a column called "Zones". Is there a way of using...
View ArticleHow can I centrally manage configurations for a Splunk Enterprise indexer...
I have a Splunk indexer cluster (2 indexers, 1 master node), 1 search head, and multiple forwarders. Is there a way to configure source types, input ports, etc from a central web interface, or does...
View ArticleHow to set a drop-down default value for a linked form when used by itself?
I currently have a form that is a destination form for a dashboard drilldown. Upon clicking a value on the pie chart on the dashboard, I'll be directed to this form with a token...
View ArticleWhy are infrastructure disk writes different than indexing rate in Splunk?
Hello All, Basically, I am confused as to what is actually happening in our environment. VMware shows that we are roughly writing at 6MB/s and Splunk Distributed Management Console shows indexing rate...
View ArticleHow to send logs from Oracle Access/Identity Manager to Splunk?
I'm trying to come up with a design to send logs from Oracle Access/Identity Manager log to Splunk. Any help or documentation on how to get this done will be great.
View ArticleHow can I modify the Splunk Add-on for Microsoft Azure for Azure GovCloud?
How can I modify the Splunk Azure connector so that when I choose an Azure Audit data input, I can further modify down level APIs the application may be calling to query the Azure Insights API -...
View ArticleAfter upgrading Splunk Enterprise to 6.4.2, why are we getting a certificate...
We've recently upgraded Splunk Enterprise to 6.4.2 and are getting an error while trying to upgrade the Splunk Add-on for Unix and Linux to version 5.2.3. splunkd.log shows: ERROR X509 - X509...
View ArticleJoining two eventtypes based on an ID
I currently have two sets of data where one includes all of the product views, and one includes all of the downloads on the webapp. Both reports generate a userId and I have them extracted as fields....
View ArticleHow do you show events on a timeline?
Assuming I'm showing events on a timeline, say for example, `timechart count(sign_ins) by date_hour` date_hour | user sign ins 10 | 120 11 | 151 12 | 122 13 | 100 14 | 532 15 | 332 And then I wish to...
View ArticleDistributed search groups not actually filtering searches
We are using distributed search groups ( http://docs.splunk.com/Documentation/Splunk/latest/DistSearch/Distributedsearchgroups ). We have 2 sets of indexers. Index group A and index group b. We have a...
View ArticleWhy is my search resulting in error "Streamed search execute failed because:...
While running the search `index=networking | timechart count` on Splunk v. 6.3.3, we are getting the following error: Streamed search execute failed because: JournalSliceDirectory: Cannot seek to 0 •...
View ArticleHow often/quickly does a Splunk universal forwarder read a file?
Hi, I have some customers who are VERY concerned about the Splunk universal forwarder on their servers. We run tests, and it performed fine, but they are still concerned and would like to know exactly...
View ArticleGenerate a table of keywords based on the correlation of a username across...
I have a tool that has three different rules, each rule is composed of a list of unique keywords. A rule is triggered when a specific keyword is observed in the users network traffic. What I want to do...
View ArticleWhy am I unable to extract this field with my current rex statement?
I have a regex that should be extracting the **employeeType** field from an event. Below is the text of the event and the regex I am using. Details: Attributes: employeeType Contractor Search: mysearch...
View ArticleWhy does the Splunk process die during AWS cloud formation? "helper process...
I've got a CF template that does the Splunk configuration for a license/master server and the last step starts the splunk service. I've logged the output and see Splunk starting up fine. Once I log...
View ArticleIs there a way to insert literal values into events before they are indexed?
Is there a way to insert values into events before they are indexed? We need to be able to insert string literals into our events before they are indexed.
View ArticleHow to display ONLY first row for each value in table
Hi, I have a requirement to use display first row for every ACCNO.any Ideas? query: I used some transaction command |table ACCNO,VALUE ACCNO VALUE 1 100 1 110 2 125 2 134 2 143 3 156 3 123 4 124 5 567...
View ArticleHow to remove the Splunk Search Tutorial data that I uploaded earlier?
I had imported the tutorial data for learning purposes, but I don't need that data anymore. How do I delete this data from my Splunk instance?
View ArticleWhere do I change the capabilities for a role in a search head cluster?
Hi, In a search head cluster, if I need to change the capabilities in a role, where should I do it?
View Article