Why are some views in an app missing after upgrading Splunk from 5.0.5 to 6.2.5?
We have upgraded Splunk from version 5.0.5 to 6.2.5. After the upgrade, we noticed some of the dashboards in an app were missing. We are completely clueless about this. Any ideas ??
View ArticleWe have a shortage of disk space in one indexer. Can we delete data present...
We are currently running out of space in one Splunk indexer out of 5 indexers in our distributed environment. Using Splunk 6.2.1 Version. Total size of the indexer volume is about **5.2TB**. Currently...
View ArticleWhy am I only getting a maximum of 100 events returned through a oneshot...
I'm using Splunk's Java SDK to get Splunk events, and the problem I'm facing is that Splunk only returns a maximum of 100 events, even if the search originally contains more than 100 events. How can I...
View ArticleHow to count the occurrence of a field/string per transaction for events...
I have custom log file in which we all logging various activities in a transaction context (correlation ID). In this particular case, we have a Rest Search to get price detail. Service accept 1 or more...
View ArticleHow to write a search to alert when a source stops sending Windows event log...
Hello, Need a suggestion to set up an alert for when a source stops sending Windows event data. Here is what I have so far, but is this sufficient? index=windows host=#1 OR host=#2 OR host=#3 | stats...
View ArticleHow to get data from IBM DB2 on AS/400 into Splunk?
At present, the data from IBM DB2 is scheduled by the job scheduler. We would like to get the data from this DB2 database on AS/400 platform into Splunk. I have seen that DB2 running on AS/400 is not...
View ArticleCan anyone suggest a typical Splunk implementation for an organization?
I am a newbie at Splunk and am splunking, learning my way through the tutorials and practicing, but I want to know would be a typical Splunk implementation infrastructure in a real organization....
View ArticleWhy am I not getting any search results using the REST API to send a request...
Hi, I am trying to do a real-time Splunk search using the REST API. The endpoint I am sending a request to is `services/search/jobs/export` and if I understand the documentation correctly, I should be...
View ArticleIs there a permanent solution for handling too many search jobs found in the...
Hello. I am getting this error: Too many search jobs found in the dispatch directory (found=7079, warning level = 5000) So I ran a script via CLI multiple times to delete all the search jobs in the...
View ArticleRestart splunkweb without restarting splunkd? (v6.4.x)
Is there anyway to restart a missing splunkweb process WITHOUT a full splunk restart? In one of the versions of 6.x splunkweb was integrated into the same process. We have some situations in which...
View ArticleHow to calculate total disk size when using freediskspace collection?
I am searching for a 'search' that will give me the following information: Disk usage (C:) in % Total Disk size (C:) Free Disk space (C:) I know there is Windows App, but I would like to achieve this...
View ArticleHow to edit the XML for my dashboard table drilldown to only display log data...
Hi, My team and I are working on a project and we are trying to open data logs within our dashboard. Our current XML code enables us to open the data logs in the dashboard, but it opens all the logs...
View ArticleWhy is the Incident Review dashboard missing from Splunk Enterprise Security?
The Incident Review dashboard is not listed in the pre-set list in Splunk Enterprise Security. Is this a dashboard I need to download, or is something missing from my ES? I need it to monitor my UBA...
View ArticleAfter setting up HTTP Event Collector, why am I getting browser error "Failed...
Team, On home screen of the Splunk Search and Reporting app, I'm getting the browser error: en-US/splunkd/__raw/servi…nobody/search/search/jobs/rt_1470673676.7?output_mode=json&_=1470673910548...
View ArticleSplunk Add-on for Nessus Tenable API: Getting error "Fail to decrypt the...
I have the latest TA Nessus installed and it was working fine for about a week importing nessus reports through the Tenable API calls. It then stopped indexing events and reported the following...
View ArticleHow do I manually import threat intelligence downloads for internal...
Is there anyway to manually import threat intelligence downloads for internal servers (offline from the internet)? Yes, I know that since the system is not connected to the internet, I should not have...
View ArticleIs there a Splunk Java Framework to collect application metrics to index and...
Hi, I am new to Splunk and need your help in finding out if we have Java API / Framework from Splunk which can collect application metrics and pass it over to engine for indexing and reporting? Note: I...
View ArticleHow to troubleshoot why monitored files in a directory are no longer getting...
I am monitoring files in a directory which Splunk pulls into an index when new files show up in the directory. We ran the script which updated the files in the directory, but the index only has old...
View ArticleWhat apps or add-ons should I use to monitor Linux machines?
Hi, I have a little bit of experience working with Splunk in a Windows environment. I have been tasked with identifying what the product can do it in a Linux Environment. A cursory search revealed 3...
View ArticleHow to configure Splunk Add-on for ServiceNow to not pull data from...
So we just enabled our ServiceNow connector on a heavy forwarder of ours to ingest all of our data in our ServiceNow Cloud via the API. The problem we're running into is that our ServiceNow database is...
View Article