How get big f5 asm (version 12.1.0 HF1) log to splunk
I tried follow config http://docs.splunk.com/Documentation/AddOns/released/F5BIGIP/Setup (Configure F5 Logging Profiles for ASM) send log form BIG F5 asm to Splunk. But i only get audit log (udp...
View ArticleDeployment script troubleshooting
Hi, I am trying to use this script: https://answers.splunk.com/answers/34896/simple-installation-script-for-universal-forwarder.html Everything installs splunk fine via hosts file, however it will not...
View ArticleTimechart with latest() doesn't display results when used on its own
Hi, I'm trying to follow the disk usage as gather by the *NIX app. I think the most appropriate timechart function would be `latest()` since neither `max()` nor `min()` are quite what I need. However,...
View ArticleHow to search, which are the apps and Website logs getting in splunk
How to search, which are the apps and Website logs getting in splunk. sourcetype="f5:bigip*"
View ArticleSSL Termination from Splunk Forwarders to indexer servers
We are wondering if the Splunk forwarders care if SSL termination is not done at the indexer? We would like the forwarder to have the SSL cert of our NG firewall, which will then decrypt the traffic...
View ArticleWhy does one serverclass appear via the REST API and the other doesn't?
Hi, We are giving our customers the ability to install ufw via a chef recipe, and also provide a serverclass, so that they can automatically start logging their appropriate servers. Part of our recipe...
View ArticleWhy does this query fail when it first executes, but then it succeeds on the...
This query is in a dashboard that was working fine. (When the dashboard loads or that panel is refreshed it fails now. When it is opened in search it fails, but then it executes successfully every time...
View ArticleHow to restart splunkweb? Getting error "Permission denied splunkd.pid is...
We have an issue with splunkweb services unable to run them. Can anyone help resolving this error? Splunk status: Pid file "/opt/splunk/var/run/splunk/splunkd.pid" unreadable.: Permission denied...
View ArticleConvert time
I'm trying to rename _time to Time and it's changing the format. I used ctime to fix it, but I only want to display it in the HH:MM format. I can I covert my ctime to only show HH:MM? | eval Time =...
View ArticleAre there any example searches or dashboards for the Splunk App for CA...
I'm looking for examples/dashboards for the Splunk App for CA Siteminder. Any help/guidance would be appreciated.
View ArticleSplunk parsing day of year incorrectly?
Good day. I am trying to import a CSV into Splunk and specifying a Timestamp format and it appears Splunk is not calculating the day of year properly. My data has a column called 'Start Time' with...
View ArticleHow to create a time series dashboard with different charts based on...
Instead, I wanna do as below test.csv devicetype ------------ router switch firewall sysproxy webproxy I would like to create a timeseries dashboard based on devicetype in different charts router GRAPH...
View ArticleSplunk Hadoop Connect: How to troubleshoot error "failure to login...Unable...
Hi, I am using the plunk Hadoop Connect App to add a cluster and connect to a remote hdfs. After filling the form, when I hit save, I get the following error (in splunk/python.log OR...
View ArticleHow to edit my search to create a new extracted field with rex?
I have this search index=nitro_prod_ecomm earliest=-30m@m | rex field=_raw "\d\d\:\d\d\:\d\d\s+(?\d+\.\d+)" | where ResponseTime>1| rex field=_raw "(?(GET|POST)\s+\/(\w+))" |stats count by...
View ArticleProofpoint Protection Server TA for Splunk: How do I get this field extracted...
Hi all, I am looking at using the Proofpoint Protection Server TA for Splunk, and having set it up, I am having some difficulty with field extraction in that the app is not doing what I expect....
View ArticleAfter upgrading Splunk DB Connect, why am I getting error "invalid literal...
I can see the results without problem in the query page, but if I create a db input, Splunk shows me the following error in /opt/splunk/var/log/splunk/dbx2.log : [ERROR]...
View ArticleHow do I get a search with "timechart span=1d" to return and display events...
I have a search like below. If i run this search, let's say now, it fetches transaction (as per the display ) not from the TOP of the hour, but from the time I have run the search. Let's say I run this...
View ArticleIs there any way to do calculated fields before search time?
I was using calculated fields, but then I started reading the documentation and saw that calculated fields are done during search-time....
View ArticleHas anyone used General Purpose SSD (GP2) instead of Provisioned IOPS for...
It may be a dumb question, but just would like to have any knowledge or experience. I'm designing SPLUNK on AWS, but need to consider General Purpose SSD instead of Provisioned IOPS one because of the...
View ArticleWhy is my search with a where condition not filtering results as expected?
Hi, We have a search which gives us average CPU time by host and we want to plot a line graph to get hosts which have CPU usage greater than 25%. Our search below is giving us results, but when we...
View Article