Can you use regex in file_path
Is it possible to use regex in the file_path setting for the File/Directory Information Input app. Here is what I am trying to get to - E:\Folder\Folder2\20160808\InvalidFile\\*.cdi_Error1 -...
View ArticleFeature Request: /debug/refresh interface
It would be nice to see/select all of the values/modifiers that can be passed in a refresh command, rather than specifying them in the URL and relying on a cheat sheet/website.
View ArticleSplunk Add-on for Apache Web Server: Too restrictive?
I'm playing with the Splunk Add-on for Apache Web Server but it looks to be restrictive on the log format as per: http://docs.splunk.com/Documentation/AddOns/released/ApacheWebServer/Configure But is...
View ArticlePost Process Dashboard panel showing "search generated too much data for the...
Hello, I need help on post process, Here are my queries: sourcetype="xxxx" SERVER_POD="XXXX" FLOW_NAME="XXXXXX" SERVICE_NAME=XXXX ENDPOINT_TYPE=XXXX OPERATION="*" | timechart span=1d count by OPERATION...
View ArticleSystem Error Code 126 when configuring the SPLUNK ODBC driver
I am new to SPLUNK and am attempting to have it interact with Tableau. Before I can do this I need to get it installed and configured. I did install the C++ distribution package and the driver and that...
View ArticleBest approach for using a sub-search to compare time frames
I am looking for the most efficient way to do a sub search to see if vulnerabilities still exist now vs 90 days. Currently I do a search from 90 days back and spit that file to a csv and then do a...
View ArticleCompare responseTime field toady to last week without using append
Hello, I have a problem comparing responseTime field last minute with last week (monday - sunday). Below query give the results what i am seeking for, but append command limits to 50000 events, So...
View ArticleCannot merge events MUST NOT BREAK BEFORE not sticking.
Hello! Our application creates a log file a day. In the log file, every line is divided into a separate event. I am trying to have Splunk merge all the lines into one event. Simple right? Not in my...
View ArticleHow to change web address?
How to change 127.0.0.1\test -> 192.168.1.5 ? ![alt text][1] [1]: /storage/temp/156267-ubsdopknbk6kctyh0u6dvw.jpg p.s. Linux (ubuntu 14.04) \ splunk enterprise
View ArticleSplunk forwarder throughput to indexer doesn't improve even after giving...
Splunk heavy forwarder throughput to indexer doesn't improve even after giving unlimited bandwidth maxKbps=0 , it's only getting 4MBps on a 24 core box with 128 GB RAM reading from nfs mount and...
View ArticlePossible to get information about user executing a custom command in Splunk...
I have a custom script that I've defined as a command in commands.conf. I've tried adding passauth and enableheader, but I'm not seeing anything pertaining to the username of the Splunk user executing...
View ArticleCustom search command always shows Statistics tab
I have a custom search command `nbclosest` that returns a subset of search results used like: index="muni" | nbclosest That is if there were results containing log entries A, B, C, D, E, it would...
View ArticleNo data coming in.
Hi Guys, Not too sure if any of you here have a better step by step guide to either input other website or using the documentation's website. Either way, I tried both and there was no data index within...
View ArticleUCS AddOn stopped gathering ethTxStats and etherRxStats
Using version 2.0.2 of the AddOn and it works fine except it has stopped pulling data for ethTxStats and etherRxStats. I have restarted splunkd, uninstalled and reinstalled the app with no luck. The...
View ArticleHow to list out unwanted software installed on user machine
Dear team, What is the search condition to list out, which are the software installed on user workstation. Regards, syed
View ArticleExtracting data from splunk using java API and getting black diamonds instead...
I am extracting data from splunk thru Java API. Some of the events are extracted properly but after some of them a black diamond shows up for the rest of the data. What should i do? Thanks for your...
View ArticleLocal Yum Repo
I'd like to create a local yum repository for my organization with semi-custom RPM spec files to handle the upgrade procedure for Splunk Universal Forwarders (and Splunk Enterprise to some extent). In...
View ArticleComplete Fault Tolerant deployment using AWS
Hello Champions, As part of one of our DevOps capability. We are trying to deploy splunk in highly available fault tolerant environment using AWS. We are thinking to have load balancers for Search...
View Articleprecedence in outputs.conf on heavy forwarders
I have 2 heavy forwarders that forward to 2 peer indexers their config is identical like so : [tcpout] defaultGroup=splunk_cluster_1 maxQueueSize=7MB [tcpout:splunk_cluster_1] autoLBFrequency=40...
View ArticleIn props.conf what does each term means??
INDEXED_EXTRACTIONS = csv NO_BINARY_CHECK = true category = Custom pulldown_type = 1 config = props
View Article