Splunk complains about "Data Durability" and "Data Searcheable" but I cannot...
Hi, I have been through the monitoring console, the logs and tried the health report. Still no clue. The only thing I see is an error with _audit in the indexer clustering status where _audit is the...
View ArticleList of Event IDs
I'm troubleshooting the windows infrastructure app and want to verify I'm getting all of the events I need to get. In looking for a comprehensive list of event ids used by the app I found an old one...
View ArticleNotification for Server Code Changes
I need to create an automatic notification that triggers anytime one of our development team makes a change to the code for one of the web servers for our website. The specifics of the notification...
View ArticleLine breaking issue Unix timestamp
Hi All, I have the logs in below format which is stored in a S3 bucket : 1567295878959445,hostname,ip,id,session,operation,db,query The first field I believe is the Unix time stamp. When I am...
View ArticleHow to extract a string from a field that contains letters, numbers and...
731/5000 How to extract a field that can contain letters, numbers and characters, as in the example below? The field to extract is the policyName that always comes preceded by the instanceId field. Ex:...
View ArticleSplunk: Archive to S3 or S3 compatible Object Store using Hadoop ?
I am seeing the following error message while trying to archive to S3. The logs are from "splunk_archiver.log". Any pointer as how to fix this ? 2019-09-09 06:09:11.127 -0700 ERROR Roller - Exception...
View ArticleField extraction
I have field in my raw events src = https://www.abcd.com/shop/buy-laptop/dell-200 src= https://www.abcd.com/shop/buy-mobile/LG-i20 I want to extract files product family and products. family like...
View ArticleBlacklist a file in my inputs.conf stanza?
All, I am getting an alert "Saved Search [ForwarderLevel - File Too Small to checkCRC occurring multiple times]: number of events (18) " The file is a file on my Solaris boxes. '/etc/dfs/sharetab' I...
View ArticleKV_Mode against Constant value host fields
I have a new data source that extracts quite well using KV_mode = auto (or KV_Mode=json). The data itself is a simple KV pair: "host:" "host-value" I would think that Splunk would pick up on the fact...
View ArticleStop indexing local machine?
New to Splunk, set local machine as source. So how do I edit / remove sources, including local machine? Thanks in advance.
View ArticleSplunk Time Selector being compressed in Google Chrome?
Super strange, but all of the sudden I seem to be getting a compressed/shortened version of my Splunk time selector. Open the saem URL in I.E. and it's fine. I imagine if I am seeing this that there...
View ArticleRubrik account permissions for API calls
What permissions, roles or rights does the Rubrik account require to allow Splunk to pull the information using the apps API calls?
View ArticleGo to last page of search results
When there are more than 10 pages of results, showing the Prev / Next buttons, is there a way to go to the last page of the result set without clicking over and over? We're on Splunk v7.3.1.
View ArticleWebsite Monitoring: Access Denied
When adding additional proxies as per the instructions on @LukeMurphey Wiki Page, I get this error in the /debug/refresh screen: InternalServerError Unexpected error "" from python handler:...
View ArticleWebsite Monitoring: Set Proxy Passwords for Multiple Proxies
I have multiple proxies each with different requirements and credentials. How do I add passwords when the website_monitoring.conf file `proxy_password` field is deprecated? [default] proxy_port = 3128...
View ArticleWindows perfmon when configured with Splunk Web where are settings stored?
I would like to see examples of perfmon inputs.conf settings. I tried setting up Windows perf mon using the Splunk web as documented here:...
View ArticleAvg of past data vs current product data.
I have product family pens, we release a new pen named blue. I want to compare avg sales of pens in past 24hrs with sales of blue. Thanks for your time.
View ArticleDashboard drilldown run a search query
Hi all, I am working an LDAP add-on I have two panels: 1. Group: Group Name | Count Member 2. Member Details: Name | Group Name. And Group panel has multiselect input, while member panel has text...
View ArticleCan someone explain to me what "category" is used for in props.conf?
All, CAn someone provide me some examples and why I would use categories in my props.conf? category = * Field used to classify sourcetypes for organization in the front end. Case sensitive. Does not...
View ArticleCan we use same license for Splunk Enterprise and Splunk Cloud ?
Hi , Suppose , we get single license of 5 GB/day. Can I use the same in both Splunk Enterprise and Splunk Cloud (2.5 GB) each ? Any response at your earliest convenience will be highly appreciated.
View Article