DB Connect App stopped putting data in Splunk index after I updated my SSL...
My Splunk SSL certificates expired after the normal 3 year period. I have generated new SSL certificates which worked well with the forwarders running in the Linux OS. These forward data directly to...
View ArticleSeeing errors of form: ERROR NewSavedSearchMgr - Error base64 decoding...
Why am I seeing errors of this form: 09-06-2016 08:42:25.189 +0000 ERROR NewSavedSearchMgr - Error base64 decoding section of remote_myhost1.company.com_SIDNumber: myhost1.company.com
View ArticleTimestamp difference
Hi, ![alt text][1] Index time 4 hours behind the actual timestamp of the database row we are pulling in as event. This is resulting in wrong Order Line count for events which are created between...
View ArticleSplunk License Usage: Does Splunk not count its internal logs against the...
We are trying to use the Splunk license app and it is not working. Is it possible that Splunk does not count its internal logs against the license?
View ArticleAcademic License for high school
The terms of the Academic License dictate: "YOU REPRESENT AND WARRANT THAT YOU ARE EITHER AN INSTRUCTOR AT A COLLEGE, UNIVERSITY OR POSTSECONDARY TECHNICAL INSTITUTION OR YOU ARE A STUDENT AT A...
View ArticleHow to get difference of events between main search and a extracted search
Hi Ninjas I have a search which returns 1500 events. From that search I have extracted a field (eg FieldX) using a regex which matches with 900 events. From the remaining 600 events, I found that I can...
View ArticleSplunkd service goes down every 24 hours on the forwarder
On looking into the internal logs of the server on which forwarder is configured, I could observe that splunkd is shutting down for every 24 hours, and starting again. Below are the logs before the...
View ArticleSet custom values to do comparisons between indexed data and fixed values
Hi all. I have an application that shows some dashboards with statistical tables based on indexed data. I want to create a setup section where any user setup custom values (for example forecast), to:...
View ArticleDate column has some bad data. I just want to remove the row if the date is...
Hello Splunkers, Question about discarding rows, I want to disgard a row that is longer than 19 characters, if found in my query. See below we have some junk data and I want to remove whole row if I...
View ArticleDynamically populating dropdown and derceving the error "duplicate labels...
HiCubeBASE SEARCH | stats count by DatabaseName@w0nowclabelcvalueAll** I have this code for dynamically populating my dropdown but I'm still getting the error > duplicate labels causing conflict I...
View ArticleComparing different fields from different rows
Hi, I've a search query that returns 2 events with two different fields; ![alt text][1] EXTRA_FIELD_3 = XXXXXX GUNCELSAYI = YYYYYY I want to compare if EXTRA_FIELD_3 > GUNCELSAYI*2 and raise an...
View ArticlePer-event sourcetype overrides - not actually a lot of use?
OK, I've got a stream of, potentially, over 100 different event formats that I want to send into Splunk. Inside each event I specify the sourcetype I'd like splunk to use to process them - it's the...
View ArticleSplunk License Usage Rollover From Yesterday
My Splunk Usage Report is showing an abnormally high amount of usage given how early it is in the day. I took a look around, and noticed on the 30 day historical report no usage is being shown for...
View ArticleUsing volume management on _cluster indexes
I have an index cluster and am setting up volume management. I have modified SPLUNK_DB env variable to point to /data and also have volume defined in my index config pointing to the same location. From...
View ArticleIs it necessary to reload if we do any changes in serverclass.conf is it...
I am getting an error while reload Socket error communicating with splunkd (error=The read operation timed out), path = /services/deployment/server/config/_reload and also its taking a lot of time to...
View Articlestats/eventstats - how to track open session when closed session entry...
I have the following logs from my Linux /var/log/secure 15/03/2016 10:30:20 server1 session opened for user root by joe ... 15/03/2016 10:40:20 server1 session closed for user root ... 15/03/2016...
View ArticleDifferent values for each minute
Hi, i'm new to splunk and in need for a little help. we can only access an index that was made for our department. background: we are extracting data by REST from our products to Splunk. one of our...
View ArticleTrying to look at 3 weeks or older traffic logs in Palo Alto Networks Splunk...
The App will populate dashboards with data newer then 3 weeks old, If I search further out i get nothing. I can't seem to find anything that maybe related any help will be appreciated.
View ArticleDirecting incoming data from heavy forwarder to index by host name
Hi, I have data coming in from multiple hosts using either syslog, or a universal forwarder, going into 3 heavy forwarders, and then forwarding to SplunkCloud. I've created 3 indexes - Financial,...
View ArticleUpload large file
Hi, How does one upload files larger than 500mb? I get an error "File too large. The file selected is 996Mb. Maximum file size is 500Mb" Is this due to using the trial ? Thanks
View Article