How to monitor data retention policy and tweak accordingly.
I've searched but havent yet been able to find the answer. We have a clustered index setup, and lots of data going into different indexes. We have the indexes defined with `frozenTimePeriodInSecs ` and...
View ArticleBehaviour with the fillnull & replace commands
host=* sourcetype=* |replace *.zip WITH * IN Object | replace *.csv WITH * IN Object | replace *.null WITH * IN Object | replace *.xls WITH * IN Object | replace *.pdf WITH * IN Object |fillnull...
View Articleprops.conf config for line breaking
Hi All, I am having problems splitting lines of a log file. the log entry is below; [DEBUG 2019-09-26 09:15:57:765] Logger Proxy STARTED [DEBUG 2019-09-26 09:15:57:765] Logger Servlet Called (13024624)...
View ArticleKVstore stuck at starting in all cluster members
Hi, I had setup a search head cluster with 4 members but not able to launch ITSI app. I think it's due to KVstore issue. [splunk@********** bin]$ ./splunk show kvstore-status This member:...
View Articlewrong apikey/token pair
I use splunk mint for android application tracking. I built app with same key, and same way but I can't upload my mapping.txt file in Progaurd menu. In the same time, I noticed splunk site connection...
View ArticleIs there a Universal Forwarder installer for MacOS Catalina (version 10.15) ?
Hi. The Splunk Universal Forwarder download site only provides a client for versions 10.12 (Sierra) to 10.14 (Mojave): https://www.splunk.com/en_us/download/universal-forwarder.html#tabs/macos Is there...
View ArticleReplication Factor is not met Search Factor is not met on master node.
Hi Experts, I am getting below error. In my distributed env I have 6 Index and 2 SH, In My master node I configure: Replication Factor : 4 Search Factor : 2 Please suggest what I need to resolve it....
View Articlecan anyone help on upgrade splunk enterprise standalone version 6.4.2 to 7.3...
Hi Team, we are running standalone splunk enterprise version 6.4.2 and we are planning to upgrade latest version, Kindly help on step by step procedure.
View ArticleUniversal Forwarder requires restart after registering new WinEventLog source
We are running a Universal Forwarder on our Windows servers which host several of our application. Each application logs to the same Windows Event Logbook, but use different sources to be able to...
View ArticleAlert is not displayed under "Alerts"
Hello All, I have an Alert wich is successfully Executed on schedule but, i'm not able to see the Alert under the "Alerts" tab on my Splunk Page. Looks a very simple Issue but strangely haven't found...
View Articlehow to add 2 rows to one?
I have 2 rows with same field name, how do I add the count of 2 rows and display the result in one row. please find the example: ================== Fruit | A | count --------------------------------...
View ArticleSearch over multiple lines
Hello together, i want to search for "Binding Type: 0" in the following example log: LogName=Directory Service SourceName=Microsoft-Windows-ActiveDirectory_DomainService EventCode=2889 EventType=4...
View Articlehelp on a text comparison fonction
Hi I need to compare two fields from the text characters of these two fields So I need to do something like this where toto <> tata The problem I have is the text one field is never exactly the...
View Articlehow to add a text box in a dashboar directly in a panel
hi Is it possible to add an text box in the tags below please??
View ArticleHow to search over multiple lines
Hello together, I want to search for "Binding Type: 0" in the following example log: **LogName=Directory Service SourceName=Microsoft-Windows-ActiveDirectory_DomainService EventCode=2889 EventType=4...
View ArticleInstall collectd on RHEL 6
I am trying to install collects on RHEL 6 and it is not liking the write_http output plugin. I realize this is not a collect forum but there are allot of smart people here!
View ArticleHow to format multi-value table
I need help formatting a mulitvalue field, the desired output below, followed by data in the field. For the data in each event, we need 5 field-values in each row, hope this makes sense... Desired...
View ArticleHelp with upgrading Splunk Enterprise standalone version 6.4.2 to 7.3 version
Hi Team, We are running standalone Splunk Enterprise version 6.4.2 and we are planning to upgrade the latest version, Kindly help on step by step procedure.
View Articlekvstore query via Python SDK on Windows is slow
It seems like the python SDK for Windows is timing out when trying to connect to the host. I have a rest endpoint that makes 7 kvstore calls, and each one adds 2 seconds to the execution time. On...
View Article