help on a filter issue after a loadjob command
hi I use the search below and I call it from a loadjob command After the loadjob execution, I need to filter the data by host but it doesnt works I had | table host after | stats dc(host) but nothing...
View Articlesplunk housekeeping - directories in /opt/splunk/var/tmp/data
I have 23000 (yes 000) directories in /opt/splunk/var/tmp/data I can't find info in docs as to what this is - how best to find out ? each directory has files in such as : part-00000.gz part-00001.gz...
View ArticleShow max ,minimum and average values from a pool of host machines on a chart
I have the follow search which shows the call count being made to a number of hosts every 15mins "cs_dataowner_id="ICTO-18172" cs_stage="PROD" |search source="*dqs*"| search "FetchTradesHistoric...
View ArticleHow to extract a word from raw data in Splunk using rex
SVSCPLEX,S0W1,S0W1.DAL-EBIS.IHOST.COM,SYSLOG,zOS-SYSLOG-Console,SYSLOG,-0400,NE,001C,19283 01.21.46.880 -0500,S0W1 ,JOB03487, ,40000000000000000000000000000000,00000090,TESCREAT,00," IEF450I TESCREAT...
View ArticleCan't MAP a host field with IN clausole in a map searching
As in object, it's a strange behaviour, i can't use an IN clausole with host field in a map search. Here's my search, |inputlookup list.csv|where tag="locals" |map maxsearches=50 search="search index=*...
View ArticleDHCP data into SPLUNK
Dear All, How can we send DHCP data into splunk? What is the best way to push DHCP data into splunk? Is there any addons or we need to install UF in DHCP server? Regards, Santosh
View Article2 Different Timezones being interpreted with the same IIS log file
As with many folks, my IIS logs are setup to run with GMT timestamps. I have setup "TZ=GMT" on the sourcetype setup for my IIS logs, set in the indexer under props.conf. I have multiple IIS servers...
View Articlehow to make a visualization using a lookup with ipranges? CIDR
Hi I am visualizing in a map private ip addresses. I created a lookup table which looks like this: ip iprange iprangeLatitude iprangeLongitude iprangeProvince 10.xx.y.1 10.xx.y.0/zz 53.749997...
View ArticleGoogle Cloud Platform Unable to Pull Data
Hi all, I am trying to pull data from Google cloud to Splunk. After configuring google cloud credential and cloud monitoring input I am seeing the below error in logs and can't see any google cloud...
View ArticleUsing lookup to compare data from search and CSV
Hello, I'm having a little trouble solving this one. I managed to extract all hosts in Splunk in a table with events counted by path with the following search : search index=* | rex field=source...
View Articlehow to extract a field from the results of a search query.
Some events generated from the below search query. index=webmethods_nonprd CESAP.pub.Shipment.handler:processShipment_PostalMailProvider OR CEAustraliaPost.sub.Shipment.handler | transaction shipment |...
View Articlenot seeing data in forwarder
We have a Threatarmor appliance, it sends its logs in CEF format. I have a configured a Universal Forwarder on the same network as this appliance, (UF installed on Linux) from the Splunk ES I can query...
View ArticleWhat will happen if you Upgrade UF without stopping splunk service?
hi All, Does anyone has any idea about the cons if we upgrade a UF on Linux/Windows machine without stopping the splunk service? In documentation ut says first we need stop the splunk service and then...
View ArticleI need a help in props.conf and transforms.conf
Hi, I am new to splunk. Need some help in log filtering. I have below example log: p 12 02:04:55 xxx,[DEFAULT_LOG] 2019-09-12 02:04:52,066 xxxxxxxxxxxxx Sep 12 02:04:55 xxx,[AUDIT_LOG] 2019-09-12...
View ArticleThe fields are NOT showing up in an large multi-line event
I have log data for a web service call. We log the web service call response status (success OR failure) as well as the payload that is send as request. These information (status and the payload) are...
View Articleneed help indexing a simple XML file
I work with a file delivery system that relies on an xml "index" file that acts as a sort of manifest of files available for download in a given data set. I need to index these xml files so we can...
View ArticleHEC - Events not indexed with custom sourcetype
Hello, I am trying to use Http Event Collector, but the events are not indexed when I use a custom sourcetype ( really similar to _json src type). If I use **_json** src type or a src type that not...
View ArticleMinimum Free Disk Space Reached
I've Just set-up a new Single Instance Splunk Server (Version 7.3.2) on a VM with 200GB of space. I've not set up any indexes/searches/apps etc I've literally only run the installer and logged in to...
View ArticleSplunk Azure DR
Hello Is Splunk capable of clustering indexers and search heads that are in different Azure regions
View ArticleCompare two lookup tables
Hello all... I have to compare two lookup table files in splunk. One is a list of hosts that should Be logging, and the other is a list of what isnt logging. I tried a few different things, to no...
View Article