Trouble forwarding splunkd.log output to syslog.
I must be missing something very simple here so bear with me. I am running a Splunk universal forwarder instance, and I would like to forward its internal logs (e.g. splunkd.log) to my own Syslog...
View ArticleHow to create an alert that monitors ports 8000, 8089 and 9997 every 5 mins
Hello Folks! I need to create an alert that that checks if ports 800, 8089 and 9997 are up or down every 5 minutes. Could you please help me out? TIA!
View ArticleMicrosoft Office 365 Reporting Add-on for Splunk: Returning "500 Server...
O365 message trace logs suddenly stopped logging. We are seeing following error in Splunkd.log ERROR ExecProcessor - message from "python...
View ArticlePass all Dynamic Dropdown to a searches.
I have Two dropdowns Dropdown one: Groups all the status codes, which will display "Client Error" OR "Server Error" Dropdown two: Is auto-populated depending on the Dropdown one. For example: If Client...
View ArticleHow to put results of custom search command into index
Hello all, I have add-on with written a custom search command. This command call my python package. **my_searchcommand.py**: from lazy import Lazy from splunklib.searchcommands import ( dispatch,...
View ArticleHow to continue with last known value on a simple timechart
Simple search to look at the battery status on my UPS: UPS_BATT | timechart max(UPS_BATT) span=1m But the UPS_BATT value only comes in every 4~12 hours. How do I continue with last known value, until...
View ArticleHelp removing strings after a certain string with Rex
I'm trying to remove characters after a certain string in my search string. I am still getting the strings after "3" appearing after. I only want a 3 to be displayed. I only want the 3 to show up from...
View ArticleSearch to filter data
Hi, Can I write my search as: index=idx1 host != (a,b,c) | stats count by host The thing is I want to filter some of the hosts in the count.
View ArticleHow to pass all dynamic dropdowns to search
I have two dropdowns **Dropdown one:** Groups all the status codes, which will display "Client Error" OR "Server Error" **Dropdown two:** Is auto-populated depending on Dropdown one. For example: If...
View Articlehow to collect windows service status
I'm trying to collect the status of two windows services but I don't need the status of the rest of the services on the boxes. If I put in a WinHostMon stanza it collects everything but I can't seem to...
View ArticleCan one dynamically set 'managerid' value in a given ChartView?
In an app outside of Splunk that uses the splunkjs stack, I have a default view that displays a few visualizations that use PostProcessSearchManagers within ChartView instances. These panels display...
View ArticleSplunk data forwarding and indexing data drop issue
Hi, I'm facing issue with data forwarding to splunk. i'm not sure where data being dropped and its happening randomly. Details: I have text (key-value pair) file with 6.5 million lines(events) with...
View ArticleSplunk heavy forwarder data forwarding issue. WARN DateParserVerbose - The...
Hi, I'm facing issue with data forwarding to splunk. i'm not sure where data being dropped and its happening randomly. Details: I have text (key-value pair) file with 6.5 million lines(events) with...
View ArticleWhich file type consumes the most data?
I'm curious, which file type within an index bucket is largest? I'm getting conflicting responses. Some say the .tsidx file and others point to the bloom filter? Which file is it? Thanks for your help.
View ArticleAfter upgrade from 7.0.x to 7.2.x, search time with multiple subsearch...
Have a search with many subsearch and append command like below pattern. | makeresults | eval abcd="acded" | append [| makeresults | eval abcd="acded"] | append [| makeresults | eval abcd="acded"]...
View ArticleAfter upgrade from 7.0.x to 7.2.7, search time with multiple subsearch...
Have a search with many subsearch and append command like below pattern. | makeresults | eval abcd="acded" | append [| makeresults | eval abcd="acded"] | append [| makeresults | eval abcd="acded"] |...
View Articledoes not appear in the field
Hi all I have event like that. 2019-10-26 15:00:09.158, servicename="ROOT2", area="SCP", place="tokyo", path="AAA12345", Default="B", Sn="B", SC="B", update="person" "path" "place" "area" "servicename"...
View ArticleWebsite Monitoring App :Why am I Getting 401 response_code even after...
Hello there, I am using website monitoring app version 2.7.6 ,everything is working like a charm and app is really great and helpful but i am facing one issue with HTTP authentication, when I am trying...
View ArticleMap heat locations without Lat / Long
I am trying to map my datacentre cabinet heat locations to their respective cabinets on a top down view of the datacentre using visio. Is there a way to map my temperature to the correct rack location...
View ArticleHow to improve performance of stats sum
Hi I want to improve my search for better search performance, please find the attachment enclosed.![alt text![alt text][1] [1]: /storage/temp/275032-img-20191101-wa0013.jpg
View Article