DMC: Search heads shown as heavy forwarders?
I'm in a setup with a license/deployment server, three clustered search heads and a deployer, and three non-clustered indexers. Per the documentation on setting up the DMC, I'm setting it up on the...
View ArticleHow to extract multiple field values in different format from XML with...
Hi Team I have an XML dataset that looks like the following 2015-08-08T00:00:0023:58:00MCP6th district, Gaithersburg / Montgomery VillageGOSHEN/CENTERWAY39.1631533333333-77.1921333333333NoNo The...
View ArticleAlert is not getting triggered
Hi People, I created a sample app which works with uploaded data in splunk. The data has almost 1700 rows. This data is fixed. I created an alert which is based on triggered condition. The condition is...
View ArticleHow to change label displayed in Custom Cluster Map Visualization
I'm using the Custom Cluster Map Visualization from SplunkBase and every marker is displaying the number 1. I am trying to figure out how to change this, but the developer seems to have provided...
View ArticleHow do I CIM tag SQL server audit logs read by the DB Connect application?
This is actually a question I already the answer for, I just want to use the question/answer style to ensure it complies to the way this forum is setup. This is how I achieved the CIM compliance for...
View ArticleImporting Year/Month field
I'm trying to import a csv format using splunk. The timestamp of log is in the format YYYY/MM. By default, splunk fails to generate timestamp since there is not hour, minute, and second information. An...
View ArticleGoogle Maps requires an API key
We have an internal dashboard that has been using the Google Maps. We are now getting the below message: Oops! Something went wrong. This page didn't load Google Maps correctly. See the JavaScript...
View ArticleIndexing JSON - problem
Hi all, I have json data that incoming from FIREEYE but can't parsing. I'm working with cluster environment. inputs.conf on the heavy forwarder: > Blockquote [tcp://6012] index=fire_eye...
View Articlebest approach to speed access to Linux performance data such as iostat vmstat...
We have a vast amount of performance data and I want to make better use of the data by speeding up access to make it easier to query and compare data over the long term. What is the preferred method of...
View Articlewithin "Extract Fields", how can I start the regular expression with a value...
I have a field 'foo', it has a value like "data1_data2" I'd like to make an Extracted Field that starts with the contents of 'foo', instead of the entire raw event is that possible?
View ArticleHow can I identify field extractions that are causing performance problems?
Is there a log configuration option that will have splunkd logging when poorly written field extractions are impacting search performance? (or is there some other option to use a Splunk search to...
View ArticleSplunk Add-on for Google Drive: Why am I getting a "modular input Splunk is...
I followed the installation exactly and successfully created the client id/secret key/authorization code but I keep seeing the following error in my log and the stats aren't being returned:...
View ArticleSplunk DB Connect: Why does editing an input with a long SQL break the input?
Has anyone else ran into this? Data inputs ยป Splunk DB Connect Input Service breaks/crops long searches on edit If you edit an input with a long SQL, it cuts characters off of the end and breaks the...
View ArticleSplunk DB Connect 2.3: Why is query wrapping causing queries that use rising...
I had some searches that worked on Splunk DB Connect v1 but I upgraded v1 to v2.3. After that some queries using rising columns stopped working because of the query wrapping, so I disabled query...
View ArticleHow to send month old logs to Splunk via oneshot and maintain their correct...
Hello all, I've been indexing Infoblox DHCP and DNS queries for a couple of months now. Because of the amount of logs we're getting, we syslog all of our data to a log collector, and forward it on to...
View ArticleHow to configure props.conf and transforms.conf to ignore the first two lines...
We have following log file which we need to import in Splunk:...
View ArticleCan I use a Splunk forwarder to forward logs from one universal forwarder to...
Hi, I have a use case to forward Application logs from one universal forwarder server to particular folder of another universal forwarder server. How can I do that? How & where should I specify the...
View ArticleSplunk App for AWS: How to use AWS config start_time as the timestamp on an...
I am trying to alert on missing AWS snapshots in a time window of the past 4 hours. The collector pulls in around 50 events every hour, including the same past events, from days ago, rather than what...
View ArticleHow to edit my search to find peak Transactions Per Second (TPS) per 30...
Hi I would like to calculate peak TPS per 30 minute by host. I have this search. some search| timechart span=1s count as TPS | timechart span=30m max(TPS) as PEAK I have this, but if I add `by host`,...
View ArticlePalo Alto Networks App for Splunk: Why is Traps data not properly populating...
Hello Splunkers! Need help with the Palo Alto TRAPS data not properly populating in the Palo Alto Networks App for Splunk "Endpoint" tab. All other tabs work perfectly. 1. Running Splunk Enterprise...
View Article