Why is line breaking not consistent on Tomcat logs
I've written for below props.conf and placed in etc\apps\\local. I'm getting sporadic results and lines are being chunked together. Any help would be greatly appreciated. [tomcat:jackrabbit:log]...
View Articlesplit events to different indexes and sanitize for PII data
I have a use case where I need to store pii data in one index and sanitized data in another index. I can use the clone_sourcetype, which works, but the problem is I also want to take the generic data...
View Article2.01 signins worked for 12 hours and then stop with 403 forbiden errors.
Hello, the version 2.01 is the only one I installed. I configured signins and audit and the data started flowing. 12 hours after, signin source started returning 403 forbiden while audit source...
View ArticleHow to find spike in total count of a field?
I'd like to be able to search for the following: 1) timechart over X days for the sum of the count of a field 2) spikes or % increase for the sum of the count of a field compared to previous hour, day,...
View ArticleUpdate search command string of search Manager by js
i have an button that change the search command string, i want to update that string to "search" of searchManager and trigger the it to update data in the view is that possible ? can some one please...
View ArticleSteps to Clean Up a search head in a search head cluster
Hi Guys, It would be helpful if anyone shares knowledge/provide steps about cleaning up a Search head in a Search head cluster environment. Want to know what is cleaned up and what's the process and...
View Articlesend job to background - resume after splunkd windows service restart?
Hi, I have sent a query manually to the background as a job. It will run quite long since the disks are not the fastest ones and the timeframe is 6 months. Will Splunk resume the query once the splunkd...
View ArticleXML file not parsing in the splunk
Hi, The Sales order XML file not parsed in SPLUNK web interface and i'm trying to fetch the sales order count based on the special key word available in the XML file and same(It will generate many...
View Articlehow to add a header of rowsnumber column of table in dashboard
I have setting a column of row number in the table view of dashboard like this figure, but i want to have a header. how to change the blank header like the simple_xml_examples with javascript change...
View ArticleBuild a distributed search environment with trial version?
Hello, i wanted to build a distributed search environment with splunk with the **trial license**. But for example, every time i wanted to configure one of my two instances as search-peer, and after I...
View ArticleSplunk 8.x osquery
Curious if the current app or any future versions will be compatible with Splunk 8.x
View ArticleSplunk Smartstore - Can we implement this solution for a framework that...
Hello Everyone, Wanted to see if you guys have any inputs or suggestions on this. Recently I and my team attended the Splunk confernce (.conf19) and we went through some sessions of Splunk SmartStore....
View ArticleEmbed Saved Search with API (preferably Python SDK)
I'm programmatically generating saved searches with the Python SDK, which is great. I then want to embed those saved searches on an external website (confluence). Embed-able dashboards would obviate...
View ArticleHow to add different marker types for different lines in 1 chart?
Hi, I have 3 lines in 1 chart (average, threshold, total_alarm) I would like to use a different marker types for the 3 different line above. I have used 5 but the same marker applied to all 3 lines.
View ArticleWebsite Monitoring Not Reporting Data
Hey Splunker, We have configured 100's of URL to monitor their response code, surprisingly this stopped working, there is not data coming from any of the web_ping://"*" source. When checked in...
View ArticleLogged in User's Timezone on Menu Bar?
Is it possible to put the logged in user's timezone (from their preferences) onto the menu bar (top right), next to their account name? Some user's working in Splunk forget what timezone they have...
View ArticleHow can I connect my ionic app to splunk entrerise server?
So I am trying to connect my Ionic app to splunk entreprise server but I don't know how I can do this, I install a Javascript SDK for splunk on my Ionic project then I add a script to connect but he...
View ArticleHow to raise the alert for sourcetype=netstat
Hi Splunker, How can i Write the splunk query to show the state of a port for local address? The result of netstat is for the whole ports on the particular server, and the results be like: Proto Recv-Q...
View ArticleIndex is showing 0 data.
I had created one VM (EC2 in aws, centos) and attached splunk ebs volume to it, mounted on /opt. On this Server, Splunk is running well but indexes are showing 0 data in splunk web. Though I can see...
View ArticleSet a default index for all INPUTS within a specific app only
I have an app with a long list of inputs. I want to set them to go to a specific index (let's say `index = my_index`). I can achieve this by placing `index = my_index` under the `[default]` stanza in...
View Article