Would additional pipelines or better SAN help resolve high IO bandwidth on my...
Hi, I noticed that my io bandwidth is approaching 100% on my servers (though, my overall resources (cpu, mem) are fine. Would adding additional pipelines help here (my guess is no), or do I need better...
View ArticleIs there a way to limit how long real-time searches run?
Hi, Is there a way to limit how long a real-time search can run? I have customers firing them up (legitimately) and then walking away.
View ArticleWhy is Splunk 6.2.2 unable to search logs from my Linux server with the...
Hello, I am having an issue with logs coming into my instance of Splunk Enterprise (version 6.2.2) through a Linux server with the universal forwarder installed. I have the server properly whitelisted...
View ArticleHow do I formulate the rex command to remove unnecessary spaces in the middle...
I have field values that are coming in with unnecessary spaces. I'm trying to remove them and from another post, I found to use `... | rex mode=sed field=A "s/ //g"` However, I don't want to remove...
View ArticleHow to edit my single value visualization search to fill a default rangemap...
I have this single value visualization search: index="nitro_summary" earliest=-1h@m latest=@m [| `nitro_relationships` | search Category="ECOMM" Service="*" Application="Webstore" | stats count by...
View ArticleHow to add a clientip field to data sources for the iplocation command?
I have a general question and I am more of a power user than admin level here (but I'm in the process of becoming one). I went to use the `iplocation` command today from a data source (which we do not...
View ArticleSplunk Add-on for Microsoft Azure: AzureDiagnostics.py "ERROR...
We've configured Splunk to receive data from Azure using the Splunk Add-on for Microsoft Azure. I updated the diagnostics input with Account name, key, polling time and I did not give any time. I am...
View ArticleShould we use a single search head with a high number of cores or a search...
Hello, We're looking at expanding our Splunk capabilities, and I'd like some additional input on the question of doing a high core single search head vs a search head cluster. Our environment...
View ArticleWhy is available_sites in a multisite indexer clustering environment...
It will probably make the splunk edit cluster-config -mode master -multisite true -available_sites xxx very ugly. But this is asked due to curiosity. I wonder if anyone has the answer? Thank you.
View ArticleHow can I edit my search so if my subsearch returns no results, my main...
index="test" [search index="test_summary" key_field="y" | head 1 | eval search = "_time>" . _time | fields search] | table a,b,c I have to return everything under "test" where _time>_time of...
View ArticleHow do I modify my search so that results appear on a map?
Good day I am a new user on Splunk Enterprise and am trying to generate a map from search data. The guy that developed the original search that I am using is no longer working here and unavailable to...
View ArticleSplunk App Packaging: How to package Splunk app with eventgen/ and other...
I've built an app that must use the Splunk eventgen from github as well as the custom eventgen directory I created to house my event.conf and sample file that the eventgen uses. I've tried to tar my...
View ArticleCisco eStreamer for Splunk: Why am I receiving a "KeyError: 'elements'" error...
After installing the Cisco eStreamer for Splunk App, whenever I try to access the settings page for the App, I get an error 500 on the browser, and the logs show the following: 2016-09-20 13:25:47,212...
View ArticleHow can I quantify the intermittent failure of a regular event?
My logs contain records of scheduled events. Sometimes the events fail, usually in 1 of 2 modes: systematic - once they fail they always fail (until corrected) or intermittent (they fail, the succeed,...
View ArticleHow to download Splunk Enterprise Security app?
Hi Experts, My account manager has provided me Splunk Enterprise Sales Trial for Enterprise security app. Now I just want to test this app on free enterprise version . When I try to download this app...
View ArticleNeed help normalizing a field's contents for display
I'm extracting a piece of a filename to create a field using makemv and a rex command. The extracted field should be formatted like 89-02687, but sometimes occurs as 8902687. I want all of my output to...
View ArticleHow to save a certain index to different location on an indexer (not the...
I have few noisy indexes that I would like to save to another drive on the Splunk Indexer server. What would be the best way to do it? Splunk documentation only has instructions on how to move the...
View ArticleUnable to return any results when searching as an admin. What does this...
Hi All, When I am running a search which fetches ([|`last_np_global_source("*companies*")`] AND [| inputlookup customer.csv | search customerName="cox" | fields cpyKey cpyName]) where...
View Articlejqlsearch [Errno 104] Connection reset by peer
Hey Folks, I'm using the Jira Add-On, but running into some strange issues. Some of the requests work, ie "|jirarest rapidboard list" returns normally, but any attempt to do a "|jirarest jqlsearch "...
View ArticleDBConnect V2 2.3.0 -- DB Outputs step 2 of 5 the default search Time Range is...
In DBConnect V2 2.3.0 - DB Outputs step 2 of 5 the Splunk Default search Time Range is set to ALL TIME, how do we change this? Currently in the other apps on same server the search defaults to TODAY....
View Article