Executing a savedsearch from the CLI retrieves error "Could not find variable...
When trying to execute a savedsearch from the CLI, I receive the following error in splunkd.log: ERROR SearchOperator:savedsplunk - Error in 'savedsearch' command: Encountered the following error while...
View ArticleDB Connect Oracle Last X hours and Incremental ID
Hi, Id like to query an ORACLE for data until the last 3 hours (business need / processing time) and also check from the last incremental ID. All our Splunks and DB Connect are on the last version....
View ArticleWhy is my regular expression in inputs.conf not working to monitor rotating...
HI , I have below log files in the /repo/logs directory. http_access_management_console_2016-04-25.log http_access_management_console_2016-04-26.log http_access_management_console_2016-04-27.log...
View ArticleHow to write a search to extract field values and display the results in a...
Hi , I have a search which results in some events, the events will have a field "Value" which will have value 0 or 1. I want make it into a pie chart showing the percentage of 1 and 0 in the pie chart...
View ArticleHow can I convert an ISO Duration into a seconds as a float?
How can I convert a ISO Duration into a seconds as a float? https://en.wikipedia.org/wiki/ISO_8601#Durations
View ArticleI am encountering errors when restoring from thaweddb, what is the best...
I've just moved a backup from May 2016 to my thaweddb volume on one of my stand-alone Splunk indexers. We have never restored anything from this tier before at my company so there is no process to...
View ArticleWindows custom events logs not showing up in Splunk
Hi , Below is custom event logs which I am configuring on windows forwarder but they are not showing up in Splunk. We can see events coming from default events like system,security etc. Below is syntax...
View ArticleHow to store or index data from multiple clients that have multiple servers?
Hello. First time I'm posting a question, and a relative new to Splunk so I apologize up front if this has already been asked and answered, or if this is a silly question. We are planning to use Splunk...
View ArticleIndex viewable in Events but not in Statistics
I can see events from two indexes in the Events section, but my Statistics shows only events from one of the indexes. Are there common issues that can cause this?
View ArticleHow to develop a timechart by host with eval command?
Hi, I have the below search to find the SLA of my application **by host** in the specific time span. But I don't know why it won't show up SLA some search | timechart span=30m count as VOLUME...
View ArticleWhat is the best way to adjust the time value for incoming syslog events from...
I have a one host that has a time offset of +5 hours and would rewrite the timestamp to represent the local time zone before the event is indexed. What's the best way to do this?
View ArticleCan the bucket reader read data that was exported using new 6.5 Hadoop Data...
Looking at new 6.5 Hadoop data roll feature - will the bucket reader be able to read this data?
View ArticleWhy was the Splunk systemd service not created?
Using Centos 7.2. I just installed this on another host with same OS and it created a service in /etc/init.d This host is not created the service to start.
View ArticleHow to fix SSL missing settings
We have 6.4.3 in production, and I'm just starting to test 6.5.0. When configuring SSL, I've found a few of the deprecated settings, and have fixed them. It works when I use the default Splunk...
View ArticleDrill down search is not working in Splunk Enterprise Security Incident...
I've made a correlation search that appears to be working fine. But in order to create the contributing event in the notable event, when I use a drilldown search - | datamodel Authentication...
View ArticleHow to modify my search to find IP addresses that hit exactly one URL?
I'm trying to find IP addresses that hit a specific url and no other. I tried to use `set diff` but it's not returning results I expect. If this search gives the IP addresses of everyone who hit url_a,...
View ArticleSplunk DB Connect: How to configure data input so that Splunk searches all...
Hi, I am fairly new to Splunk. I am trying to configure a data input. My SQL is like select * from customer and customer table is huge with 3575635668 records. I was able to configure the data input,...
View ArticleDoes "Splunk Analytics for Hadoop" support Accumulo?
Just wondering if this app supports Accumulo on Hadoop? Fore more information, please see: https://accumulo.apache.org/ "Apache Accumulo is based on the design of Google's BigTable and is powered by...
View ArticleHow to embed splunk dashboard in external web page?
Hi, I have created a dashboard in splunk and would like to display the dashboard in external web page. Is that possible to embed dashboard in external web pages?
View ArticleHow to find routers that are not reporting a specific event?
I have the search below that shows the routers and how many times each has logged an RPD_MPLS_LSP_DOWN event. index=XYZ sourcetype=JUNIPER RPD_MPLS_LSP_DOWN | stats count by ROUTER My question is how...
View Article