Splunk Reading a File we didn't tell it to per LSOF
All, I am trying to understand why Splunk it opening a file here. When I run LSOF I see Splunk looking at a rolled over file "/opt/jboss-6.1.0.Final/server/default/log/jboss.log.2016-09-29" splunkd...
View ArticleIs there a way to extract/show the first and last events in a transaction?
I have a transaction query that returns groups of logs that are typically 5-10 events clumped together. The query uses startswith/endswith. I really only care about the first and last event. Is there...
View ArticleForwarder for Linux ARM (Raspberry Pi): Why am I receiving "No scripts found...
Hi. I'm relatively new to Splunk & I am running a Mac, Raspberry is running Raspbian. I've installed the Forwarder for Linux ARM (Raspberry Pi) add-on https://splunkbase.splunk.com/app/1611/ to...
View ArticleCan I with one search, graph two different time chart spans?
I have a simple search **only to count the events per timelapse**. I am trying to graph that in only one graph with two time spans: day and hour I am using for separated *"...| timechart count span=1d"...
View ArticleHow to pull data into Splunk from Simple Event Correlator (SEC)?
All, We need to pull data from a platform called "SEC", Simple Event Correlator into Splunk. Any one familiar with this? Have any apps or experience in this matter they can share? thanks -Daniel
View ArticleUsing custom dropdown to define Time range
I have a custom dropdown which defines report dates. For example, there is 9/1/2016 which is a September report spanning from 9/1-9/30. If I wanted to search the internal index during this report range...
View ArticleWhy is my log file sometimes ignored?
Self-answered question follows. Perhaps it will help someone else in the same boat. I have a file called portal-server.log on a log server (NFS mount from many machines) that periodically doesn't log...
View ArticleTried Home Monitor fix and still having problem with install
Running WIndows 10 and just installed Splunk, configured it, and started to get traffic off of home router. Tried to install HomeMonitor, and got stuck with - App Configuration The "home | monitor >...
View ArticleNeed help with Dedup while extracting fields
Base String is ----------------- OfferRedeemedRequest [partnerID=1234, partnerName=MCenter, messagePriority=9, userID=2a28bc-119d7597, channel=rest, offerIds=1bf6-16a0fdd59fc4,...
View ArticleHow to Edit saved search using Splunk REST ?
I want to edit the search of a Saved Search Report using REST in Python without any other change. But when i am using the below code,it is creating a new saved search with private permission. Please...
View Articleunable to read field names with space using mulikv
From log file , i have mixed data some wher i have student data as below bla bla... bla blaa.. list of the student as below student Name Student Course Student ID mike computers 1 jhon electrical 2...
View ArticleShared Time picker is missing from Input (even in 6.5)
I do use a lot of **Input** to narrow down my graphs in my dashboard. Since I do not like the drop down list in the **input** to be flooded, I like to use the same global time picker in **Input** as...
View ArticleTimechart: How to sum up all earlier values?
Hi, I want to create a timechart that shows the sum of all ealier values from another timechart. As an example, I have a timechart as a base, like index=foo | timechart sum(field1). At t1 it has value...
View ArticleEnterprise Security APP Indexers mapping
Dears, i would like to know how can i choose which index i forward data to it from my devices for example if i would like to ingrate Active Directory Cisco Juniper Logs which index i should choose from...
View ArticleSpunk deployment - as a data collector/forwarder?
I have a somewhat odd deployment idea that I am trying to leverage Splunk for in place of another off the shelf tool. We are in the process of replacing an event management tool that ingests events...
View ArticleHelp! Installed Splunk, but couldn't get it opened/launched properly in my...
I have a Windows 10, 64 bit computer, and I have installed/re-installed Splunk for at least five times but it still didn't work. I have tried the following things: - Double clicked right on the C: >...
View ArticleWhat are the Database Monitoring features available in Splunk
Hello Good Day ! We have recently installed splunk and we are monitoring the DB related health after installing Forwarder in DB Servers Can you please let me know if there are additional features that...
View ArticlePdf Reports Won't Open on iPhone
We upgraded to splunk 6.5.0 after the .conf last week. Some of my users can no longer open previously working reports on their phones. The reports generate as pdfs and can be viewed through web...
View ArticleRegarding different splunk instances have different owner and access groups
Hi I have deployment server and all Splunk instances running under owner A and access group B in linux envirement. But one of the Splunk universal forwarder which have same access group B do not have...
View ArticleCreate search time custom fields
It seems that it is best to create fields at search time as opposed to index time.!?!? I need to make a field named src be copied/renamed to source_ip. We need to do this to simplify our searches and I...
View Article