Best Practice To Manage System-Wide Concurrent Searches
Hi Folks; Trying to develop some best practices with our new Splunk cluster, and would like some feedback from current admins. What would be the best way to manage system-wide concurrent searches?...
View Articlesplunk launcher Icons
Can I reduce the size of these icons link? It use to much space! ![alt text][1] [1]: /storage/temp/162238-splunk-launcher.jpeg
View ArticleAm I doing this search correctly? where like()
Hi: Take a look at this ESXi log 2015-11-09T21:53:54.589Z cpu28:37021)MCE: 231: cpu28: bank7: MCA recoverable error (CE): "Memory Controller Read Error on Channel 0." Using regex, I've extracted...
View ArticleSince upgrading to 6.5 many dashboard panels NOT working - TAB character...
Lots of my dashboard panels in simple XML are no longer working since upgrading to 6.5. Getting "No results found." But when I open up in search the SPL work fine with lots of results. Issue appears to...
View Articlelearn splunk rest interface
I have tried multiple time to get my hands around this API. I have read through the tutorials multiple times and yes what the examples say works. However I'm trying to learn how to ask "I need this...
View ArticleHow to setup a scheduled search that looks for the usage of the delete...
I want to setup a scheduled search that will query for the usage of the delete command in my environment. This action is secured by the `can_delete` user role currently.
View ArticleHow to create a table using dedup to show one entry for each application name...
I have events that include an **application name** field and a **uservalue** field. When i table the data by **application** and **uservalue**, i see each event individually thus meaning i get multiple...
View Articlewhere can i see in the splunk internal logs when a forwarder successfully...
Is there any specific search that i can pull out the connection established time and date?
View ArticleHow to modify my geostats search to map each destination port field and how...
I have multiple columns: source address: saddr dest address: daddr times seen: times_seen destination port: dport latitude: slat longitude: slong My report data is presented as: saddr daddr dport...
View ArticleWhy have glass table contents disappeared after upgrading Splunk IT Service...
Hi, just upgraded to ITSI 2.4.0 (from 2.2.0) and the content of all the saved glass tables have disappeared. The glass tables are there, but none of the saved elements (background image, KPIs, etc) are...
View ArticleFrom the CLI, can I issue a blackout on a specific monitoring target and then...
i am unfamiliar with Splunk terminology. i want to issue a blackout/stop monitoring an Oracle instance alert_log while is is being duplicated from a backup, using some kind of command line interface.
View ArticleWhat is the best practice to replicate and maintain data at another data...
We are designing Splunk architecture for our organization. we would like to maintain copy of data at other data centre for disaster recovery. What could be the procedure to maintain Splunk deployment...
View ArticleIs there a way to change the Source so that it matches the Input name instead...
I am collecting data from an Azure Storage Account, and I have several inputs that use tables with the same name (e.g. AppMessageLogs). Splunk uses the table name to populate the source, so the problem...
View ArticleSplunk App for NetApp Data ONTAP: Is there documentation available that...
I'm looking for the reference documentation for Splunk App for NetApp Data ONTAP that would explain what quantities are gathered and what they mean. Is there a document that describe these (and units)?...
View ArticleSplunk App for Jenkins: Is it possible to configure the Jenkins master to...
I have the new Splunk Jenkins app and plugin installed and working on multiple Cloudbees Jenkins masters and it seems to be working as designed. Here my question: is it possible to configure the master...
View ArticleHow do modify my search to get an average count of distinct users per day?
I have a search where I have total number of users and total number of events per day, but I also need to add a column showing average users per day. Search: mysearch | eval full_date = date_wday."...
View ArticleWhy are Javascript files not loading after update to Splunk 6.5?
I have recently updated to Splunk version 6.5. When loading my application views, including those with custom .js files, Javascript is not working and element inspection shows me `class="no-js"` This...
View ArticleHow to modify my stats search to join multiple fields from three sources?
I have data coming in from three sources, with three different sets of fields: Source 1: Filename Source 2: Filename, Unique_Identifier Source 3: Unique_Identifier These sources all work with the same...
View ArticleHow to configure XML tags as search parameters when a single log file...
Hi, We just started working on Splunk. We have a single log file with multiple XMLs with line breaker `#######################` as below (Build with same schema). We need some help on configuring XML...
View ArticleData not coming in JSON format from Splunk Javascript sdk
I am querying Splunk using javascript SDK. In the searchParams, i have given the output mode as "json_rows". var searchParams = { exec_mode: "normal", output_mode: "json_rows" }; Any idea what is going...
View Article