Quantcast
Channel: Questions in topic: "splunk-enterprise"
Browsing all 47296 articles
Browse latest View live

change colon to dash in Search

First, let me start by saying I am not a programmer, a Splunk expert, highly experienced with Regex or SED. I say this so you understand if you offer an answer please do not leave any steps out...

View Article


Field extraction stanza help in props.conf?

I have the username filed extraction as follows in the props.conf which extracts the username:- [sourcetype_X] EXTRACT-XYZ = username="(?[^+\"]*)" which extracts the field as follows...

View Article


How to save the CSV file to external location

I would like to save the CSV file to an external location. I am using the |outputcsv command which is saving the file to a Linux but I need the file to be picked up from there and move to external...

View Article

blocked=true messages

I noticed on my splunk instance that I am getting messages like these: 02-07-2020 15:20:36.038 -0500 INFO Metrics - group=queue, name=typingqueue, blocked=true, max_size_kb=500, current_size_kb=499,...

View Article

ERROR DeployedApplication - Failed to install...

I am receiving the above error when trying to deploy update and new apps from the Cluster Master to the Indexer Cluster. The aspps do exist in /web/splunk/etc/managed-apps directory structure on the...

View Article


how to setup a triggered alert on a index based on usage?

Hello, I would like to setup ongoing alert to be triggered anytime an index ingests 20gb of logs. This is to prevent a license violation due to developers turning on debug mode and leave it one...

View Article

Future Request: Epoch Time Correction

| makeresults | eval time=-62167252739 | eval _time=time | eval time_text=strftime(_time,"%c %::z") `-62167252739` is "0000/01/01 00:00:00 +0000" but, my result is _time time time_text 0000/01/01...

View Article

How to get the correct URL to the Splunk collector

1.While creating a splunk it is showing "Please enter a valid URL beginning with https:// " even though my URL format starts with https://

View Article


Can Splunk find love?

Since Valentine's Day is near, Splunk can search for everything. And it might find love, I thought. How?

View Article


Use of Timewrap command to control the time range

Hi, I am trying to plat a graph of response time over a period of time. I am using timewrap command to plot it for yesterday, day before yesterday and last week. The problem is I only want it for a...

View Article

Line Break Assistance required

Hello Splunkers, required yous assistance with a line break for below-mentioned logs at `],[` {"time":1581014469,"states":[["4b1803","SWR55X...

View Article

How often should I upgrade Splunk Enterprise?

The [software support policy for Splunk Enterprise](https://www.splunk.com/en_us/legal/splunk-software-support-policy.html) is now two years. My company has a policy to wait a few releases before...

View Article

How to manage reports and alerts for 150+ indexes?

We have a ton of indexes and need to better understand which ones have stopped receiving events so that we can report and alert on them. We have a Splunk Enterprise v7.3.3 distributed environment with...

View Article


Allowed characters for metadata fields source and sourcetype

My question is simple: which characters are allowed for the values of the metadata fields `source` and `sourcetype`? I could not find any documentation on this.

View Article

Arithmetic on multi field values

I am new to Splunk, and I need to perform arithmetic on some multi-field values. What is the best way to do this? Here is an example of an event (where the "stuff" field is an array containing any...

View Article


Make extractions in props.conf from search query

| makeresults | eval _raw="Nov 14 03:23:42 hostname rsyslogd-pstats:{ \"name\": \"global\", \"origin\": \"dynstats\", \"values\": { } } Nov 14 03:23:42 hostname rsyslogd-pstats:{ \"name\":...

View Article

Can't see newly created indexes on search head in distributed search

I have a single indexer and single search head with the indexer attached as a search peer and I created one index called "winevent" on the indexer. I don't understand why the search head cannot see...

View Article


Unable to login to freshly installed Splunk Enterprise (just reloads login page)

On a fresh Splunk Enterprise install, I cannot log in to the web GUI. When I get the password wrong, I am told it is wrong. When I get the password right, it just reloads the login page. Here are the...

View Article

Subtract One Field from Another

Hi guys, I'm having trouble making a simple subtraction (well, I thought it would be simple!). Field1 is a number in string format, Field2 is a count of events. What am I doing wrong? index=index_name...

View Article

Search heads cannot connect to web login after 8.0 upgrade

Hello. After upgrading from 7.3 to 8.01 my search heads no longer work. It will not load up the search head web page. Any ideas? If I load from a backup back to 7.3 all of my real time indexed data is...

View Article
Browsing all 47296 articles
Browse latest View live


Latest Images

<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>