Splunk DB Connect: How to resolve error "Failed to initialize pool: null"...
I get the following exception trying to connect an Informix database through Splunk DB Connect: com.zaxxer.hikari.pool.HikariPool$PoolInitializationException: Failed to initialize pool: null
View ArticleMissing Source IP address when logs are forwarded to third-party from our...
Hi, We are forwarding some of our logs from Splunk to a third party IBM Qradar environment. The third party is not able to see the actual source IP address of the logs - they only see our heavy...
View ArticleWhy does field extraction work in dev environment but not in prod environment?
I ingested a CSV into our dev environment, had it create the props stanza with the field extractions I wanted, and copied this over into our prod props.conf. This works as expected in dev; I can...
View ArticleIf there are multiple outputs.conf files (apps vs system), how do they merge,...
I've inherited an older Splunk instance (6.2.2) that appears to have multiple **/local/outputs.conf** files. While I'm familiar with the precedence inside of the *outputs.conf* file that I'm used to...
View ArticleHow to optimize my current search for better performance?
index=*_alltime (sourcetype=*_data earliest=-1d@d latest=@d) |table estl_code_enr_stat estl_code_mrkt_offr_typ estl_date_enr_stat_eff estl_nbr_cardh_acct estl_curr_enr_stat_indic estl_rfrn_mrkt_offr_id...
View ArticleMonitoring of Java Virtual Machines with JMX: Why am I receiving "Connection...
I am running into an issue when trying to connect to Alfresco/Solr using the Monitoring of Java Virtual Machines with JMX app and the Splunk app for Alfresco. I believe I have the settings correct...
View ArticleHow to add multiple duration from multiple independent transactions
So I am running multiple single valued transactions and putting the values in eval keywords, but I want to add all these new values to get the total value (duration1+duration2+....) and show it in...
View ArticleProps and Transforms - include base folder, but not some sub folders
Hi all, Im trying to do file nullQueue filtering on my HWF. I want to keep the log entries for /sausages but drop the ones for /sausages/data So far I have this: (test setup on desktop) **PROPS.CONF**...
View Articlededup gives different result if a 'table' command is used before it. A bug??
In an running a command which uses the `dedup` command: index=myindex earliest=-5d@d latest=@d | bin _time span=1d | dedup id, _time | stats count The above query returns 794. However, if I add a...
View ArticleHow to make a bar graph for two separate search criteria.
Hello I would like to make a bar graph that show side by side in one column the results for the total number of clicks blocked based on a certain range of ip addresses and another column that shows the...
View ArticleSplunk 6.5. Issue with Sort and Fields like commands
Hello Team, We have dashboards with queries containing commands like sort - and fields - , what we found after upgrading 6.5. what we found is the dashboard is automatically updating queries and...
View ArticleSort for chart not working
Hi, I'm doing a search on the _internal index for license usage by host. I'd like the histogram to have the biggest values of X by Y on the left and I've been searching here for half an hour and it...
View ArticleForm input - Difference between default and initial value
Hello, Could you somebody please help me to understand the difference and pros/cons between default value and initial value in dashboard form inputs ? Regards.
View ArticleSplunk 6.5 is not run django app?
I'm installed splunk enterprise 6.5.0. and Test previous django tutorial app. but app is not run. (6.4.x is ok) Can not I use Django?
View ArticleList of Macros
Hi, I wonder whether someone may be able to help me please. Could someone tell me please, is it possible to create a query which produces a list of all the 'search macros'. I've tried to find the...
View ArticleWhat is a best practice for disaster recovery in case of a single Splunk...
Hi, I am looking for a documentation which describes the necessary steps in case of a disaster recovery (the host where Splunk Enterprise is installed crashes at some point) when I have only one Splunk...
View ArticleChange the day from where the week starts in bucket.
I am running this query in splunk which aggregates and bucketizes the data on a weekly basis , based on the field "impact_start" and gives me the output. But the problem is that the start of the week...
View Articleconvert timeformat not responding in drilldown link search in simple xml
convert timeformat not responding with drilldown link tag, as a result drilldown search keep on showing loading. Sample simple xml belowJob Statisticsindex=$index$ host=$host$ eventtype=et_job_timing |...
View ArticleAre there any add-ons out there for parsing Cisco ACE or GSS load balancer logs?
I'm not finding anything on Splunkbase. Do such things exist already?
View ArticleHow to get my transaction search to return "0" instead of "no results found"...
I am trying to use the transaction command to get duration between two events In case there are no such events, I would like the search to return 0 instead of "no results found". This following command...
View Article