Exporting a dashboard to PDF, why do my panels show "Error in 'SearchParser':...
Hi! The Dashboard is entirely done and I can see my results. I want to Export to PDF, and in the PDF, instead of my first 2 panels, I have the same error for both of the panels : Error in...
View ArticleIs it possible to populate a drop-down with indexes that belong to a certain...
I configured our Splunk environment to allow for indexes to be set up via the Rest API. As part of this, you can specify which "app" an index should "belong" to. As an example of what I would like to...
View ArticleHas anyone used Splunk Enterprise Security over Hunk?
I was wondering if running Splunk Enterprise Security over Hunk in a Hunk only or Hybrid architecture is supported/recommended. Has anyone tried doing this? One of my clients is decided on using ES,...
View ArticleHow to edit my search to group keys as column headers with aggregated values...
I have a search: sourcetype="my_data"| stats count by queue which aggregates data in a table by the field **queue**. It generates a table like this: queue | count queue_one | 1234 queue_two | 7823...
View ArticleWhy does the Splunk forwarder stop after a network gap, and how can we...
There was a network gap while splunk was forwarding the data: HTTPClient - Invalid URI deployment.server.com:8089 because Temporary failure in name resolution the question is, why does Splunk stop and...
View ArticleWhy is the join command joining more than it should in my search results?
Hi. I have this data: Row cTime pTime uName connectionId 1 23:10:54 22:34:08 user1 user1Connection1 2 22:34:58 21:02:53 user2 user2Connection2 3 21:02:53 20:34:34 user1 user1Connection1 4 20:34:34...
View ArticleAfter updating an app, why am I getting search error "The limit has been...
After I updated an app, why am I getting these search errors? The limit has been reached for log messages in info.csv. 34 messages have not been written to info.csv. Please refer search.log for these...
View ArticleLunPerfHandler - objname is truncated to 64 chars
When I'm trying to show the **Proactive Monitoring** > **LUN Detail** dashboard, nothing appear. After a first dig into the sourcetypes/sources, it appear there are no field named display_name in...
View ArticleProgramatically create a new Website Input
Hello would it be possible to create dinamically (with an script) a new website input, through the splunk Rest API. If so, what would be the endpoint needed to be called? Thanks
View ArticleWARN TcpOutputFd - Connect to host:port failed. Connection refused
I am forwarding data from heavy-forwarder (HF-1) to heavy-forwarder(HF-2) which are in different network IP range. Eg: 10.172.0.1 to 10.234.0.1 I have enabled the forwarding from HF-1 to HF-2 via...
View ArticleHow to reset error count after multiple network issues (multisite indexer...
Hello, I've got a clustered indexers (2 sites) running 6.3 since today, the following kind of message appears in the console : Search peer <search peer> has the following message: Too many...
View Articletimestamp=none
I acquired some logs from a scrip (close to ps.sh) with a timestamp correctly recognized at index time. The problem is that the "timestamp" field is always equal to "none" so I cannot have the other...
View ArticleCan multiple instances be installed under the same path?
Hi, Is it possible to have multiple instances under the same path. Splunk 6.3.1. One machine (linux) For example: /opt/splunk - indexer /opt/splunk/splunksh - search head /opt/splunk/splunkforwarder -...
View ArticleWhy would tstats results over the past hour be greater than over the past 24h?
I’m running the below search against the ‘Web’ data model in ES. Everything works fine with the exception that the ‘historical_count’ is off. For some reason we’re getting lower historical values for...
View Articlealert when an increase of indexed data more than 10%
Hi I know that you have been answered before something similarly, but..I need for my managemant set alert on splunk when indexed volume data are 10% higher than daily average. We have a problems to...
View ArticleSplunk Field Extraction app
The source for an app is not displaying in the Splunk, when using The extraction tool -UFX
View ArticleEnrich event with number of business days till end of the month
I would like to include an evaluated field to the events returned in the search containing the number of business days between the timestamp of the event and the end of the event month. I have a...
View ArticleQuery against a lookup table
If I have a lookup table of 5groups, is it possible to have SPLUNK query activity against the groups in the lookup table Lookup table Group1 Group2 Group3 Group4 Group5 Groups1/3/5 has activity, Group...
View ArticleNessus Add-On 4.0.0 not working - no data
Hello, I have Splunk Enterprise 6.2.5 running in a distributed environment and I can't seem to get the Nessus Add-on 4.0.0 to work. I have it installed on one of my search heads and configured as...
View ArticleIncreased CPU usage in indexers after installing Splunk for Unix/Linux add-on...
Hi. The Splunk for Unix/Linux add-on app includes a transforms.conf with a lot of regexps. After I installed this in my indexers, CPU usage for regexpreplacement has doubled. Are all these...
View Article