What is the best action plan during hardware/firmware maintenance of a Splunk...
We have 8 Splunk indexers in our environment (2 sites). One indexer server needs to be serviced: update the BIOS, RAID controller firmware and iLO firmware. What's the best business practice in these...
View ArticleCan we collect Windows event logs with the Splunk Add-on for Microsoft...
Hi everybody, Is it possible to use the Splunk Add-On for Microsoft Windows when the indexers and search heads are all running on Linux? We have a group of people who want to collect Windows logs and...
View ArticleCreate a new field based on source and apply to all the events from that...
I have Splunk looking at specific directories for our Geb Unit test reports where reports for each browsers (Chrome, IE, etc) are in their own folders. Test reports are in XML files and each events are...
View ArticleIs there a way to craft a wget URL to download any given app?
I'm looking for wget URL for apps. Is there a way to craft a URL to wget/download any given app?
View ArticleHow to work around "Error resolving: Temporary failure in name resolution"...
Hello Just installed 6.5 on a Linux platform (centos). When I "Browse More Apps" I am greeted with the error: > Error resolving: Temporary failure in name resolution This may have something to do...
View ArticleDoes Splunk offer any such solution to make a call to SOAP-REST-HTTP URL and...
Does Splunk offer any such solution to make a call to SOAP-REST-HTTP URL and to test their availability?
View ArticleWhat permissions can I give a role that will allow users to share searches...
I have a role that has access to apps and indexes and I want the searches created by these users to be able to be changed for sharing within the app and with other users in the app. What permission can...
View ArticleHow can I send logs from one universal forwarder to two different indexers...
I am planning to send the logs to multiple Splunk indexers (location) based on the logs type from one universal forwarder example server-1 myapp1.log -> indexer-South myapp2.log -> indexer-south...
View ArticleHow to change the order of stacked area chart where the small area is on top?
I am very new to Splunk I need to create a stacked bar/area chart where I have two separate searches. I'd like to show the small areas on top of the bigger area. Tried to use `sort` function but it did...
View ArticleWhy is the regular expression for my whitelist in serverclass.conf not...
I'm working to simplify a serverclass.conf and am struggling to get regex working. For example: [serverClass:ConfigUnixBase_OnPrem_Denver_Lab] whitelist.0 = (?i)dhe[li]* # denver non-prod blacklist.0 =...
View ArticleF5 Networks - Analytics (New): Why am I receiving a "duplicate values causing...
I'm getting errors on the home page of the app under the Tenants: "duplicate values causing conflict" We have 2 F5s pointing to Splunk and they're both synced, we are on version 0.9.9 from the...
View ArticleWhy is my CSV output generating field names in quotes?
All, I am attempting to generate my asset list from our asset_discover system via this search - sourcetype="assets:linux" index=asset_discovery | dedup host | table...
View ArticleIs there a way to get a list of heavy forwarders via rest?
Hi, Is there a way to get a list of heavy forwarders via REST? We are creating our own HFW health page, since the DMC doesn't support it.
View ArticleWhy am I unable to search my JSON log file without using spath, even after...
Hi Folks, I have the following log file information. With my props.conf, it consumes it and visually shows fine, but I can't search on any of the elements without using spath. I would to be able to...
View ArticleWill the ending of support for OpenSSL 1.0.1 impact my Splunk instance?
I heard that support for OpenSSL 1.0.1 will end soon. Does this impact my Splunk instance?
View ArticleParsing fields from json logs
Hi Splunkers. I'm attempting to search based on fields in a JSON log file For example I am trying to search based on the "action" field from the following (sample) JSON event:...
View ArticleHow to extract field value in one index for comparison with other index using...
Hi , In index1 ,in have field called hostname with values, sxer123 sdcfgg SDFCXZ I have a field called hostname in index2 with values like , 172.34.23.33 sxer123.amazon.com sdcfgg.bb.amazon.com Now i...
View ArticleHow to use a date format as a filter in the base search
Hi, I have events with a timestamp_value=1477043785561 We can filter like this: index=a sourcetype=logins timestampvalue<=1477008000 Is it possible to use a date format in the base search to filter?...
View ArticleHow to use rex to extract a named field within a named field?
Greetings, The event that I'm working with is below. The problem is that our platform (in this case) has a field called 'parm', which Splunk extracts. However, I need to extract the field as...
View ArticleHow to edit my regular expression to match multiples of the same type (Java...
I'll start with a raw event. This is basically a Java stack dump. 2016-10-20 13:23:20,828 [p-bio-8001-exec-1866] [TABTHREAD1] [ ] [ PegaRULES:07.10] (ngineinterface.service.HttpAPI) ERROR...
View Article