Splunk Visio Icons not looking good on Lucidchart
Hi all, I am trying to use the [Splunk Visio icons][1] from [Lucidchart][2] and they all look horrible (see picture below). Lucidchart supports Visio stencils and Visio diagrams and can import from...
View ArticleAfter upgrade from 6.2 to 6.3 unable to start splunkd on my indexers clusterd...
I have updated my splunk infra from 6.2 to 6.3 1) Deployment server -1 2) indexer cluster servers -2 2) sh head cluster servers -2 Update process was successful on all nodes but I am unable to start...
View ArticleHow is the index=threat_activity filled up with data in splunk Enterprise...
We have got squid proxy logs that are compared with the threat lists in splunk ES. It works fine, but on the list on splunk ES Advanced Threat - Threatlist Activity - Threat Activity Details we only...
View ArticleHow to display multiline colored text in a dashboard PDF export?
Hi, I want to display multiline text based on a query. This text should have a color (hard coded) when exported to PDF. Currently (v6.3.1), the HTML panel supports only bold and underline tags, but no...
View ArticleSplunk Left Join
Hi, I wonder whether someone may be able to help me please: I'm trying to return the following details: Submission Date Reference Number With the following criteria: Where the reference number has an...
View ArticleStability issues with db connect 2 'The read operation timed out'
Hi, I'm running Splunk 6.3.1, db connect 2.0.6. Splunk was updated 2 days ago. This problem already showed up with earlier versions of Splunk Enterprise. I'm monitoring some tables in an Oracle db,...
View ArticleHow to list all indexes that shows Time, Index Name, Size and NumOfEvents for...
Hi, I'd like to get a list of all indexes that shows the data in the following format for a given time span such as last 7 days: _time indexName IndexedVolumeSizeInMBofTheDay NumOfEventsOfTheDay For...
View ArticleLDAP authentication not working on Splunk version 6.3.1
Hello Splunkers, I have a Splunk environment runnning on cluster. My indexers (7 peers) were at version 6.1.3 and my search heads (6 SHs) at version 6.2.3. The autenthication is done by LDAP. We...
View ArticleSplunk Hebrew Font
Hi, We using splunk for some applications that needs to be displayed on Hebrew. The default font is very old fashion and we want to know how to set the Hebrew font for this dashboard. In-addion, It...
View ArticleConnect Splunk To OBIEE
Hi, We think about connect Splunk to OBIEE system. Can anyone do this before and know how to do it? Thanks, Omer.
View ArticleRestrict search for specific index in Windows App
Hello All! I need to restrict specific index/indexes in Windows App I able to do it with specific indexes after i set restrictions in authorize.conf what file do i have to modify to accomplish it? Tnx...
View ArticleWhy do the CloudWatch logs contain XML tags?
We have logs from all of our production servers being pushed to CloudWatch, and we're evaluating Splunk as a better way to search those logs. We were able to get the AWS add-on set-up with an account...
View ArticleAdd-on for LDAP ERROR: 'list' object has no attribute 'items'
Hi, In trying this add-on, I'm unable to get the search results to actually display - tcpdump shows the query arriving to the LDAP server, and the response being provided, but, the TA merely logs:...
View Articlemaximum number of concurrent searches reached when sheduling a PDF dashboard
I've read in details how the scheduler handles the priority of single reports, http://docs.splunk.com/Documentation/Splunk/6.3.1/Report/Configurethepriorityofscheduledreports but I could not find how...
View Articlesubsearch limit
Hi, How can i overcome subsearch limitation. I do not want to change limit in conf files. I have read that this can cause instability. In my below search I want to find differences between two data...
View ArticleForwardeing and Indexing on an Heavy Forwarder
Hi at all, I have a Splunk instance indexing some logs. I'd like to continue to use the server for its old job but, at the same time, to use the same server (the same Splunk instance or a different...
View ArticleHow can I avoid getting error "Events may not be returned in sub-second order...
Hi, I have got below error message Events may not be returned in sub-second order due to search memory limits configured in limits.conf:[search]:max_rawsize_perchunk. See search.log for more...
View ArticleBaseline and query for Anomalous Invalid Login Attempts
I am working on Anomalous Invalid Login Attempts where I need to do multiple login from a same user from different sites in 30 mins time span, so the below query I implemented...
View ArticleRemove mouse over from panel in the 6.3.1 update
How I can get back the design before the Splunk 6.3.1 update? Now my panels have a mouse over that shows info in the worst place ever (lol). ![alt text][1] ![alt text][2] [1]:...
View ArticleWhat is the disadvantage of having a lot of small buckets and rotating them...
So I understand that the minimum timespan on a hot bucket is 1 hour, but bucket sizing defaults to a file size instead of a timespan. It is also warned that setting bucket sizes too small will yield...
View Article