Splunk Stream question
I work for energy capture and storage organisation and we were thinking of using Splunk to capture data from our main "Ecto-Containment System". Streams are a key component of our workflow and one of...
View ArticleHow can I create a chart for each column?
I have 10 columns with the name of a server, and each server has its average per day. How can I create a panel for each column that I have? In this case, I need to show 10. Any help? Right now, it only...
View ArticleSplunk Add-on for Amazon Web Services: Why do I stop receiving events from...
I am pulling data from 30-40 log groups from 3 different regions using the Splunk Add-on for AWS. I am having an issue where after about 10-15 minutes, I stop receiving the most up to date events from...
View ArticleHow to delete existing indexed events?
Hi, I saw multiple junk Windows security events filling up my disk space. I now filtered unnecessary events. How can I delete those existing events? I tried... Delete and it's showing deleted...
View ArticleWhat is a Web server, which is used in splunk?
What is a Web server, which is used in splunk? ------------ Splunkで使用しているWebサーバーは何ですか?
View ArticleHow to prevent duplicates in KV Store?
Greetings, I regularly update a KV Store with new IP addresses/websites to monitor for in my network traffic. Sometimes I get redundant information, and put in the same IP's/website multiple times. How...
View ArticleWhy would Search return results from old logfiles when newer ones exist.
I want to search all the logs for my `Device`, they're txt files and the directory structure is like this: `c:\program files\device\device manager\logs\YYYYMMDD.txt` My query looks something like this...
View ArticleDuring alert creation, if I enable Summary Indexing, how can I tell splunk to...
During alert creation, if I enable Summary Indexing, how can I tell splunk to use a time field in the data rather than adding one? DETAILS: I have set up an alert with a search that returns a set of...
View ArticleHow do I filter out some Windows events at Search Head/Indexer (RHEL 6...
New Splunk server, initial tuning period. Working on tuning and filtering. Server shows two event types as most frequent patterns: 44.49% 12/09/2015 05:33:20 PM LogName=Security SourceName=Microsoft...
View ArticleHow to configure initial setup for the Splunk App for Web Analytics for my...
I installed the App and began the process of trying to configure. I had to leverage sourcetype renaming as my logs from multiple servers are going into a common index with a custom source type. After I...
View ArticleSearch for either of two values, given only one value
I'm trying to lookup all lines that have EITHER a Matching Name or Phone, when given ONLY the Name to search for. And I Know the "Combiner" entry will Always exist, and have both. EntryTag,Name,Phone...
View ArticleCreate time range for each customer from adjacent time
Hi, Originally I generated a table from a Splunk query in the following form: CustomerID SeenTime 1234 8/5/2015 1234 8/19/2015 1234 9/1/2015 2345 10/3/2015 2345 10/9/2015 Now, I would like to create a...
View ArticleIs the option to download AWS RDS log files being considered for future...
It's possible through AWS CLI to download RDS log files. Is this an option that being consider for future releases of Splunk App for AWS?
View ArticleWhy are we getting different results from search heads in our Splunk 6.2.3...
Hi, We have an implementation of 3 search heads in a search head cluster and 4 indexers in a multisite indexer cluster all in Splunk 6.2.3. The search heads have search affinity (sh1 and sh2 site1 and...
View ArticleIs there a log file that shows the SQL statements DB Connect Database Inputs...
Hi I am trying to debug a database input I created to pull from a JDBC compliant DB. I set it up as a Tail so it pulls records incrementally. I need to see the SQL statements that this input is...
View ArticleHow to locate and edit an existing macro search from an app (Splunk App for...
Is there anyway to locate and edit an existing macro search from an App (SA-nix) in this case? CPU_Exceeds_Percent_by_Host Open in Search Edit admin SA-nix Global CPU_Under_Percent_by_Host Open in...
View ArticleSyndication Input (RSS/ATOM/RDF) add-on: Why am I getting "INFO Successfully...
I just installed the Syndication Input add-on on my stand-alone search head and configured the answers.splunk.com/feed/questions.rss input as shown in the example. No data is showing in the dedicated...
View ArticleHow many CPU cores are used for indexing?
Hi I am needing information for sizing of necessary CPU cores for indexer. In capacity planning doc, indexing will consume 4 to 8 cores, and additional cores with parallelization enabled. Is there...
View ArticleReporting on Linux machine metrics using a Windows Splunk server?
Will the Windows version of the "Splunk App for Unix and Linux" report on linux metrics? My Splunk Servers are Windows-based, but I need to report on the metrics from a linux (Redhat/CentOS) system. I...
View ArticleExports host IPs to txt file
Hello all - hoping this isn't too difficult. I am looking to export the IP addresses of all hosts logging to a specific index to a text file. I have this: | metadata type=hosts index=[example index] |...
View Article