Unable to configue the Splunk App for AWS
I followed the instructions for downloading and installing the Splunk App for AWS into Splunk Enterprise. Everything appeared to go correctly. Now when I navigate to the Configure portion of the Splunk...
View ArticleHow to show raw file in reports
Hi, I index processed data into spunk and my client might needs to view raw file that is used to produce events as well.? lets say, i am using xml and prepare comma separated line from the file and...
View ArticleSplunkweb won't start after upgrade from 4.1.5 to 4.3.7. Cert issues.
I have a really old 4.1.5 instance on Ubuntu 8.04. I am finally upgrading to 6.3.1 (through 4.3.7 first). I provisioned a new Ubuntu 14.04 server of the same bit-ness as the old server (32-bit) and...
View Articlekvstore is mandatory for Splunk instance
As a splunk beginner I want to understand few things about kvstore. Could anyone explain me in brief? kvstore is mandatory for Splunk instance or for Splunk SH? I understand it is used to write...
View Articlehow to delete sourcetype
Hi I would like to clean sourcetype list. Can I delete it via CLI? ( I am not talking here removing sourcetype from the index. but rather if you go to add data ->Set source -> Set Sourcetype. On...
View ArticleSplunk Scripted input - Powershell
I've setup a new scripted input using power shell as follows: Input.conf: [script://$SPLUNK_HOME\bin\scripts\RESENDREQUEST.path] source = RESENDREQUESTLOG sourcetype = RESENDREQUESTLOG interval = 10...
View ArticleCustom cell colors based on values ignore columns
Dear Splunk-Community, I want to color individual cells in a table based on their value in green, orange and red. The table has 2 columns in question: CPU Load, Memory Usage. I based my code on the...
View ArticleConfiguration file precedence within a single conf file - using the same stanza
Hi, I'm facing the situation that there is the identical stanca twice within a single conf file. E.g. authorize.conf [role_admin] srchIndexesDefault = main [role_admin] srchIndexesDefault = _internal I...
View ArticleWhats the difference between tscollect and collect?
Is there any benefit to using tstat/tscollect or summary index over an accelerated reporting? Also, what scenario is summary index better than tstat/tscollect better suited for, and vice versa?
View ArticleMapping fields and values using regex and transforms.conf
I have a very ugly log file that I need to run a regex against and have it match as many times as possible to map the field name and the value of the field. I have a working regex that I can test...
View ArticleConfiguring JMX Add on app for Websphere 8.5.5
I am trying to configure the JMX add on app for my WebSphere Application. And i am getting this error message and not sure on how to resolve it. Please let me know on how to resolve it. 3) For...
View ArticleTearing down a search head cluster
I am going to have to tear down our SHC; I had to give up our 3rd search head to another project, which puts us in un-supported land (2 node cluster). I plan to split the deployed apps between the 2...
View ArticleHow can I estimate daily indexing volume for license requirements when adding...
Current looking at adding more devices to our Splunk Server and I would like to know how Splunk reads this data in regards to daily volume so I know if our License will still meet the additional...
View ArticleCisco eStreamer for Splunk: Does eStreamer log data clean up after itself,...
Does estreamer log data clean up after itself? If not, what's the best way to accomplish this if I don't have access to add a logrotate script?
View ArticleWhy am I unable to extract fields from multiline events with my current...
Hi All, I am trying to extract fields from multiline events which were injected from our server to Splunk. We have our events as below where each event starts with time stamp and all the below events...
View ArticleWhen can we expect Splunk 6.3.x to be supported on Solaris SPARC OS?
I am unable to find latest 6.3.x install package for Solaris SPARC OS. When can we expect this? Or is it deprecated?
View ArticleCan other users verify if this is the proper procedure to update TAs in a...
I would appreciate if the following procedure could be verified. I am planning to do the following when updating TAs: 1. Make a backup copy of the TA folder (Splunk_TA_cisco-asa for example) located in...
View ArticleDB_Connect 2.1.0 - Unsupported JRE
After upgrading from DB Connect 2.0.x to 2.1.0, we're now getting this error: JRE Status: Unsupported JRE detected. Using: Oracle Corporation JRE version: 1.8 and VM: OpenJDK 64-Bit Server VM . Need:...
View ArticleUsinig Windows Storage Server 2012 as the Event collector and Splunk forwarder.
Hi all, Is it available using Windows Storage Server 2012 as the Event collector and Splunk forwarder which gather taraget monitoring Windows servers or clients event log? These target machines are...
View Articlehow to restrict search query window on chart drill down and populate data in...
Hi All, I have recently started working with splunk dashboards and created some small dashboards with charts and drop down filters. In our dashboard there are 6 charts (2 column and 4 pie charts) and a...
View Article