What are the differences between the lookup and inputlookup commands?
Is there any reason why this command would work: | inputlookup myfile | search SERIAL_NO "1234" | table X, Y, Z And this command would work: index=mydata serial_number="1234" | table subject But this...
View ArticleHow to find duplicate values inside a single field?
For data from DNS that looks like these examples: www.abc.com.www.bca.com www.abc.net.www.bca.net How can I report that .com or .net appears more than once in the field? I would stat this an push it...
View ArticleGraphing counter delta values over multiple dimensions?
We have a script gathering DNS server statistics, which are monotonically increasing counters, mostly for requests served. We have 3 dimensions to our data: - dns_host: the host where the statistics...
View ArticleHow to disable KVStore on a heavy forwarder?
I have KVStore taking up drive space on a HF. Documentation warns about this and says KVStore can be disabled in the server.conf. But there are no instructions on how to do this. please advise.
View ArticleUsing lookups included in the Splunk App for Windows Infrastructure, why am I...
I am trying to use the lookups included in the Splunk App for Windows Infrastructure, and I am having odd results: |inputlookup tSessions|search session_id="0x59f23e232" returns one record as expected....
View ArticleHow do I set up a conditional drilldown in Simple XML from my bar chart to...
I have a bar chart. When I click on a particular bar, I'd like to control the drilldown to another dashboard. Combed through the docs, but can't find anything. Also checked Answers and checked answers...
View ArticleHow to set and configure the sourcetype to format events written to Splunk's...
I'm having issues when writing events to Splunk's HTTP event collector. We have a good amount of existing queries that may need to be rewritten if this cannot be successful. The problem occurs when the...
View ArticleWhy am I getting certificate errors trying to configure the Splunk Add-on for...
Hi, We are trying to set up the Splunk Add-on for IBM Websphere Application Server (3.1.0) with the Splunk Add-on for Jboss (1.0.0). However, after all processes for configuration, we have this error...
View ArticleAutomated refreshes not working with Splunk ODBC & Tableau Server
I'm able to connect Tableau Desktop to a saved search in Splunk & publish content to Tableau Server. Live connections work, but automating a refresh from Tableau Server fails. Has anyone gotten...
View ArticleHow do I create a stacked bar chart with my data set?
Hi Guys, I have the following data set that i retrieve using a search : host calltype count pc4bwsoap03 odata/v2 4931 pc4bwsoap03 sfapi/v1 134 pc4bwsoap03 api/oauth 13 pc4bwsoap03 xi/ajax 9 pc4bwsoap03...
View ArticleHow to display the source path for errors in Splunk email messages?
I was wondering how I could have the source directory for our errors that appear in the email messages. Is there any token I can input to have these appear? I know I can include an inline to show the...
View Article6.3.2 Peer Indexer Upgrades - FYI, I resolved this problem during my upgrade.
I upgraded my test instances to 6.3.2 this week and encountered something odd while upgrading my indexer cluster. I had first successfully upgraded a standalone instance and a heavy forwarder, but my...
View ArticleHow to configure Splunk to examine the latest log file?
My Splunk instance is not reading the latest entries from log files that I want to search. Through the web interface, I told it to look through everything in a folder. I thought this would include the...
View ArticleCreate DB Connect V2 Lookup with query parameters
Hello, I have a table in my database that records changes to a record in my people table. I have a trigger that inserts a the new data into the historical table when the record changes and timestamps...
View ArticleJMS inputs are not visible after upgrade to 6.3.0 Enterprise and upgrade to...
JMS inputs are not visible after upgrade to 6.3.0 Enterprise and upgrade to JMS 1.5. Within Settings-->Data Inputs--> No more 'JMS' input link so the inputs must be managed directly on the...
View ArticleHow to verify when a SPLUNK server is rebooted,SPLUNK is cleanly shutdown or...
When a SPLUNK server is rebooted, SPLUNK is cleanly shutdown When SPLUNK vm is powered off, SPLUNK is cleanly shutdown
View ArticleAfter frozen data restore, thawed data not working correctly or missing.
In a test environment (two indexers, one SH, one cluster master/deployment server) I froze any data that was older than half a day. Indexes.conf: [endor] repFactor = auto homePath = $SPLUNK_DB\endor\db...
View ArticleWhy am i getting the error message "File...
Getting an error deploying an application via splunk deployment manager. The app depolys but when the splunk service is restarted on the rhel 6 server I get errors that the files can't be found. The...
View ArticleLotus Notes 9.0.x
Dear, It is possible to integrate Lotus Notes Domino 9.0.x with Splunk? It is possible to see audit messages? What are the best practices to log this environment?
View ArticleEvents missing via http event collector
I'm seeing a behaviour where some of my events are missing after been sent to http event collector. I'm sending single event per request. Sometimes it shows all the events and sometimes it does not....
View Article