Splunk forwarder to add custom fields for multiple logs
I have to setup Splunk for 100 servers, each server will have 5-10 JVMs, Each JVM generates 3-4 log files. I would like to index logs to a central Splunk server and along with data , I would also like...
View ArticleJSChart Drilldown - Show drilldown table when page loads
I would like to know if there is a way to perform and inline drilldown from a JSChart to a Table but have the table show up onload and not only after something is clicked inside the JSChart.
View ArticleDifferences between views
Hello, On a SHC of 3 peers with Splunk ES, searches results matches exactly with all SH. But results based on Data Model are different across all Search head Search affinity is disabled with site =...
View ArticleHaving Issues to view DBALite Oracle DB Performace summary drop down
Hello, I have installed the DBALite App on both DB server and on the splunk server. As per the documentation, i followed the steps to install the App and modified the following files on the DB server....
View ArticleHow to delete logs permanently from an indexer in index cluster using a...
I want to delete logs permanently from each indexer present inside the indexer cluster using a search query for 3 months. The below query provides me the with the output of the raw logs older then 3...
View Articlescale gauge
Hello, Can I add scale gauge to a dashboard that will show green circle or red circle depends on key value from log file? see example in the picture attached. thanks, Sarit![alt text][1] [1]:...
View Article[health.py] Could not initialize health logger, [HTTP 402] Current license...
Hey Everyone, I am working on integration of mysql with splunk. i have done all the step to integrated and it was successful but at the time of validation it't show like this error "[health.py] Could...
View ArticleWhat is the best approach to learning Splunk?
I start a new position as a Cyber Security Engineer in the next couple of weeks and I have to learn as much about Splunk Siem as I can. I have experience with McAfee Siem and a deep background in...
View ArticleFilter events on splunk forwarder
Hello how do i filter events (windows event log) on forwarder ? btw how do i install heavy forwarder? i have splunk 6.2.3 tnx in advance
View ArticleDB Timestamp column to _time
Hi, I working with splunk app for DB connet, and always have the same problem. when I run the query in the preview page I get the timestamp column in epoch time (I don't know why) with 13 digits. When...
View ArticleMost performant way to get data in using C#
Hi, My application is written in C#. I see there are a few ways for getting data in 1. C# SDK (as per submit example) 2. Logging.net with HTTP Event Collector 3. Posting raw JSON to HTTP Event...
View ArticleCan I use clustering to route data for a UAT env?
Hi, We are planning on upgrading to 6.3 (from 6.1), and were wondering if it was possible to use clustering and replication to route data to other systems, but use that data only for UAT/SIT purposes?...
View ArticleHow to search the count of both fail and total numbers from a data model?
I want to get fail number and total number from one data model, but I cannot figure out how to do this. My search is as below: |tstats count AS Requests,count(eval(Log.success="false")) as Failed from...
View ArticleHow to change the chart label size in Simple XML in Splunk 6.3?
Hi I want to change chart label size in Simple XML. I find in Splunk 6.2 there is one option that can be used : {italic:false,size:40} But, in 6.3 , it's no use. Can I use the css? how to ..... :(
View Articlehow to remove last character of a field value from the search results
how to remove last character of a field value from the search results
View ArticleChange color of Splunk graph based on string value
I have seen [this question][1] and [this docs page][2], together with a few other questions on the topic, but I am having some issues getting this to work on a new dashboard panel. The underlying...
View ArticleHow to configure universal forwarders on roaming laptops to maintain Windows...
I've installed a few Universal Forwarders on Windows laptops that are not consistently connected to the network. One machine did seem to cache events and forward them when reconnected, but another did...
View ArticleHow to write a search to alert if one host stops forwarding logs for a...
Hello guys, I want to make an alert if number of hosts is lower than 5 in a sourcetype search. To be more specific, I have 5 hosts that send logs into `sourcetype=test`. If one of the hosts stops...
View ArticleWebsite Input & case sensitivity issue: Is it possible to configure...
Hi, My workaround reply is still waiting for the moderator to accept the posting. In the mean-time, I have a new problem that's more difficult to get around. The device that I am getting Website input...
View ArticleHow to convert a working rex statement to a field extraction?
Sample data: 12/28/2015 11:39:14.113 -0600 collection="MSMQ Queue" object="MSMQ Queue" counter="Messages in Queue" instance="hostname"\private$\test_test_1062 Value=4 I have a working rex that extracts...
View Article