How to configure the Splunk Add-on for Netflow or indexer to capture the...
Running the Splunk Add-on for Netflow on a Linux server so it can translate the data and forward it to our main Splunk instance running on Windows. The Netflow data on the Linux box looks something...
View ArticleWhy am I unable to forward a sourcetype from a heavy forwarder to different...
I'm in the process of migrating one environment's data to its new environment. I have specific hosts forwarding data using the [<host>] stanza in props.conf, but am having problems getting a...
View ArticleHow can I show all values in a pie chart instead of some values being...
I tried `useother=f`, it is removing the other values from the Pie chart, but I need all the values in the pie chart instead of removing some.
View ArticleKV Store time-based lookups not working in Splunk 6.3.2
Have exactly the same lookups, one in CSV and one in KV Store. The CSV file time-based lookup works perfectly. The KV Store time-based lookup does not. The definitions of the lookups with regards to...
View ArticleHow to tie capabilities to custom roles so certain options are hidden based...
We've built a heavily customized OEM Application for our product and I would like to know how to make certain things aware of the user role and hide/show them based on who logged in. The example would...
View ArticleWhy does field extraction only work when "| extract reload=T" is added to...
I've got a fairly simple field extraction specified by a props.conf REPORT directive pointed to a transforms.conf spec. The REPORT directive is within a sourcetype spec'd stanza. The transforms.conf...
View ArticleIs there any documentation for the Search ElasticSearch app?
I just downloaded the Search ElasticSearch app. Is there any doc or config settings that can be shared?
View ArticleWhy are we seeing Frozen Buckets in Cold?
Hi all, I've noticed some weird behavior on one (and only one) of my indexers. A customer complained about data "suddenly disappearing" in the middle of the day. When my team investigated, they found...
View ArticleAfter removing permission dashboard_role from "Search & Reporting", why do...
I have almost the same problem as the user on the following post: https://answers.splunk.com/answers/111356/restrict-user-to-view-only-specified-dashboards-in-one-apps-only.html I did nearly the same...
View ArticleHow to resolve error Forwarding to indexer group default-autolb-group blocked...
Hello! I am getting the following error: Forwarding to indexer group default-autolb-group blocked for 2400 seconds. I have configured inputs.conf to filter Windows events (System, Security etc..) I...
View Articlereceived event for unconfigured/disabled/deleted index='msad' with...
I was getting the message as follows. What should i have to do to get those logs?
View ArticleSplunk Add-on for IBM WAS: "Unable to initialize modular input "jmx" defined...
Dear splunk community, We get the following error message trying to get SPLUNK_TA_jmx 3.1.0 working on a 64Bit SLES 11 SP3 system with splunk 6.2.1.2 build 259063: Unable to initialize modular input...
View ArticleHow do I capture real-time search failures in SDK?
I'm currently testing a real-time search solution via the Java SDK. My dev set-up consists of one search head and one indexer. I've observed the following behavior in both the GUI and Java...
View ArticleSplunk DB Connect: How to compar stored database queries to detect when field...
We're indexing a database table that stores saved database queries, and want to alert when the stored queries are changed. We are successfully doing so, but have experienced numerous false alarms when...
View ArticleWebsite Input: Set field names to be HTML element, instead of attribute
Hi, I have the below example XML to scrape: Cook73835600Food1OPEN18004Food2OPEN18004Food3OPEN18004100 I am extracting the data I want with the following CSS Selector:...
View ArticleHow to count how many times a field value has changed from one to another?
Hi, In my data I have a "Status" field. The status can be in one of 3 states: Connected, Connecting, Disconnected. I want to calculate how many times the connection has been dropped. In other words, I...
View ArticleHow to count the number of matches of a string within an event?
I am using the Splunk App for *nix to gather netstat data, and I am trying to find the number of connections to the port 44221. I am using this search string, but am unable to figure out how to get a...
View ArticleHow to migrate a Splunk 4.2.3 Windows installation to Splunk 6.2.7 on Linux?
To start, I've already reviewed Google's results for this, and I just need to clarify a few things. We're trying to go from a base 4.2.3 install to a 6.2 install. I've seen that I need to do: Upgrade...
View ArticleSplunk App for AWS: Will my current configuration for multiple AWS accounts...
We have 9 accounts in AWS. I have set up AWS Config on each account, pointing to their own SNS topic. I have one SQS Queue in us-east-1 subscribed to the SNS topic from each region, which should allow...
View ArticleBlueCoatProxySG to Syslog to Splunk. How do I get this to work?
First off I have looked over the instructions contained here: http://docs.splunk.com/Documentation/AddOns/latest/BlueCoatProxySG/About That being said, the biggest issue is that I have been working...
View Article