Search Head Cluster: Members in SHC pool get out of synch and error in log...
We have 3 Node SHC pool and the SHC is still frequently gets out-of-synch and keeps throwing the following UI banner message: "Error pulling configurations from the search head cluster captain;...
View ArticleSpec for reading DAT files
Hi, I have configured an app being pushed from deployment server to a remote Windows host to read DAT files. Links already refrred :...
View ArticleRegular Expression to Extract Values From a Field
Hello Ninjas, Am having some trouble trying to figure out how to use regex to perform a simple action. So I have a field called Caller_Process_Name which has the value of...
View ArticleUsing REST API search endpoints to retrieve a saved search SID and search...
Hi All, I'm trying to build a mini SDK for the REST API using Golang (focusing on the search/saved search endpoints at the moment). I've got alot of the endpoints working individually where I can...
View ArticleDoes the Cisco eStreamer for Splunk app support retrieving payload for...
Does the Cisco eStreamer for Splunk app support retrieving payload for intrusion events?
View ArticleCan Splunk integrate with Lansweeper if the data is stored in an MSSQL...
Is it possible to Integrate Lansweeper with Splunk. Since Lansweeper stores all the logs and inventory information in a Microsoft SQL Server Database, it is possible to query this data using DB Connect...
View ArticleCan Splunk Integrate with Lansweeper?
Is there a way to integrate Splunk with Lansweeper? Since Lansweeper stores all configuration and inventory information in a Microsoft SQL Database, can we query this database for information using...
View ArticlePalo Alto Networks App for Splunk 5.0.0: Why are some dashboards showing...
Some dashboards (Traffic, WebActivity) showing 'tstats' and not displaying any data. I recently upgraded to 5.0. Regular (not accelerated) searches work fine. All troubleshooting steps were followed....
View ArticleSplunk DB Connect 2: Why am I getting error "Cannot get a connection, pool...
Hello Splunkers. I have 2 connections with a Microsoft DB using Splunk DB Connect 2. For some time, everything was OK, but all of sudden Splunk stopped indexing new data. Looking at _internal, I saw...
View ArticleIs there a way to display a different name in a drop-down list, but use the...
Hi I have a drop-down and Chart/List. The chart should show the event on the item selected from list. Is there a way display the ProcessContext_ProjectName in the drop-down list removing Java, but...
View ArticleHow can I troubleshoot why suddenly 8 of 10 subfolders with proxy logs have...
I've been sending proxy logs to the FTP server and from there I installed an universal forwarder to send the logs to the Splunk indexers. They are all in a gz format. Everything was working fine until...
View ArticleWhy are my nested subsearches failing?
Hello, I'm running into a problem where if I nest subsearches too far, I start to return no results. I'm unable to find a published limit of nesting, though. Is there one? The search I'm trying to run...
View ArticleHTML Drop-down Search not populating
I have a KVstore and created a drop-down input filter. I can't seem to get it to filter my data. The drop-down lists all the correct data, but I can't seem to filter out information. For example:...
View ArticleHow to write the regex to extract a field from XML data if the field is not...
Hi I have a field which I would like to extract a field from the XML being displayed. The only problem is the field is not completely XML. I am not allowed to post an example, but basically I want to...
View ArticleSplunk DB Connect and Oracle VPD (Virtual Private Databases): Is there a way...
Hello, In my gathering of how Splunk DB Connect works, it appears it's not possible to execute a stored proc to set a user context. Is there a way to support this in DB Connect? I want to execute the...
View ArticleWhy am I unable to install a Splunk Forwarder on Windows 2008 64 bit (non...
My attempts to install a Splunk forwarder on Windows 2008 fails and is rolled back. In this case, the application event logs show: Faulting application openssl.exe, version 0.0.0.0, time stamp...
View ArticleSplunk DB Connect 1.2.2: Java bridge server is loading, but why does the app...
When accessing Splunk DB Connect, the start page for the app just keeps refreshing continuously. There are db connections configured and they do work, the bridge does appear to be running, I can run...
View ArticleWhat is the process to downgrade the NMON Performance Monitor for Unix and...
I just upgraded to 1.6.13. The nmon data for various panels has changed from line to scatter graphs. I'd like to downgrade back to 1.6.12 ( I'll put in another ticket about the scatter graph issue )...
View ArticleWhy is my indexer randomly indexing old logs?
I have noticed that at random times my indexer is indexing old data logs from days, and sometimes even months in the past. I have no clue as to why this is happening. The logs are formatted like this:...
View ArticleHow to troubleshoot why my Splunk DB Connect 2 app does not load?
My app Splunk DB connect 2 does not load and or display on WEB. Plugin is configured default. Javahome (inputs.conf) and java_home (settings.conf) is true. Dbx2 and rpc logs is without Errors. Some...
View Article