I nealie install splunk entreprise 6.6 on fedora25 server and I'm unable to...
I nealie install splunk entreprise 6.6 on fedora25 server and I'm unable to browse more apps or install an app the error message is Error resolving: Name or service not known
View ArticleData getting rollover to Frozen bucket irrespective of frozenTimePeriodInSecs...
Hi All, Need your help in understanding the reason behind the below behavior. The data in my Index A is getting rolled over to Frozen bucket irrespective of the frozenTimePeriodInSecs set to 365 days....
View ArticleSplunk app for AWS
Hi all, Our Splunk app for AWS plugin stopped working, the error message i receiving in splunkd log: 05-22-2017 11:15:10.128 +0000 ERROR ExecProcessor - message from "python...
View ArticleCan I add the various Data Input Parameters as fields to events at index time?
I'm building a TA using the Add-On Builder and I've defined a few "Data Input Parameters" that need to be defined when the Input is added such as the device's IP address {dvc} , a boolean variable...
View ArticleCustom App won't start on Splunk 6.6
Hello, I am facing the problem with starting up the custom app. Custom App is not working under specific condition below. - Splunk 6.5.3 & Chrome -> OK - Splunk 6.5.3 & IE11 -> OK -...
View ArticleHow to display specific fields in statistics?
References to tutorial http://docs.splunk.com/Documentation/Splunk/6.5.3/SearchTutorial/Searchwithfieldlookups, sourcetype=access_* status=200 action=purchase [search sourcetype=access_* status=200...
View Articlegetting the following error for API modular input for ingesting security...
Hi All: I am getting the following error, in which Splunk is unable to pull data (scans) from a security center. Splunk Add for tenable is being utilized to pull the management scans. We have 8...
View Articlehow time Synchronization works between forwarder and indexer works
Hi we have hosts sending logs to indexer using universal forwarders. The hosts are spread across different time zones. i want to know how the indexer Synchronize different time zones into one. Can you...
View Articletab in transforms
What should I use to put a TAB literally in a regex replacement within transforms.conf? I've tried \t but that's not working.
View ArticleHow to write TIME_FORMAT and LINE_BREAKER?
Hello all, i have a log file in which there is no date in the log events and it might also contain stack-trace Here is the sample log event "03:37:10,530 [localhost-startStop-1] ERROR...
View ArticleMin and Max in timechart
Hello guys I am displaying a TimeChart of average of Duration and a Baseline for last 30 days..It is working properly. Problem :- But now I need to show Min and Max of Duration for Last 90 days in the...
View ArticleHow to compute _indextime-_time difference average with tstats?
Hi, I'd like to calculate the average latency (_indextime-_time) with the tstats command, but I can not make it work: | tstats avg(_indextime-_time) where (index=* OR index=_*) by index Splunk thinks...
View ArticleTrying to get get a LastBootUpTime converted to Epoch that includes the...
I'm having difficulties converting Microsoft's LastBootUpTime into Epoch taking the timezone offset into account to get an Epoch in GMT value for comparison. Would anyone have any ideas to assist?...
View ArticleDB Connect v3. How to save TIMESTAMP type fields in Epoch format, not in...
Hello! I used DB Connect v1 and now I updated it on DB Connect v3. I get data from oracle sql. I have several TIMESTAMP type columns that in version 1 were saved in the epoch format, but in version 3...
View ArticleHow to convert "LastBootUpTime" to epoch time (including the timezone offset)...
I'm having difficulties converting Microsoft's LastBootUpTime into Epoch taking the timezone offset into account to get an Epoch in GMT value for comparison. Would anyone have any ideas to assist?...
View ArticleAre there performance issues for increasing the "max_searches_per_CPU"...
I have 16 core CPU on search head which accommodate 22 concurrent searches by default. When 22 concurrent searches is reached, it shows limit has been reached, but the CPU utilization is only 20...
View ArticleExternal command based lookup is not available because KV Store...
Hello, After installing an app from one env SH into another environment SH and restarting it, I am getting: External command based lookup is not available because KV Store initialization has failed Any...
View ArticleWhat should I use to put a TAB literally in a regex replacement within...
What should I use to put a TAB literally in a regex replacement within transforms.conf? I've tried \t but that's not working.
View ArticleHow to write the correct TIME_FORMAT and LINE_BREAKER for my sample data?
Hello all, i have a log file in which there is no date in the log events and it might also contain stack-trace Here is the sample log event "03:37:10,530 [localhost-startStop-1] ERROR...
View ArticleSplunk DB Connect: How to save TIMESTAMP type fields in Epoch format, not in...
Hello! I used Splunk DB Connect v1 and now I updated it to Splunk DB Connect v3. I get data from oracle sql. I have several TIMESTAMP type columns that in version 1 were saved in the epoch format, but...
View Article