Why am I seeing "DistributedPeerManagerHeartbeat - Unable to get server info...
I have seen a few other questions similar to this one, but not exactly, and the solutions do not work. In my cluster master log, I am seeing the following error repeatedly: 01-08-2016 23:37:42.853...
View ArticleHow to extract and apply header information to every log line?
Hello Splunk Guru's, The file below contains a header of 7 lines followed by an undetermined number of log lines. I would like for the header to apply to each and every log line. For instance, I would...
View ArticleWhy does Splunk Web sometimes not show the event data for a search unless I...
Splunk Web doesn't show the events at times. If I restart and log in, it will show the events, but after some time, events are not displayed. It shows total events, but the details are not displayed...
View ArticleCan I setup Splunk so that only certain forwarders use encryption?
Hi, I have a request from a customer to encrypt their feed to Splunk. The doc looks pretty simple, but after reading it, my impression is that all forwarders would then have to be configured to use...
View ArticleHow to write a search to find who deleted or modified files on a Windows...
I am now very new to Splunk. I have installed a Splunk forwarder to monitor Window Security Logs, but would like also build a search to search who deleted and modified files / folder for the last 24...
View ArticleHow can I export all items from Settings>Searches, Reports, and Alerts?
So basically, I'm looking to effectively export/retrieve all content from Settings>Searches, Reports, and Alerts. Basically looking to build a reference document to list my alerts/reports with the...
View ArticleIs using SplunkCimLogEvent logging best practice?
Hi, I came across "**Splunk Logging best practices**" article ([http://dev.splunk.com/view/logging-best-practices/SP-CAAADP6][1]) and it seemed like using the provided **SplunkCimLogEvent** class would...
View ArticleCant search DB2 database after successfully connecting
I've successfully connected to DashDB (DB2) database from splunk. I went though the documentation and made sure that all the drivers are installed. But I still cant see the DB2 source in the sources...
View ArticleHigh splunkd memory usage on datamodel acceleration
I currently have the following setup. 3 x search heads ( 8 cpu, 16gb memory) 2 x indexer ( 8 cpu, 16gb) Currently I'm only indexing around 10GB per day worth of data, 80% is from the NetApp application...
View Articleinputs.conf and props.conf and new set up
Sorry newbie questions. I have been looking at trying my hand at customizing the setup, instead of using the GUI. These are from things I have tried and read in the docs. The idea would be to set up...
View ArticleWindows Advanced Audit Policy Configuration
Hello All, I'm a new Splunker and have a Windows 6.3.2 enterprise installed with the following: Supporting Add-on for Active Directory v 2.1.2 Cisco Security Suite v 3.1.1 Template for Citrix...
View ArticleCannot access app whrn role is given only write permissions on app
I have created a role which has only write permissions and no read permissions on app. When i try to login , it says the app is not available. does it need read permissions to access the app.
View Articleduplication, data inputs, syslog & transforms/props.conf
short story: using transforms.conf and/or props, how can i set an event's index value? Long Story: I am using two apps, with two UDP listeners, each with the required sourcetype. Primarily i am...
View ArticleSplunk Addon for Microsoft Azure is not compatible with China Azure?
The China Azure customer wants to pull data out with Splunk Addon for Microsoft Azure from China Azure but always failed. There is a log in the _internal: “…ERROR ExecProcessor - message from...
View ArticleNo IN Bound or OUT Bound events from DD-WRT
Love the idea of Home Monitor and really want to get it to work. I'm running Home Monitor 4.3.0 on Splunk 6.3.2. DD-WRT v3.0-r27734 on a DIR 686L. Set up Home Monitor initially with dd-wrt sourcetype...
View ArticleCan I set up Splunk so that only certain forwarders use encryption?
Hi, I have a request from a customer to encrypt their feed to Splunk. The doc looks pretty simple, but after reading it, my impression is that all forwarders would then have to be configured to use...
View ArticleSplunk DB Connect 2: I've connected to a DashDB (DB2) database, but why can't...
I've successfully connected to DashDB (DB2) database from Splunk. I went though the documentation and made sure that all the drivers are installed, but I still cant' see the DB2 source in the sources...
View ArticleWhy am I unable to access an app with a role that is given only write...
I have created a role which has only write permissions and no read permissions for an app. When I try to log in , it says: the app is not available. Does it need read permissions to access the app?
View ArticleIs the Splunk Addon for Microsoft Azure compatible with China Azure?
A China Azure customer wants to pull data out with Splunk Addon for Microsoft Azure from China Azure, but always failed. There is a log in the _internal log: …ERROR ExecProcessor - message from...
View ArticleHome Monitor 4.3.0: Why do I see no IN Bound or OUT Bound events from DD-WRT?
Love the idea of Home Monitor and really want to get it to work. I'm running Home Monitor 4.3.0 on Splunk 6.3.2. DD-WRT v3.0-r27734 on a DIR 686L. Set up Home Monitor initially with dd-wrt sourcetype...
View Article