Does Splunk allow a new HTML page to resubmit a transaction?
Does splunk allow a new page to resubmit transaction? Here is my context: I see failures in dashboard, and I already have the payload. Can I create an html page/ provision out some way so that I can...
View ArticleHow to set up the EMC Isilon App & Add-on for Splunk Enterprise?
I've tried on a distributed setup as well as just a single host test instance that has TCP connectivity to the target storage frame's API (for example https://192.168.1.100:8080 ). I'm running a...
View ArticleUsing the Splunk Java Search API, why am I only getting 6700 events when...
Hi, I am trying to search Splunk using Java and my search produced 12000+ events, when I checked in the Splunk Admin UI. But, when it comes to code, it is able to retrieve 6700 events only. I tried...
View ArticleHow to edit my search to only return results that exceed a certain count...
I would like to issue the following search, but only get results that exceed a count within a time window. I see how to set an alert to do this, but I just want to search my current stored events. How...
View ArticleWhy is MV_ADD=true extracting everything twice and producing duplicates in my...
My Event: Directory: /var/tmp/.X11-unix Mtime : 2015-01-06 06:26:36 +0000 | 2016-01-04 15:31:39 +0000 Ctime : 2015-01-06 06:26:36 +0000 | 2016-01-04 15:31:39 +0000 Inode : 12 | 393217 Props.conf (the...
View ArticleHow to configure the Splunk Add-on for Sophos to properly recognize the...
Hi, I am attempting to set up the Sophos Add-On (App 1854) and have encountered a quandary. I am setting it up using a forwarder on the Sophos Enterprise Console. The Reporting Interface is already...
View ArticleAre there recommended third party tools that work with Splunk Enterprise to...
Hi Splunkers, I wish you a Happy New Year. Of course, Splunk is a great platform to collect and analyze, share data. But I'm thinking about third party tools, because Splunk PDF reports cannot be...
View Articleforwarder not talking to index cluster
I'm trying to get my forwarder to attach to an index cluster. I've tried changing every possible instance of pass4SymmKey to the same thing but I still keep seeing the following error. ERROR...
View ArticleHide freshness (x hrs ago) labels in dashboard panels without using custom...
Is it possible to hide the freshness labels (x hrs ago) in dashboard panels (without using custom stylesheet or javascript)?
View ArticleSplunk Dashboard : Change the panel layout using simple xml
I want to place 2 bar charts side by side each other under the same panel. I have tried grouping using row and removing panel tag but it still does not turn out the way I want as it is still displayed...
View ArticleCreate App Access
Hi, I wonder whether someone may be able to help me please. As an administrator I looking to provide functionality for as user so they can create their own apps. However, I do not want to give them...
View ArticleSplunk causing Segfault on all indexers, causing them to crash
Hi all, For the second time this week, on all three indexers in our Splunk cluster, Splunkd crashed. Syslog showed me this was caused by Splunk trying to access parts of the memory it's not supposed to...
View ArticleScripted Inputs: how do I persist state between invocations of script?
I have a script that pulls events from my REST API for Splunk to index. My script runs on schedule. I want to only pull new events, to prevent duplication and unnecessary traffic. My events have...
View ArticleCompression ratio for index replication
Hi all, We are currently estimating our network bandwidth needs and one of the questions we are trying to answer is about compression ratios for index replication. So let's assume all our data comes...
View ArticleHow can I retrieve count or distinct count of some field values ?
I have lots of logs for client order id ( field_ name is clitag ), i have to find unique count of client order( field_ name is clitag ) received so far that day?
View Articlereinstall deployment server with the same ip/hostname
Hi! Let's imagine that deployment server has crashed and we don't have full backup to restore it from. What will happen if I install a new one with the same hostname/ip? Will agents successfully start...
View ArticleBlueliv bundle installation
Hi, We run a distributed splunk platform where the search heads have a bundle location for apps. It seems that this app does not support this configuration and the app location is hard coded into the...
View ArticleLoad balancing for multiple deployment server with F5
Hello Team, We have plan to bring multiple deployment servers in existing splunk cluster infrastructure, So is there any way to achieve load balancing throught F5? current version we have is 6.1.8....
View ArticleCannot put a date string into outputcsv filename argument
I want to run a report each hour, this report returns a single row. I want to create a separate csv file for each day, which will have 24 rows. The index is tracking iis logs, and basically the query...
View ArticleUse the timechart selection start and end values while still keeping the...
Normally when you draw a selection on a timechart, the timechart is redrawn with a range to match the selection - I find this very useful. I also want to extract the start and end times of the...
View Article