Support for Exchange 2016
Is support for MS Exchange 2016 in the works? If so, when can we anticipate a release?
View ArticleWhere is the best place to look for entitled capacity vs virtual processors...
When using nmon locally the ability to see Entitled capacity vs Virtual processors vs logical processors (threads) provides the ability to tell if a lpar is mis-sized or overloaded. Virtual processors...
View ArticleSetting up permissions for viewing alerts?
Users within my environment, who have the Power user role in Splunk, can't access the results of the alert, they are getting "The view you requested could not be found." error message all the time....
View ArticleSearch Head Clustering : Preferred approach Odd number or Even number per site?
folks, We have two sites and we host 8 Search Heads (4 per site) all clustered with 16 indexers. We need to have a non-clustered SearchHead(SH) for sandbox purposes connected to same indexers My...
View ArticleResolving Windows Domain users in IIS logs
I'm currently picking up IIS logs that have connecting usernames listed as "domain\username" . I'd like to resolve these to the Active Directory names ex: Firstname Lastname Is this possible? If so,...
View ArticleQuery Data Not Going into Index with DBConnect
Hi, I use DBConnect 2 to pull McAfee endpoint security data from ePO into Splunk and that part works great. However, when I tried to pull additional audit data from the same database, the data won't...
View ArticleInstallation issue
I received this error message: splunk enterprise setup wizard ended prematurely because of an error. Your system has not been modified. I use Windows Server 2012 R2. I received this error only when I...
View ArticleExternal command based lookup 'tSessions' is not available because KV Store...
Search head cluster running 6.3 and Splunk App for Windows Infrastructure 1.20. I'm getting these errors for my scheduled searches:> ERROR SavedSplunker -...
View ArticleCant get data using the Windows App for Windows Infrastructure.
Cant get any Data from this, setting it up with a 1 deployment app, 1 search head and 2 clustered indexers. Worked through the 'Get Windows Data' and noticed a comment on the document -...
View ArticleLooking for way to return a value from subsearch when it returns zero results
Maybe there is a much easier way to do that I'm just missing.....but here goes. I have a search that I am using to alert when there are multiple failed logons for a specific IP: sourcetype=mysource...
View ArticleHow to tie static token values to populated chart data?
I'm trying to alter my current search to use the static token options I setup rather than raw numbers I have to later convert. How can I transpose those values from the site_token to my chart data? By...
View ArticleWhat are the steps to move old index data to another instance indexer with...
I have been tasked with the following and am really looking for a recipe to accomplish my task. I need to move the entire contents of an index from an old Splunk indexer, (running release 5.5), to a...
View ArticleEventCode 4738 for real time alert problems with Delays.
I have a real time alert set for admin accounts whenever they make a change and create Event code 4738. All client UF are running win 2012r2 . Spunk support was with me one day and we fine delays in...
View ArticleAppending a two column graph to another two column graph
Hey guys, I asked a question recently about an appended column on a graph not selecting the correct events when it is clicked on. Iguinn provided me with a query(Thanks!) that allowed the columns to...
View ArticleHow to manage tsidxstats files
I am using Splunk 5.0.4 and Splunk for Palo Alto Networks 3.3.1. I have noticed a problem with accumulating tsidstats files. In a related thread it is recommended to upgrade to Spunk 6 and at least...
View ArticleYYYYMM timestamp - can Splunk extract time using strptime?
My data format can be seen below (CSV). The date field ("PERIOD") is in %Y%m format. ...,PERIOD ...,201512 Although the following props.conf does not work: [ csv ] CHARSET=UTF-8 INDEXED_EXTRACTIONS=csv...
View ArticleITSI upgrade missing Threshold Templates
Under Threshold templates I only have "Custom" and nothing else. This was an upgrade from 1.2.0 but the ITOA kvstore was clear prior due to upgrade issues.
View ArticleHow Does splunk do IO is it psync/vsync/psyncv/libaio
I am trying to understand how does splunk does its IO or what kind of IOEngine splunk uses. Can someone point me to right direction or give me an answer
View ArticleCan't get ONTAP Collection working
I can't get any of our filers to work in the Add ONTAP Collection window. I get the error message, "You do not have sufficient privileges. Please contact your administrator." I have no problems...
View ArticleHow to avoid double field extraction on a single indexed field?
We have the following config, which does index-time field extraction of **job** field, and search time field extraction of json events (KV_MODE=json). fields.conf [job] INDEXED=true transforms.conf...
View Article