Newest message is blocked until another message from the same host is logged
Background: I'm working off of a Splunk system that was initially installed and configured as a development / testing system. It hasn't been maintained or touched in several months. For the most part,...
View ArticleHow to format 84601 seconds as 24:00:01
I am trying to display a duration result to a dashboard and when I try to use the function to convert seconds to HH:MM:SS format like this: index="ourlogs" | eval OurNameDDHHMMSS=tostring(OurVariable,...
View ArticleSplunk Linux reboot order of operations in distributed deployment
Hi all, I’m looking for best practice guidance on the order of operations for bringing down a distributed Splunk environment on Linux and then the order to bring the servers back up. I am okay with a...
View ArticleDoes SplunkIt work with Splunk 6.3 ? Specifically 6.3.2
It is only listed as far as 6.1 .. Advice would be great ahead of trying .. Thanks, Jim
View ArticleHow to extract a JSON object which is in double quotes?
Hi, I've a JSON object logged into splunk in double quotes. What to do to extract the JSON object using spath. How do I ignore the double quotes before doing the spath. 2016-01-20 17:40:38,076 INFO...
View ArticleIs it possible to create an App in SplunkWeb that provides at least *nix 0740...
When creating an App within SplunkWeb, it creates the *nix directory structure with 0700 permissions. Only the owner of the Splunk instance can "access" the directory structure, and no one else (i.e....
View ArticleHow do I add fields to output from predict
I need to locate and alert on counts that are not within predicted bounds. It seems simple enough using predict, but predict does not include any information regarding the source. Here is a run...
View ArticleHow do I search for which computer a specific account last logged into?
How do I search for when the account r04 (backslash) VHAR04CLUADMIN last logged in somewhere on our network? I need to know what computer this account logged onto.
View ArticleREST API Modular Input:: Send Authorization credentials by HTTP Header...
Hi All, Please be patience with me I am very new to splunk. I am currently struggling on getting REST API Modular Input to stream in with Json data from a public database server...
View Articlechange background image when event rise
hello, i am new to splunk and need a bit of help, how can I change the backgound image when getting an event ? thank you for your help
View ArticleHow do i configure Remote Host Monitoring?
Good day everyone, How are you? Im using Splunk Enterprise 6.3.2 for the first time. after installing it, i set up 3 forwarders to draw performance data from a few servers of mine and it works. What i...
View Articleparse json events properly and new line
I have json data coming in. Some times few jsons are coming together. ex: json \x00\x00\x00\x00\x00\x00\xA2\x00\x00է\xF9n[\x00\x00\xFF\xFF\xFF\xFF\x00\x00\xC7...
View ArticleHide "Create New Dashboard" Button
Hi, I wonder whether you may be able to help me please. Through the use of 'Roles' and 'Permissions' I'm able to restrict whether a user can view the 'search bar' and hence create their own searches,...
View Articleuseage of query result
hello , i am new to splunk and i have a bit of a problem with using the results from the query,<condition match=" 'results.res' >0"> doesn't work so as the $job.resultCount$ if i try to use...
View ArticleMultiple conf files with single endpoint or referencing other conf files?
I have an app with setup.xml where a hostname is entered. I've also made a custom conf file and setup the REST endpoint for it. A python script uses this info. This all works great. However, I need...
View ArticleHow to access Date Partitioned files in HDFS dynamically using virtual index
Hi, I have hdfs folders as below. /bla/bla/bla/20160121 /bla/bla/bla/20160122 /bla/bla/bla/20160123 How to access the data matched in any specific date only for a given query.? lets say, i would like...
View ArticleHow to add custom argument while indexing.?
Hi, I want to add an argument load_date for the indexed data. I am trying to do as below, but it is not allowing. Args eventArgs = new Args(); eventArgs.put("load_date", "2016-01-25"); I need to get...
View ArticleFortinet FortiGate Add-On default [[source::*] stanza in default/props.conf...
Hi, The default stanza in the default/props.conf of the Fortinet Addon contains: [source::*] #[source::udp:514] TRANSFORMS-force_sourcetype_fgt =...
View ArticleInstallation 6.3.2 Windows 7 X64 ends prematuraley without any message or log
I am trying to perform a installation in my windows 7 X64 lap top of splunk enterprise. The job starts and without open any installation bar, give me the message that is "ending prematurely. Searching...
View Article