SPlunkd errors
Hi, We could notice below error on our splunkd ofr one of our server. failed to kick off replication from src=395B0EEF-74F6-4DC7-9A32-2569C902DE7E tgt=0AAC87B3-6832-4543-9D81-B10895E17D5C...
View ArticleCategorize host_names based on list
I apologize if this has been answered before. I couldn't find it anywhere. I am trying to use the Nagios addon and app to create some reports for management. At the moment, I am working on Ping...
View ArticleWhat should I put in Powershell add-on Inputs.conf ?
I'm relatively new to Splunk and some advice on deploying apps. I need to deploy the Windows Infrastructure App to get DNS logs into Splunk. That apps requires the Powershell add-on on the server and...
View Articlereport on file permission changes for folders on sensitive file shares
Hello, any help appreciated, newbie in splunk, getting up to speed. I configured auditing on a windows file server, have the logs coming from it, and can see the data I want in Splunk. I need to do a...
View ArticleField Extraction question - Capturing GUID
I'm still quite new to Splunk so my wording may be a little off. I am running into an issue when trying to create a field extraction for a GUID. My logs are consistent in that the GUID is always...
View ArticleIs it possible to search cold bucket data only for a given index?
Hello, I modified my cold bucket location, and I want to perform some test queries for data residing in cold buckets storage only. Is there a way to do this?
View ArticleUsing eval for a search. Drilldown XML ignores my lookup link and just...
Sorry for the mouthful in the title. I'm using a drilldown in the XML for a component in a dashboard which worked fine until I changed the query building the component to use 'eval'. Originally I'd be...
View ArticleCan I use Nessus add-on in Splunk?
My organization is using Nessus Cloud and Splunk Enterprise. Recently, I installed Nessus add-on in Splunk, but I don't know how to configure it. There is no instruction available online. The only one...
View ArticleSplunk Add-on for VPC logs on AWS GovCloud
I'm trying to ingest VPC logs into Splunk using the Splunk add-on for AWS 2.0.1. My VPC logs are in GovCloud, but GovCloud isn't an option on the "Add AWS CloudWatch Logs Input" dialog. Is AWS GovCloud...
View ArticleScheduled Reports Not Running
I have several dashboards that are based on scheduled reports (most all set to run at 3 AM daily with a two hour time window). Our server is regularly running using all memory on the physical server...
View ArticleHow to find the time difference between values in the same field
Hi all, I have a field that i am calling "code_load_date" and I am running a stats command that groups them by associated serial number and code level, so essentially the events look like this- Serial...
View ArticleMatching Windows path in props.conf
I'm trying to set up the Splunk for A10 Networks app. It expects syslog data on UDP port 514. My data is collected by NXLog, spit out into a file, and then consumed by Splunk. As such, I'm trying to...
View ArticleWhy would "connection_host = dns" setting in inputs.conf affects the...
We are currently on splunk 6.3.x, with the following topology: (syslog/bro data) --> (load balancer) --> (HFs for props and transforms) --> (indexers) Here are the inputs, pros, and transforms...
View ArticleGraph of log count only and avoid search result system load because there are...
I have a few searches I want to dashboard that display log events over a week, then another graph for events over a month. The problem is that there are millions of events weekly and am curious if...
View ArticleLookup Table: Link more than one field (sender, receiver) from each event to...
We have email events and want to link sender and receiver email addresses to the user data in a lookup table. **Events:** sender = user1@email.com receiver = user2@email.com **Lookup Table:**...
View ArticleSingle graphic, multiple server stats
I'm attempting to build a status dashboard for my prod server farm, and would like to have colored graphics representing the status of a server based on certain criteria (Percentage remaining free disk...
View ArticleNeed help on dashboard
Hi, We have 2 dashboards ,each have multiple panels. Ex: Dash board 1: It lists all todays data for multiple inline searches.,so we used multiple panels here on this dashboard. Dashboard2: We have all...
View ArticleSearch-head deployer unable to deploy without restart of first search-head...
I have a search-head cluster of three nodes and one deployer. When I get a new app and put it on the deployer under $SPLUNK_HOME/etc/shcluster/apps/app_name, and chown the whole thing to splunk:splunk,...
View ArticleIs there a way to APPEND events based on a field value from main search?
I have a use case where a user will input a username and Splunk should return results for that username. But, there are seperate events related that username which do not contain the username field,...
View ArticleMatching Width of Data Area Between Two Charts in a Dashboard
I have dashboard with two rows each containing a column chart spanning activity over the last 7 days. Both column charts have legends, which I would like to keep. The legends have different widths,...
View Article