daily report of logins over time
I want to report the number of logins on my system by day. Is there some way to schedule the 24 hour search every day and show a chart of the daily counts so far? I am thinking this is more efficient...
View ArticleGenerating data for the average index usage compared to the total index...
Generating data for the average index usage compared to the total index provisioned storage. For majority of our indexes we provision 1,900,000 of 'Max size (MB) of entire index'. I would like to...
View ArticleWhy is my scheduled alert not sending email?
I have a scheduled alert configured and I am not receiving any email from it. The search is valid and matches records. I have the proper permissions. Alert history shows 'successful' result and job...
View ArticleUser's Default app inherited from: [PROCESSING ERROR]
In my Users page: https://splunk:8000/en-US/manager/search/authentication/users, all of our LDAP users accounts show "[PROCESSING ERROR]" in the column: **Default app inherited from**. Is there a...
View ArticleHelp with trimming characters
Hi, having some issues here. I have the following values in a field named populace The values are encased in a < and > (I tried to show it in the thread but it won't) I need it to look like this:...
View ArticleHow can I send dashboard email with attached pdf from Splunk user
We are on Splunk Enterprise 6.2.1 Logged in as a Splunk "user" with default privileges I am able to schedule Splunk Reports or Alerts and successfully send email results. For Dashboards I am able to...
View ArticleInternet Explorer crash when viewing long log lines
I'm running splunk 6.3.0, and usually access it with Firefox. But the organization I work for mostly use Internet Explorer on a managed desktop solution, and it turns out that very long log lines in...
View ArticleHow to make splunk use dynamic data
Hi, I want splunk to continuously monitor a file, say some error log file. and i will be writing a alert condition like if some error specific word is found in the error log, and will configure an...
View ArticleIs it possible to change the navigation bar in Splunk Web to display a...
Hi, Could you please guide me how we can make the changes in nav bar so that on mouse hover, it will display a drop-down instead of having to click? For example, I have set it up my default.xml with...
View ArticleHow do I determine the number of buckets across my indexer cluster?
Is there a command I can execute? Is there an App I can deploy to see this information? Thank you.
View ArticleProps.conf not being applied when using JMS Modular Input
I am using the SPlunk JMS Modular Input to read data off a JMS Queue. I've set up the Modular Input and data is being read off the queue as expected. However, I am having some issues with applying the...
View ArticleWhy does Splunk DB Connect truncate data from SQL varchar columns that...
I'm currently working on ingesting data from a large SQL database table. One of the columns is a varchar that contains line breaks. For some reason, dbx will ingest the item on the first line, but will...
View ArticleCan you use appendpipe and map together?
I have a massively complex search that's working. But now I'd like to augment the output of that search with some additional fields, which can be found by using a secondary search. For this to be...
View ArticleSplunk Support for Active Directory: Why does our ldapsearch never complete?
Hello, We are trying to pull a full list of identities from Active Directory to use with Enterprise Security. We are using the following search: | ldapsearch basedn="OU=,Users,DC=,DC="...
View ArticleHow to calculate total duration for overlapping transactions
I have been trolling the community and have found a lot of information regarding usage of transactions, however I am not finding a solution for what I need to do. I need to calculate the total duration...
View ArticleAfter upgrading Splunk from 6.2.x to 6.3, users with power role are getting...
We have users in Power role that were using ...debug/refresh URL in v6.2.x. However, after we upgraded to v6.3, those users are not able to use the debug/refresh anymore. They're now getting error...
View ArticleWhen does a job get skipped and does it ever re-run?
Hi, I've had some complaints lately about jobs not running. A couple of questions... 1) How can I validate if a specific job was skipped? 2) Do skipped jobs ever re-run? 3) How can I monitor all my...
View ArticleWhy does my license report not reflect the license pool?
Hi, I have a license pool setup for numerous customers. We generate reports for that license pool every night, but the amount of the license displayed in the report does not match what I have allocated...
View ArticleWriting an app that will require REST API Modular Input as a dependency, what...
I'm in the process of writing an app that will require the REST API Modular input as a dependency, including at least one custom response handler class. What is the best method of incorporating this...
View Articleuniversal forwarder not Phoning home
I installed my universal forwarder on a ubuntu server. I have successfully established a connection to my Splunk Enterprise server(netstat). And as I continue pinging my Splunk server from my universal...
View Article