Separate values in stacked bars
How can I still have a separation between 'xls' and 'xlsx' in the bar that says 'Excel'? eval ExtTyp = case(extension="doc" OR extension="docx", "Word", extension="xls" OR extension="xlsx", "Excel",...
View ArticleReal-time alert is skipped.
Hello, I have the following message in the scheduler activity window on DMC, that states I have reached the limit of concurrent real-time searches. 08-08-2017 14:33:01.062 +0000 INFO SavedSplunker -...
View ArticleCisco 2811 Router and Splunk Enterprise
Hi All, I'm new to the Splunk World and would love some help to get my lab up and running. Basically i've got a a couple of servers and a cisco 2811 router that i want to Splunk to pull data from. On...
View ArticleRegex formating help
Can anyone help me format a regular expression for Splunk? I can create the regular expression using regexr.com and I have 2 non-capturing groups and a capturing group, but I am not sure how to format...
View ArticleUpgrade from 6.5.2 to 6.6.2 introduced delayed Web Start
The config in version 6.5.2 enable the web UI to use standard port 8000. Upgraded to Splunk 6.6.2 following the recommended process and all proceeded as expected. However, now whenever a Splunk...
View ArticleHow does renaming of source types at search time really work?
I've been talking to our Splunk admins about renaming some of our source types with the guidance found in the article, "Rename source types at search time". (I don't have enough karma to post links so...
View ArticleHow to build an alert based on status code?
Hi, i have 10 stats codes from 200 to 210, i need to set up an alert. That alert will look at the last 10 mins, if a stats code was not generated in last 10 min, Splunk should send an alert. How could...
View ArticleHow can I get the shc status from the deployer
Hi, We have a SHC setup in our private cloud. So, picture servers going in/out/down/up... without the Splunk admin's typically knowing. We want to push out apps via Jenkins, but in order to do that,...
View ArticleError Bucketmover - aborting move because recursive copy from src to dest...
Hello Splunkers, I think our index performance is effected by when logs move from warm to cold. We currently have 6 indexer clusters and cluster master. The following directory /opt/splunk/index keeps...
View ArticleSwitching from the "COMPANY" license to "FREE": This pool has exceeded its...
Hello, I went from the "enterprise" license to the "free" license and there are 3 messages of violations that have appeared: **"This pool has exceeded its configured poolsize=0 bytes. A warning has...
View ArticleOn a Linux host, is a Splunk user account needed if you are running forwarder...
Hello, On a Linux host, in which we are installing universal forwarder (using rpm installer), if we install and plan to run as root, is there any actual need for the Splunk account that gets created...
View Articleerror while configuring SSL in search head
I followed each and every step in splunk doc for explaining the process for configuring the SSL certificate in Splunk but still I am unable to use HTTPS in the server URL. Below is the error message in...
View ArticleWe have installed a Universal forwarder on one of our servers, Can we add...
We have a server where we have universal forwarder, and I am planning to install a splunk enterprise version so that i can use it as a deployment server. Can I do this? If so what are the things I have...
View ArticleSplunk not getting forwarder data though ports seem to be open
I am trying to set up a Splunk universal fowarder on a VyOS router going to a Splunk Enterprise instance I have on a Windows 2008 box. The Splunk instance is also connected to a domain that it uses for...
View ArticleSearch to show license usage at heavy forwarder level
Hello, I have a search similar with below which provide a total of 2868 GB usage for last 24 hrs. index=_internal source=*license_usage.log type=Usage splunk_server=indexer_server* | stats sum(b) AS...
View ArticleAppending/Adding count of results in the column header
![alt text][1]Hi All, I have a search - `index=ABC sourcetype=XYZ | stats values(user), dc(user) by region | transpose header_field=region | fields – column` which produces the following result:...
View ArticleMapping user names to root between indexes
Hello, A project I'm working on requires that I monitor who is logging into an application. As it is, the logs of this application only record the users as "root", not by their usernames. Another...
View ArticleWhy is my EVAL configuration in props.conf on the Search Head not processing?
I'm working with data that is being sent from a universal forwarder (UF) on the server. I do an INDEXED_EXTRACTION in the props.conf on the universal forwarder. When I search for the data on the search...
View ArticleHow do I search for a sourcetype if I rename the sourcetype in a search?
I've been talking to our Splunk admins about renaming some of our source types with the guidance found in the article, "Rename source types at search time"....
View Article