Splunk Support for Active Directory: Why does ldapsearch take 6-8 hours to...
Splunk Support for Active Directory (SA-ldapsearch) is installed and configured on my search heads. When running the test on any system that has it installed, the test function completes. When trying...
View ArticleConnectivity to Check Point OPSEC LEA reset, now missing data. Any way to...
Our connectivity to Check Point was broken for a few days. As a result, Splunk has a gap of time in the data. Data is flowing now, but we'd like to be able to retrieve the older data from that...
View ArticleWhat are the main differences between Splunk 6.3.1 and 6.3.2?
Hello, In December 2015, Splunk issued a minor upgrade (6.3.2) which is fixing bugs. Currently we have Splunk 6.3.1 installed and I'm trying to determine the major differences between these two minor...
View ArticleHow can I compare latest stats with older metrics in a table?
Hi! I have application metrics in a log, and every 10 minutes, I'm printing all app perf stats. It looks like (): 2016-01-30 00:00:00.000 [metrics] name=readDatabase min=0.001 mean=0.005 p99=0.013...
View ArticleIs there a way to display a timechart for all results of a search?
I'm trying to find a way to return a list of hosts and then create a timechart of a metric for each of the hosts. Below is the attempt I made using the map command, but only the final result seems to...
View ArticleSplunk DB Connect 2: Why am I getting "Exception encountered for entity-name...
Splunk DB Connect 2 is proving very difficult to get up and running: 2016-02-01 21:05:45 ERROR DBX2Proxy:52 - Exception encountered for entity-name = mylookup and type = lookup...
View ArticleWhy is my dashboard panel returning loadjob error "accessing...
I have a dashboard (within an app) that uses the loadjob command that usually works, but now returns: Error in 'SearchOperator:loadjob': error accessing https:///saved/searches/External API...
View ArticleHow to call a python script from an html view?
We have a Splunk html view. We are trying to call a python script. Currently the code looks like this (retyped since our Splunk server doesn't have web access, I tried to avoid typos): function...
View ArticleHow to re-arrange a bar chart
Hi, I would like to sort my bar chart's by the following sequence, (Intensive, Intermediate, Minimal, Moderate). However it is currently being sorted alphabetically (Intensive, Intermediate, Minimal,...
View ArticleSplunk Add-on for Nessu: Why is my search not retrieving all events from the...
Wondering if anyone else is seeing this problem. I configured the Splunk add-on for Nessus without any problems. I'm able to search for Nessus events in Splunk, however, I'm not seeing all the events...
View ArticleWhy is Splunk not automatically recognizing timestamp of my logs correctly...
Hi, I have a folder with 21 logs, all different types, but with the exact same format. The event types are different per log file (info / warning / error / etc) [01/Feb/2016 23:55:58] Failed IMAP login...
View ArticleLimiting Xpath output to single value
Hi All, Because of existing logs type, XPATH is returning a same value thrice. Is there any way to limit the number of values. I am using max_match but seems like it is not working. Screenshot given...
View Articlerex command help
Hi, i have uris like this - /appliance/detail/v3.0/vendor/3423434erts/fridge /appliance/detail/v3.0/vendor/6757dfs32/refrigerator/small i want to replace the number part of uri (3423434erts or...
View ArticleHow do I configure custom sourcetypes on Universal Forwarders and Indexers?
I have two Linux VMs set up, one with a Universal Forwarder and one with an Indexer. I have a script that generates dummy data (on the forwarder) that needs a custom sourcetype set up in order to parse...
View ArticleUsing Asterisk's CDR stats from a CSV file, how can I create a report showing...
Hi all. I am working with asterisk's cdr stats from a CSV file. Sample content of CSV: accountcode, src, dst, dcontext, clid, channel, dstchannel, lastapp, lastdata, start, answer, end, duration,...
View Articlehttpstatus command: Why does the command return "0" when any path is added to...
This command works great with url as "www.splunk.com" - return status code as "200", But return http status as "0" when any path is added - i.e.“www.splunk.com/en_us/products.html” index=abc| eval...
View ArticleI'm getting errors installing splunk rpm 'cpio: Digest mismatch' with two...
# rpm -i splunk-6.1.4-233537.i386.rpm warning: splunk-6.1.4-233537.i386.rpm: Header V3 DSA/SHA1 Signature, key ID 653fb112: NOKEY error: unpacking of archive failed on file...
View ArticleRegex to extract a number from string
Hello, I am trying (rather unsuccessfully) to extract a number of varying length form a sting. The constants are 0s and us with the string in question being 0s/XXXXXus (with X being the numbers I am...
View ArticleMonitoring of Java Virtual Machines with JMX: How to set sourcetype=jmx?
I'm using Monitoring of Java Virtual Machines with JMX (https://splunkbase.splunk.com/app/668/ ) to send my JMX metrics to Splunk. I am able to get them to come in, and they are formatted as follows:...
View ArticleHow can I condense this search?
I have this search | eval max = round(max, 2) | eval avg = round(avg, 2) | eval median = round(median,2) | eval min = round(min, 2) ..... but I want to condense this search to just 1 line. Can I do this?
View Article