Group configuration files to simplify each app in splunk (search head,...
Is there any guideline or best practice what .conf to put in gui/indexer/forwarder level? I mean each conf has its purpose and alot of settings, but maybe in practice we can somehow isolate its...
View ArticleCan Splunk Add-on for Oracle Database work without DBconnect?
Hi All, Can this Add-on be used without DBconnect if I just want to monitor some local oracle log files? e.g. alert_SID.log and SID_ora_*.aud
View ArticleTransfer logs between different network segments - which forwarders to use...
Hi, our network count ~9000 Servers. Most of them running in the separate network IP segments. I would like to kindly ask You about log forwarding from that machines. Between indexer and some servers...
View ArticleStats sum(kb), subtotal output based on grouping
I have a query below that produces the sum of bandwidth used by remote intermediate forwarders. The output give me a simple linear output with sum by host index=_internal metrics thruput site-hub 11001...
View ArticleHow to extract fields with JSON values while creating a DB input in Splunk DB...
- I am creating a DB Input in DB Connect v3 - My DB columns contains JSON values. - I am getting correct raw data in Splunk, but on selecting Table mode, the field does not have correct values. for ex,...
View ArticleUnable to forward syslog to third-party syslog server
I have an all-in-one environment, which indexed VPN logs. I also want to forward the vpn raw logs to the third party syslog servers. I have configured outputs, transforms, and props as the snapshot,...
View ArticleUnable to start SPLUNKD on Search Head
Looks like my Linux devices where restarted sometime yesterday. I was able to restart my license server, how ever when I tried to restart my search head I get a message indicating that http port 8000...
View ArticleExecute stored procedure with parameters using datainputs
Hi, I want to execute stored procedure with parameters but expected it gives me error like "com.microsoft.sqlserver.jdbc.SQLServerException: The statement did not return a result set." DB input: exec...
View ArticleCommand for consecutive events
Hi All, I need the command for consecutive events which is triggered one after another out of multiple events( 3 consecutive events from 100 events) for example if we receive any hits from external IP...
View ArticleUsing _time as a discriminator without time span?
I want to use the _time field as one of my discriminator fields in a tstats command. I wasn't able to figure out, how to do this, without the time values being rounded/group in some time stamp. For...
View ArticleHeavy Forwarder using only one CPU
I would like to understand if it is possible to work with multiple CPUs in the Heavy Forwarder. In my current architecture, I have two Heavy Forwarders and both using only one CPU for processing...
View ArticleDoing math on results of sum(duration) of transaction?
I have a search that results in showing the time a phone was in a call in seconds by using sum(duration) of the events: | transaction Tag | chart count(Tag) as NumberOfCalls sum(duration) as...
View ArticleMultiple css in dashboard, can one css override the other
Hi Splunkers, I am using 3 css files in multiple dashboards, Now my usecase is I need to consolidate all 3 in one css, this needs adding panel Id which will take long effort hours. All said, Is it...
View ArticleRenewing my developer license taking really long?
I have a splunk developer license that I have renewed a total of 3 times now. It is set to expire on the 23rd (in 5 days), and I just wanted to get it renewed before it ran out, because I am bringing...
View ArticleConfigure selective indexing to send all logs to a dev indexer
i am bit lost on selective indexing. I wanted to configure on of my prod indexers to send logs to a dev indexer and after reading up on some documents i feel i am missing something. below would be the...
View ArticleStreamstat reset_after resets for all users
I found this search from [woodcock][1] user and it basically searches for successful logins after several failed attempts: index=* sourcetype=linux_secure tag=authentication action="failure" OR...
View ArticleAny Tool to encrypt passwords based on a splunk secret?
We have multiple secrets for the different tiers (forwarders/search heads etc.). Some of the apps like IPS needs to have UI to encrypt password :( which is not possible on all tiers. Is there a...
View Articlesimulating 100 concurrent search
I would like to check if there is any possibility to simulate 100 concurrent search. Also if I were to login 5 different account on a single PC and perform searches on every login does that equate to 5...
View ArticleSplunk Add-on for Microsoft Cloud Services: REST ERROR[1021]: Fail to decrypt...
Hello Splunkers, I am fed up with an error when trying to install the microsoft could services add-on on my search head: First, I must mention that I work on a distributed environment with: 1 search...
View ArticleCSV Fields Imported
Hi! I imported a CSV file with 97 fields and after doing some searches, some fields are missing for some records. I have this so-called 'close_notes' field and it's present to some of the records while...
View Article