How can I send Splunk visualization to Slack?
Hi there, Is there anyway to send splunk visualization to slack channel besides the slack notification alert in splunkbase.
View Articleinputs.conf stanza to monitor only current data after changes are pushed to...
Hi All, I want to ingest the log files from an application server directory using universal forwarder. Log file names are in below pattern ABC.%d-01-2017.log Examples: ABC.09-01-2017.log...
View ArticleWhat's the maxSize we can set for the event-processing queues?
On the indexers we have 64 GBs of RAM. We have the following configurations - [queue=AEQ] maxSize = 200MB [queue=parsingQueue] maxSize = 3600MB [queue=indexQueue] maxSize = 4000MB [queue=typingQueue]...
View Articlehow to use inputlookup and lookup together to filter events and then output a...
I have a lookup abc.csv with the following values... **header1, header2** value1a, value2a value1b, value2b value1c, value2c value1d, value2d I have a base query that I need to **first filter a fieldX...
View ArticleHow do I use results from one search in a subsearch?
Trying to use the results of one query in the sub query search. I am not getting the results I expected. The first search returns about 2400 ids, and I want to pull those same id's from the sub query....
View ArticleReplacing search peer in an indexer cluster - Best practices/concerns
Hi Splunk experts, We have a 2 site index cluster with 2 indexers per site. The plan is to replace existing disks on the indexers to allocate more space on one indexer at a time. Our current SF and RF...
View ArticleCan I have two apps that have two different indexers and indexes for the SAME...
I have an app with an inputs.conf that has a stanza for [WinEventLog://Microsoft-Security-Logs] to an index and uses _TCP_ROUTING to make sure the events go to the correct indexer. I have a group that...
View ArticleSplunk DB Connect: Input and temp tables
We have a very complex query that creates temp tables and declares variable. We can execute the SQL in Splunk and it returns the correct results but it will not allow us to save the SQL. Is there any...
View ArticleI want to decorate events from forwarder with json using _meta
We have events coming from hosts that need to have additional information added to them from two configuration files. One file is a plain text file which contains a label for the set of hosts this...
View ArticleInstall error - LXC - Splunk Enterprise/Light - failed with code '1'
Running either Splunk Enterprise or Light for the first time, I receive the error below. The command to start splunk is as follows: /opt/splunk/bin/splunk start Console output: Splunk> All batbelt....
View ArticleI Have problem with DB2 connectivity with Splunk DB Connect V2(2.3.0)
When I try to connect, the message below appears. How can I fix it? com.zaxxer.hikari.pool.HikariPool$PoolInitializationException: Failed to initialize pool: [jcc][t4][2043][11550][4.14.137] Exception...
View ArticleJva Modular Input - javax.xml.stream.XMLStreamException
Hi, i wrote a Java Modular Input with the Splunk SDK 1.6.2. The Input read a Http Request and have only read at the request at the query part. Is the reading successful the input must send a...
View Articlesingle value with trends
Hi at all, I'd like to show trends in Single Value panels. Following the example in Splunk 6.x dashboard Examples App, I used a timechart command my_search | timechart count bins=2 but the problem is...
View ArticleAble to see the system logs but cannot see the remote logs (in the same...
Able to see the system logs but cannot see the remote logs (in the same server) where the log files are installed. My log files are installed on Server "A". I am using free splunk version 6.6.3 I can...
View ArticleJava Modular Input - javax.xml.stream.XMLStreamException
Hi, i wrote a Java Modular Input with the Splunk SDK 1.6.2. The Input read a Http Request and have only read at the request at the query part. Is the reading successful the input must send a...
View Articleserial number for chart
How to get a serial number for chart in splunk? S_no 1 2 3 4 ** in a chart ** ? Thanks in advance
View ArticleIs there doc on how to migrate a SH deployer and a CM to new servers?
Hi, I've been informed that my existing search-head deployer and cluster master (two different servers) need to get moved to new servers. I can't find any doc on how to do this procedure. Has anyone...
View ArticleSplunk Enterprise support for RHEL 7
To be more specific, anyone know when there will be full support for RHEL 7? With services being moved over to systemd, splunk is still using the depricated init.d script. I have moved it over to a...
View ArticleBlueCoat ThreatPulse logs
Greetings - I'm using BlueCoat ThreatPulse as a web filter ('cloud' based). The only method to pull their logs is via API. However, there isn't an app for ThreatPulse (and the ProxySG uses syslog)....
View ArticleKv store update problem
Hi all, We have about 15 Kvstores running ok but sometimes I detect that we had a update problem because we donĀ“t have all the filtered events there, we lose some... And we have to reload all the...
View Article