intermitencia in time to Get Authentication? DMC
![alt text][1] good morning I'm reviewing splunk from the DMC, and I draw attention to these cuts in the graphics. Is this behavior normal? currently we have problems of communication between the pairs...
View Articlewill the logs gets re indexed when you change the indexing port?
Hi All, I used to send the data to Platform 1 via port 9997 and then I had to stop sending the data to platform 1 and send the data to another platform using port 9994... all my old data on the server...
View ArticleSplunk data input?
I've been trying to look for a way to for Splunk to input real-time data. Can Splunk do an http get request to a site every 15 minutes or so to get data from html page? For testing purposes, we could...
View ArticleSideview Utils DateTime Module - Start with Today, Not All Time
Working with the DateTime module I'd like to have a default earliest value of today. I've tried this: ![Sideview Utils][1] I've set the default time first in ValueSetter module to pass down to the...
View Articleconnection a SQL Server using DB Connect 3.1.1
Hi at all, I have a DB Connect 2.1.3 on Linux that is correctly connected to SQL Server 2008/R2. Now I'm trying to connect a new Splunk server using DB Connect 3.1.1 on Linux. I used the same...
View ArticleCombine the two queries and calculate count
Hello experts. I tried to execute the query, as described here https://answers.splunk.com/answers/106906/how-to-perform-math-on-single-values.html In my case, too, there are two requests. 1st search:...
View ArticleRemoving n whitespaces from event at Index time
Hi all, I want to remove the whitespaces from only the account value, and not the whole event at index time. Is this possible? Given the events look like this: {"account": "Account 1", "justification":...
View ArticleMatch day and get the sum by day, also get the percentage
My data looks like this, I've grouped it by a common field. I want to match the date_mday and get the sum of the events for that day. commonField list(field1) list(date_mday) list(count) abc f222 efg...
View ArticleCapturing AD Authenticated Applications
Scenario: We're doing an active directory upgrade which will effect applications that currently point to specific domain controller for authentication. We have so many applications in use right now and...
View ArticleKVstore update
I have the following "Frankenstein" query that creates a lookup table, and works quite well. Replaces several inadequacies of the Monitoring Console for tracking forwarders. This is only setup for the...
View Articlegetting this error while applying distribution bundle
I have some apps that I deleted in slave-apps directory on our indexers and now our master apps on cluster master has these files and i want to push the distribution bundle but gives this error In...
View ArticleHow can I search based on PCI requirements without using the Splunk App for...
If downloading the PCI App is not an option, what would be the best/fastest way to create an index, or to generate searches based on the PCI requirements?
View ArticleCan I forward local text log files from my laptop to Splunk (for testing...
How to use Splunk Forwarder in my personal laptop for testing purpose and forward the data to Splunk from a monitored local text log file kept in a directory. Please note that I have Splunk and Splunk...
View ArticleEval formula to display dates till 31st december where start day is...
Hey Everyone I am trying to write an eval when a user enter an year it should return a date formula works fine in excel DATE(F6,11,29)-WEEKDAY(DATE(F6,11,24)) F6 is user input for an year. idea is to...
View Articletranspose with a group by
my data is currently setup as follows: Group / Flag / Count G1 / No / 5 G1 / Yes / 10 G1 / Total / 15 G2 / No / 7 G2 / Yes / 19 G1 / Total / 26 ... I am trying to "transpose" the data to this: Group /...
View Articleif we increase max_memtable_bytes in limits.conf does this change effects the...
ES app creating large lookup file the size nearly 600MB file. So as the work around suggested from Splunk docs we increased max_memtable_bytes value to 700MB in limits.conf on all the indexers. After...
View ArticleCluster has only 0 peers (waiting for 2 peers to join the cluster)
Receiving as we had to redistribute the configuration to peers and took restart i think both peers took restart when cluster master was down and now we are getting this error Cluster has only 0 peers...
View ArticleHow to sort strings based off a dictionary of values?
Hi & thanks in advance for reading, I have a table as follows: email event ---------------------------------------------- I-got-delivered@example.com deferred I-got-delivered@example.com delivered...
View ArticleHow can I search for the contents of a table inside of another table?
Hi and thanks for reading in advance, I have two tables: 1. events for status=50* on a /submissions URL endpoint, let's call this errors, and 2. events for status=200 on a /submissions URL endpoint,...
View ArticleWhy does it say there are events but then it says "No results found"?
After running a search, I have the below results: 112,471 events (9/20/17 2:00:00.000 PM to 9/21/17 2:10:07.000 PM But when I click on the Events tab, I see this: `No results found.` even though the...
View Article