Extraction of Stacktrace
Hi Out of the below sample log would like to extract the below information 1. number of cause by errors count : 3 2. For each cause by Error: org.apache.camel.TypeConversionException: 3. Cause By Error...
View ArticleForescout TA & App configuration using a 3rd party syslog server.
Current setup: ForeScout currently sending syslog data to a Kiwi syslog server. Splunk is monitoring the file and pulls it in successfully. Can I modify the Forescout-TA and Forescout App to read the...
View ArticleHow to use a different field other than _time to group events based on a...
I'm working with ServiceNow incident logs and I'm trying to group events weekly, based on their final state in the week. I've pulled them from the beginning of the year, and I did this starting about a...
View ArticleHow can we find out how much data we lost during a Splunk indexer cluster...
hi is there any way to find out how much data we lost while one of the spunk indexer cluster host has rebuild
View ArticleHow can I capture the output of custom alert action scripts?
If I create a custom alert action script normally the output sent to stderr is logged by Splunk. But if I use the `alert.execute.cmd` option this output is not logged. Is there a way to capture the...
View ArticleHow can I compare the time on our server against the actual current time?
Hi Is there a way to find the current time on the Windows (UF installed) and compare it with the current time? I need to find the time variances in Windows Environment?
View ArticleParse field from JSON logs and build a stats table with data
Hi all, Very close with the offerings in other JSON/SPATH posts but just not getting it done. We have a JSON formatted log coming into Splunk that gives a ton of data on our servers. One of them being...
View ArticleHow can I find out how much volume hosts are sending to my "main" index?
I need to find how much volume hosts are sending to my "main" index. The search below queries the internal index, and I'm not seeing the hosts that I need. If I search a specific host under main index,...
View ArticleIs there a way to zoom in on a scatter plot visualization?
Hello All, I have scatter plot visualization, I am trying to zoom the visualization using mouse cursor but it's not happening , if the same visualization I make on a bar chart I can zoom the...
View ArticleHow do you increase retention time of Splunk monitoring console reports?
How to increase the retention time of Splunk monitoring console Reports in distributed environment?
View ArticleTA-prtg: How do I add the PAI on the prtg to the prtg.conf file?
Hello, Using https://splunkbase.splunk.com/app/3282/ TA-prtg, I'm specifically trying to get the API to work in Splunk. I have all of our index servers loaded with the app. I have a user built on both...
View ArticleError while sending email using AWS SES
I have an AWS SES email service configured in Splunk using TLS enabled. When I try to test if email configuration is working, I am getting a below error: * | top 5 host | sendemail to="user@test.com"...
View ArticleCan I create a field with a predefined value to append to results in a Splunk...
I am trying to include something in my query like this index=* domain=acbd_1 earliest=-16m@m latest=-1m@m | bin _time span=15m | stats avg(responstime) by domain | stats values(avg(responsetime)) as...
View ArticleHelp extracting a field from raw data and generating a count
For a simple query - index=app_au ms.ab=true I have a raw output of - {"dtm":"2017-09-27 10:44:42.389 PDT", "logger":"audit.com.foo.store.RequestAuditLog",...
View ArticleHow do I resolve this message: "maximum number of concurrent...
The below searches appear on my Skip Ration report with the following messages: The maximum number of concurrent historical scheduled searches on this instance has been reached, and The maximum number...
View ArticleOnly include certain rows in appendcol- need help building search
So i am trying to convert some of my searches from joins to appendcol to improve performance but I am running into some problems. I can't figure out how to create a table in this question- so just read...
View ArticleCisco CPS and Splunk integration
Dears, May i know if anyone able to successfully able to integrate CPS with Splunk as per my knowledge logs is written in MongoDB database
View ArticleHelp with formatting my XML checkbox
I want to be able to click on a text and that acts as a checkbox, and once clicked will pass a token to the below panel and therefore display that panel. I have managed to do it using a check box below...
View ArticleHow to Join entries for a summary index
I have two indexes that I want to create a summary from every hour. Index1 request_type, request_guid, request_timestamp, meta_field1, meta_field2, ... Index1 contains log entries from each processing...
View ArticleSplunk Universal Forwarder TCPOUT Cutting Events in Transit
I have a UF that is monitoring 5 rather large (200MB to 12GB) files and then sending via TCPOUT uncooked data to an rsyslog server. However, it appears that some of the events are getting split...
View Article