Handling dashboard parameters passed in from link
We have a dashboard panel table that contains links to dashboard "snapshots" like this: http://...?**form.field1.earliest=1505343600&form.field1.latest=1505354400** On the dashboard we have a panel...
View ArticleHow to improve index replication speed ?
Dear Splunkers, I am performing migration of a multi site indexer cluster with 2 sites. RF=2, SF=2 with 1 copy of raw data and tsidx data in each site. Total 40 indexers with 20 indexers each per site....
View ArticleHow to add indexers to license pools via cli
Hi, I need to add some indexers to an existing license pool via cli. The doc doesn't really give clear examples on how to do this... has anyone tried it?
View ArticleSplunk DB Connect -- Do I need to change the configuration? Can't Splunk a...
some of the column from Oracle table(From DB connect) are not getting ingested into splunk after integration. Could you please let me know why? Note:The particular column has a huge length of data.Is...
View ArticleCan I remove remote-bundle files? They take up a lot of disk space.
In SPLUNK_HOME/var/run/splunk/cluster/remote-bundle, it has these files. Which of them can be removed? It takes so much disk spaces. 03f58995749637f6d88a5333918cf6f3-1496941618.bundle...
View ArticleCan I set an alert that turns my dashboard red when triggered?
Would like to trigger an alert and show the dashboard status as RED when the duration > 0.0205035. Below are the steps I am creating 1. Creating a Single view dashboard for the Service of Full GC...
View ArticleIs there a difference between guided and manual mode? Is there a difference...
Guided and Manual Mode? Real Time and Continuous? Is one more efficient then the other? Thank you. Frank
View ArticleCan I edit the server.conf to add indexers to license pools via CLI?
Hi, I need to add some indexers to an existing license pool via cli. The doc doesn't really give clear examples on how to do this... has anyone tried it? Can I just edit the server.conf on the license...
View ArticleHow can I receive an alert if standalone Splunk instance is down?
As the question say, i want to know if there is a way(s) to have an alert when a standalone splunk environment get down
View ArticleIIS filter transform not processing when forwarded from universal forwarder,...
I've found many entries on the subject of filtering IIS logs, with people saying X has worked. However, I'm not able to get it fully working. If I copy an IIS log that should be filtered to the server...
View ArticleWhy are the transforms on indexer props being broken by the extractions on my...
Whenever I enable this EXTRACTION stanza on my universal forwarder, my TRANSFORM extraction stops working on my indexer: [web_app_logs] NO_BINARY_CHECK = 1 INDEXED_EXTRACTIONS = TSV PREAMBLE_REGEX =...
View ArticleCorrelation search error -- "there was an error saving the correlation search"
Hi I am trying to change the Scheduling on a correlation search to Continuous, and I am getting a field " Fields to Group by" in order to save the search. I have entered a couple of different field...
View ArticleIs this normal? CPU is at 100% on search head and heavy forwarder with data...
We are using the Splunk Add-on for AppDyanmics to pull in single API KPI's from our shared AppDynamics instance into Splunk. We have 78 inputs being pulled in. They are running on an interval of 5...
View ArticleIs it possible to copy glass table to another splunk instance?
Hi, We have a Glass table which I'd like to move to another Splunk instance. Unlike Dashboards, I do not see any "edit source" options for Glass Tables. And the edit drop down will only allow to clone...
View ArticleDetecting Endpoint Change in a Specific Event
Looking for assistance with creating an email alert when an endpoint changes in logs. We want to avoid multiple emails going out every 15 minutes and only send the email alert when the switch happens....
View ArticleSplunk 7.0 and OSX High Sierra APFS
Splunk 7.0 doesn't start in new MACOS X with the APFS (Encrypted) filesystem. Is APFS not supported?
View ArticleWhy do we see the SSL23_GET_CLIENT_HELLO, unknown protocol error messages?
We see the following messages continuously on our four indexers - 09-28-2017 09:26:36.888 -0500 ERROR TcpInputProc - Error encountered for connection from src=:50230. error:140760FC:SSL...
View ArticleHow to improve index replication speed?
Dear Splunkers, I am performing migration of a multi site indexer cluster with 2 sites. RF=2, SF=2 with 1 copy of raw data and tsidx data in each site. Total 40 indexers with 20 indexers each per site....
View ArticleWhy can't an authorized user login via LDAP?
I have successfully configured LDAP to my organization's Active Directory and have several strategies configured; we have a massive disorganized domain, so I need to create multiple strategies to keep...
View ArticleSubstring lookup to enhance DB query results?
Hello, I am VERY new to Splunk. I have built some basic dashboards using DB queries, because the data is not (yet) being put directly into the Splunk database. With that said, I would like to enhance...
View Article