Is it possible to copy glass table to another Splunk instance?
Hi, We have a Glass table which I'd like to move to another Splunk instance. Unlike Dashboards, I do not see any "edit source" options for Glass Tables. And the edit drop down will only allow to clone...
View ArticleDetecting endpoint change in a specific event with an alert
Looking for assistance with creating an email alert when an endpoint changes in logs. We want to avoid multiple emails going out every 15 minutes and only send the email alert when the switch happens....
View ArticleTour Creation App for Splunk -- How to work with a default view that has many...
For [our app][1]: the default view isn't:> tc_view_main It's actually more like this: >...
View ArticleSplunk not starting after upgrade (6.6.1 > 7.0)
Hi, i just updated from 6.6.1 to latest version(7) and now i'am stuck with splunk not starting web interface: # ./splunk restart Stopping splunkd... Shutting down. Please wait, as this may take a few...
View ArticleArchive data to S3, understanding the options.
I have an indexer cluster with a minimum replication factor of 2 to prevent data loss. I would like to setup Splunk to archive frozen data after the retention period has passed to an S3 bucket (This...
View ArticleCan you help me understand archiving best practices? Can I archive frozen...
I have an indexer cluster with a minimum replication factor of 2 to prevent data loss. I would like to setup Splunk to archive frozen data after the retention period has passed to an S3 bucket (This...
View ArticleBest way to add multiple(30+) panels to a splunk dashboard
What is the Best way to add multiple panels to a splunk dashboard? I currently have a dashboard where I want to add 30+ panels which are just very simple timecharts for the last 24 hours. I have all...
View ArticleTimechart function and graphing specific field?
I would like to capture the value of used_memory_peak_human =>__"26.28M"__ as it increases or decreases from all servers., in timechart or bar graph. I have servers from app0-app7. __639 <14>1...
View ArticleUsing the transforms.conf file to only forward events that match a regex.
I've got a log file that get's 2 different event formats depending on if debugging is turned on. When debugging is turned on I don't want the debug events forwarded but I do want the normal events...
View ArticleWhy aren't my logs being forwarded for indexing by my forwarders?
**Summary** Not all logs are being forwarded for indexing by my splunkforwarders. **Situation** I have 4 instances that run 3 processes I am interesting in. Each process outputs logs that I am...
View ArticleHow can I run a search that will use data from buckets from a specific time...
Given a timeinterval provided by the user, I would like to output those buckets who contain more elements than the average of the 50 non-empty buckets before a bucket. Is there an easy way of doing this?
View ArticleHow to convert distinguishedName to canonical name using Regex?
Hi I have distinguishedName values from Ldap query, how can I convert it to canonical names using Regex? for eg: CN=test,OU=test service,OU=Special Accounts,DC=test,DC=com...
View ArticleError messages when I try to connect the universal forwarder
Hi, I'm brand new to Splunk and been given an existing Splunk environment to manage. I need to get a universal forwarder installed on a couple servers. This environment already has several universal...
View ArticleBluecoat × universal forwarder
http://docs.splunk.com/Documentation/AddOns/released/BlueCoatProxySG/Releasenotes I am using Splunk Add-on for Blue Coat ProxySG. I can successfully import using GUI. However, using universal forwarder...
View ArticleWhat is best approach to implement kv store to replace using lookups?
HI! I have two search heads in cluster and multiple lookups in Splunk but currently started facing issues of replication of knowledge bundles. After investigation, I have observed that few of the...
View ArticleAbout daylight savings time
I am thinking about building an environment in a country where daylight saving time exists, but as for the server, I am setting to change the summer time and winter time automatically, Will it...
View ArticleNot extracting all fullgc events
Could not be able to pull all the Full GC events. Is there any tweak requires in the regex? | makeresults | eval _raw="28820.220: [Full GC (System.gc()) 8832K->8624K(37888K), 0.0261704 secs]...
View ArticleHow to rex out and substitute it with *
I would like to substitute below kind of email address with * Original :- john.trava@gmail.com Expected:- Jo**.***va@gmail.com First two character of first name and last two character before @ should...
View Articleiplocation
I am not getting iplocation working in this query: tag= web | stats count by IP, sessionId | stats dc(IP) as count, values(IP) as clientIP by sessionId | where count> 5 | iplocation clientIP I can...
View ArticleEvent data filtering working in one environment but not in other.
I have two clustered environments consisting of 3 SH,3 Indexers and 1 HWF each running on Splunk 6.4.1. I need to filter out certain unwanted events coming from jms queues and send them to the...
View Article