How to fix: Cannot replicate as bucket hasn't rolled yet?
The solution is by clicking "Roll" on "Action" of each bucket? Is it the best way to fix? It's seen on Master Node under the Fixup Buckets Pending menu.
View ArticleOlder Windows beyond Windows XP, can they forward their logs to Splunk...
Older version like: - Windows NT 4.0 - Windows 95 - Windows 98 - Windows 2000 Can they still forward logs to Splunk with other method? Since no Universal Forwarders for such Windows are found.
View ArticleUnable to use regex to index logs
Hi, I wish to configure splunk forwarder to pick logs from a directory that match any of the below patterns. Essentially anything that matches the regex "/^(jacket.)?[^\.]*-[^\.]*(.jvm)?.log$/". I...
View ArticleMismatch in License Query and actual license Utilization.
I have ran some query for Data coming through all of the forwarders and matched it with actual daily license utilization. some of the queries are, 1. index=_internal group=* group=per_host_thruput |...
View ArticleDo splunk deployment officialy supported inside Docker Containers ?
Hi team, We are considering deploying Splunk Solution inside Docker containers for Production Workload??. We found though docker has support for splunk , but not sure if Splunk supports it officially....
View Articlehow to create custom statuses and workflow rules?
Hi! I tired Alert Manager recently and I think it's a great app! Now I need to customize the statuses and provide some simple workflow defining rules on who can change from a status to another one. Any...
View ArticleNetApp Data OnTAP 8.1.4 support in Splunk App for Data OnTAP
Dear All, I have a NetApp Data OnTAP 8.1.4 7-mode server and I need to monitor it with Splunk and the Splunk App for Data OnTAP (current version 2.1.5). However, the current version only supports OnTAP...
View ArticleHistoric average of last 30 days
I have a type of event that happens about 20 times a day. Each event carry a numeric value. Meaning is found in the sum of this value for each day. To be able to compare the current day sum, I want an...
View ArticleHow to run a search with undefined token
Hello, I have a panel on a dashboard with a search using a token to exclude events with some field values. Search is something like `index=myindex sourcetype=mysourcetype $exclude$` The "exclude" token...
View ArticleHelp me with the search command for usescases
Hi All, I would like to find a way out for the below Cisco ISE use-case scenarios . It would be great if you can help me with the search queries, • New devices connecting to the wired network • Legacy...
View ArticleHow to collect performance statistics about search-time field extractions?
I'm trying to collect performance information about search-time field extractions happening on different search-peers, but even if I can see the total search duration for the available peers (e.g. ) I...
View Articleadd custom component name in web_service.log
Hi I'm working on an splunk base app (Uploader). In this app, the python code upload.py calls splunk logger. When I have log I can find them in web_service.log like this: 2017-10-02 10:21:50,312...
View ArticleSSL error on non-SSL forwarder connection
We're trying to add a new Forwarder (6.6.1) to our indexer (non-SSL connection), we're able to connect to the forwarder just fine and everything seems correct but we're not seeing the forwarder on the...
View ArticleWindows Events Not showing Up on Indexer
A UF was installed on 2 Windows domain Controllers. These are in a different windows forest than my other devices. I had to manually add these to the windows_eventlog class by IP as the DNS name can't...
View Articleintegration of RMS data in Splunk
Hi All I'm looking for informations or methods on integrating RMS (Rights Management service/Office365) into Splunk (Linux). I'am not sure if we can use the APT (powershell) .... I checked online - But...
View Articlecomparing min, max and avg of a field by host and application
Hi All, I have been working on a search query but couldn't able to get desired results. I'm looking for a search which will give me min(field1), max(field1) and avg(field1) of field1 per host per...
View Articledashboard input - if single value available - choose it
Hi, I have a dashboard that in it there is a multiselect input. sometimes the multiselect search results only 1 result. can I automatically choose it when there is only 1 option? Thanks.
View Articlesouce names in the 2nd column
Hi, I'm searching multiple sources in a single index and getting the result as a table. I want to display the sourcename next to the first column for each row. How can I do that ?
View ArticleSCOM & Splunk
Hi, RE: https://splunkbase.splunk.com/app/2729/ We have SCOM installed on a server, and have Splunk Enterprise installed on another server. I am trying to get them both to intergrate. I have followed...
View ArticleSendind data from Splunk dashboard to some external API\any ticketing tool
Hi All, I have a dashboard which will list out all the errors along with some more fields in a table view. So now what I need to do is I need to have a integration\API that should allow me to right...
View Article