Enabled syslog in the UNIX server but doesn't receive to Splunk
We enabled the syslog to be sent to our Heavy forwarder, however, after the configuration we are not seeing the folder is created in /opt/syslog or /opt/syslog-tcp , normally whatever the syslog we...
View ArticleHow to create scheduled alert to generate Year To Date reports?
Hi, I have created a search query to pull annual records using time range "Year to date" option. It displays the all the annual records perfectly. If I save this search as an alert and scheduled to run...
View ArticleCopy saved searches/reports/dashboards from existing user to a new one
Hello, because of some internal measures we must changes some settings within our Splunk installation. For example we need a strong authentication which I'll provide with an apache which will...
View ArticleHow to set up a Splunk DB Connect 2 Lookup/Input Update
Hi guys, Is it possible to use the db connect lookup like inputlookup? I do not need to join the lookup data with other events and the data should always be up to date, as is always the case in the...
View ArticleJVM Agent : Unable to collect details on method execution
Hi all, I’ve just downloaded the JVM agent APP to see what kind of metrics I could collect into Splunk. I did a really simple try with a HelloWorld Java method that I execute once. I added the agent...
View ArticleWhat are the reasons for buckets with name duplicate-* in splunk indexer...
We have recently changed the index path for an indexer node to add additional disk and currently experiencing an issue with duplicate buckets created in indexer cluster. Steps performed - Offline the...
View ArticleService now event data is missing in Splunk
Hello Team, I have Splunk enterprise vesion 6.1.8 and Splunk App for ServiceNow (App Version 2.4), all servicenow data is coming into the splunk but found that some of data (Snow_Events)is missed, so...
View ArticleMultiple Search Templates In Dashboard
Hi, I wonder whether someone may be able to help me please. I've put together the following form. Simple select drop down|rest /services/search/jobs |search NOT (author="splunk-system-user" OR...
View ArticleTimechart range affected by upgrade from 6.3.1 to 6.3.3
We have certain source types where there is only data from months ago. When putting this into a timechart, the chart was smart enough to see that it didn't need to display months of nothing, so the...
View ArticleProper use of summary index for sensor data
This is more of a question about the "right" way of doing things versus what is possible. I want to know if there is anything I am forgetting or not considering that will make the following solution...
View ArticleMultiple Joins
Hi, I wonder whether someone may be able to help me please. I'm trying to perform the following: 1. For every user account set up, 2. Check to see whether they have logged on in the last 12 months, 3....
View Articletransforms for count values
Is there a way to create a transforms for separate values while not breaking current regex instances that are working? Currently, we are capturing data, however one of the tools that creates the...
View ArticleUpgrade Enterprise 6.3.2 Problem with app Netflow
Hi After upgrade on server search indexer from 6.2.4 to 6.3.2 I have problem with app Netflow: Now I don't received data of netflow. The listner is not working . If I launch ./configure creates the...
View ArticleTrying to install an SSL certificate on a search head, why is it getting...
I'm trying to install an SSL certificate onto a search head and something is wrong. It'll start up with enableSplunkWebSSL set to "no" of course. [more /opt/splunk/etc/system/local/web.conf] [settings]...
View ArticleWhy does the dynamic display not work with my panel!?
Thats my simple xml for the panel. Without the dynamic display code the panel would show events. Any mistakes? ## Intrusion Detection/Vulnerability/Malware Eventsindex=* sourcetype!="Vectra-CEF"...
View ArticleWe installed Splunk for DB Connect 2, but the rsCache.data file grew...
The only limit on the file size here is the 50 GB f/s in which we installed Splunk. It basically filled up the file system. Here are file sizes on the server. -rw------- 1 splunk splunk 0 Feb 17 05:57...
View ArticlemaxKBpsでスループットを制御されない
UniversalForwarderをインストールし、limits.confに下記設定を行いました。 $SPLUNK_HOME$/etc/apps/SplunkUniversalForwarder/local/limits.conf [thruput] maxKBps = 256 また、設定適用後に再起動を行いsplunk cmd btool limits list --debugコマンドで、...
View ArticleExtraction of a substring and comparison in a loop
Hi, I need to search for an element A present in one of the fields let's say field 1. Some of the values present for field1 in various rows are Row1: field1=C,D Row2: field1=E,F,A, .... I need to do a...
View ArticleHow to define a calculated field based on chained rex statements in Splunk Web?
I'm using Splunk Enterprise. I have a search that looks like: index=foo sourcetype=yapache_access host=bar | fields url,duration | rex field=url mode=sed "s/[a-zA-Z0-9._]{20,}/_HASH/g" | rex field=url...
View Articlenew versus return users
If my logs currently captures username and a session id. keep in mind that 1 session can have multiple hits to different pages or activities. My definition for new user = users with 1 user session for...
View Article