Deployment Server slows down to a crawl
Hi everyone, I have a stand-alone deployment server setup on a CentOS 7 Linux VM with 8 cores and 8GB RAM on Splunk 6.2.8. This server is currently managing about 150 clients, and in this setup, I...
View ArticleAlternative to fieldsummary, Just show fieldnames?
Hi, My code looks like: mysearch....[ index=adc| fieldsummary | fields field] Is there a commad to display the fieldnames(field) of an index, without using `fieldsummary`? Or an option for...
View ArticleRelationship between streamInWriteTimeout and HttpListener - Read Timeout
We are sending data to the Splunk KV store using the batch_save endpoint. Occasionally, the upload fails with this message in splunkd.log: 02-18-2016 07:39:57.706 +0000 WARN HttpListener - Read Timeout...
View Articledelete logs in a tsidx index
Hi at all, I installed Splunk App for BlueCoat. I loades some test data and now I have to delete them before loading the production data. Logs are loaded in the "bcoat_logs" index and I haven't...
View Articlehow to pass values (dynamically derived from event) to python Script as...
Can i pass values (dynamically derived from event) to python Script as command line arguments, do some magic in the script and pass the new values back to splunk? isp.outputResults(results)??? i tried...
View Articlehow can i realise when splunk is reaching the 10000 limit in search?
in my search i calculate some values, but if i reaches the 10000 limit i got wrong results. i would like change the wrong results to something "its bigger than....." i dont car about the real value but...
View Articleexport results to csv not matching total number of events ?
Hi , I have a search without any statistic/transformation command like index=abc earliest=-7d . I am geeting following information on events: 1. Total Events:689 (in timeline and eventCount in Job...
View ArticleChange the ''Waiting for data... '' message with a value or word
My search : index=test | where Value>=95 | stats count(Value) as Events by Host The result : - if there are values above 95 a table will be created by Host and number of Events per host - if there...
View ArticleAppdynamics Events data not coming to "appdynamics-events" index
Hi Community, I am trying to integrate appdyanamics with Splunk. Metrics data is coming good, but problem with Events data. when I was place the events URL from Appd , on the browser for checking it...
View Articlehow to plot count of distinct values over time
How do I count the occurrences of each distinct requestId and plot it over time. First time the requestId was found will be fine for a datetime. With this query I can plot count of each distinct...
View ArticleHow does sending data of Splunk Universal Forwarder works
Hi, I was monitoring Universal Forwarder's CPU usage with the environment below, and I put 13GB sized file on Universal Forwarder server to send to the indexer and monitored it with limits.conf set...
View ArticleDoes Splunk has any Temp Data, related to search or any other thing ? Like we...
I looking for temporary files , if any, splunk stores while search is running or in any other situation that hold some space or any other resource. My main Aim is to improve performance of splunk, so I...
View ArticleHow to add tooltip and color to rows to a dynamic generated table
How do i add a tooltip and color to rows to a dynamic generated table. Thanks
View ArticleCSV file extraction with multiple lines and timestamp in different line
Hi, my log has a timestamp and a csv rows. Eg. given 2 records. Sun Feb 14 07:01:05 EST 2016 customer_name,cust_id, response_code, response_time, size abc, 1002304,200, 0.111,120 def,...
View ArticleJoin Statement Not Retrieving All Records
Hi, I wonder whether someone may be able to help me please for which may seem a really dumb question. I'm using the query below to extract user accounts with a creation date which returns 430 records....
View ArticleMultiple Subsearches
Hi, I wonder whether someone may be able to help me please. Firstly I will admit that I don't find writing join queries easy, but I'm certainly learning as I write more. I've put together the following...
View ArticleHow to Forward data based on source from forwarder when data is coming from...
I have log data from multiple sources coming into a single TCP port in JSON format as below:<01>- hostname...
View ArticleCan I perform a lookup on 1 lookup field AS 2 existing fields?
Hello, I have two existing fields: mailto, mailfrom. I also have a lookup with 2 fields: "Mail" and "Country" I would like to perform a lookup like this: | lookup mail_country Mail AS mailfrom , Mail...
View ArticleAnalytics for Nagios - eventName Field Extraction Not Working
We’ve just installed the ‘Analytics for Nagios’ app on our Splunk instance and I’ve run through the instructions to hook this into our Nagios XI instance. All good, and I can see the logs hitting the...
View ArticleSorting date fields chronologically in a graph and grouping dates by week...
I have a csv import that has a date field (dd/mm/yyyy) that I want to be able to chart chronologically on the x axis in a graph in Splunk. However, when the field is sorted, it sorts the dates based on...
View Article