Create an alert if CPU usage on 5 servers reached above threshold >50
Hi, We are trying to create alerts on splunk servers for CPU usage, we noticed CPU on search peers is constantly hitting 90% of threshold and we have multisite cluster environment. Alert Requirements:...
View ArticleHow do I parse one large comma-delimited field into multiple fields with...
I have an event that looks similar to the following: 2017-10-18 16:59:30.943, MetaDataFoo="ValueFoo", Event_Time="2017-10-18 16:59:30.943",...
View Articlechart after using stats latest()
I have the following command: sourcetype="sourcetype" eventid=731 OR eventid=730 | stats latest(eventid) by target | chart count by eventid the 2nd line works as expected, but when I add in the 3rd...
View ArticleCustom date format extraction using datetime.xml
A colleague was tying to use Splunk to ingest a log file with a unusual date/time format. - The DATE of the event is dd/mm/yyyy and always includes midnight 00:00:00 as part of the date. - The actual...
View ArticleDisplay All values(including duplicate values) in Time Chart Graph
Hello, In my data, there could be multiple values(duration) for Scriptname. I am using Time Chart to display data and it should include all values including duplicates. All Data ![alt text][1] [1]:...
View ArticleWhy does SPLUNK still getting logs from an edited source path ?
I lately edited the path of a source in inputs.conf in a heavy forwarder but I kept receiving events from both ( the new and the old source ). the old one : [monitor:///var/portal/tomcat/log/jms.log]...
View Articlehow to transfer indexes stored in a search head to other search peers ?
We have a Splunk environment with 1 search head , multiple indexers and search peers. Currently search head stores a huge amount of Indexed data. Our requirement is to migrate Search head and...
View ArticleSplunk sourcetype top to capture Memory in terabyte
Splunk has a top sourcetype which can help to monitor the system resource usage. I recently ran into a problem while the RH7 outputs RES in terabyte(t) while process is over 10G of memory usage. The...
View ArticleError in 'dbxquery' command: External search command exited unexpectedly with...
Hello, I have an odd problem with db_connect : My connection is ok ![alt text][1] [1]: /storage/temp/219576-capture.png I can see the database and the tables but when i try to query (basic select) i...
View ArticleHow to Upgrade addom\app
I need to upgrade both add on for aws and app for aws, how when I try doing from the app manager my creds don't see to work. Can I just copy the .tgz file to server and then uncompress it? can I use...
View ArticleHow to configure Dns tools plugin and how to use it with log s to retrieve...
I tried using the Dnslookup command earlier, it was not working. I am not sure whether I made any mistake in giving definition. I tried following the links for these topics, but it didnt work. Can...
View ArticleDo TLS/SSL and CipherSuite configs on the Indexer force autonegotiation with...
If a Splunk forwarder is configured with the default TLS/SSL settings in the various .conf files as below, and the indexer/intermediate-forwarder is configured with the various .conf files as below,...
View ArticleUnable to edit serverclass.conf file as when I try to save always "Save As"...
Unable to edit serverclass.conf file as when I try to save always "Save As" pop up is coming
View ArticleHow do you create timechart with side-by-side stats?
I have extracted a field from log and named it elapsedTime ... | rex "milisecond([\\\]{1})([\"]):(?\d+)," Now I need to create a timechart that shows side-by side number of events per day and number of...
View Articlehow to add one more field value with the remaining results in a splunk query?
I have a query as follows to display the list of hosts which are seen in last 24 hours and hosts which are not seen in last 24 hours from a list of lookup table hosts. which is working fine. But I also...
View Articlerestore a default file that is failing integrity check
So after a system crash, I reboot and now I'm getting the warning: **Installed Files Integrity Checker: File Integrity checks found 1 files that did not match the system-provided manifest.** checking...
View ArticleHow to omit a field from search on a text input if the field is blank/null
Hello all, Fairly new to Splunk and have a question. I am trying to build what seemed like a fairly simple tool but I can't get it to work correctly. I need to search on two different text input values...
View Articlehow to find the number of hosts that never reported to splunk from a lookup...
I have a query as follows to display the list of hosts which are seen in last 24 hours and hosts which are not seen in last 24 hours from a list of lookup table hosts. which is working fine. But I also...
View Articleforwarder nmon_linux_x86 segfault errors flooded
Hi everyone, does anyone know why I got a lot of below errors in server message log. which generated by nmon runs on forwarder ? thx Oct 23 00:56:36 tbkafkapldi01us2 kernel: nmon_linux_x86_[31521]:...
View ArticleBlacklist events for specific sourcetype and host
I know how to blacklist specific event for host or sourcetype. But I couldn't figure out how I can blacklist events fro specific host and sourcetype. Here is my scenario Hosts: host1, host2 Sourcetype:...
View Article