batch stanza in inputs.conf with nullQueue not processing
Hi, I have a batch stanza in my inputs.conf file of my application. I would like to use it to remove old files from the application that could be causing problems for the users. Here is an example:...
View ArticleField manipulation using SED
I am testing using Splunk to index a minecraft server, but have some problem with user name. Lines look like this: Fri Mar 04 22:24:58 CET 2016 action=block_broken player=§4BirksX§r world=world x=30.0...
View Articleeval expression to create a field with values more than other field
Hi all. I have a field called `src` with values like: 348 55666 77666 95670 23456 I want to create a new field that only shows the values that are greater than 1000, my search string looks like: ... |...
View ArticleIs it possible to get direct notifications in the Android Splunk Mobile App?
Would it be possible to have direct notifications in splunk mobile app? My Splunk server is behind the proxy, no internet access to Google services allowed. The same with mobile devices. I am using...
View ArticleHow to troubleshoot why I received an alert saying "indexer is not reachable"?
I am pretty new to Splunk. Guess what, the consultant has left and I was supposed to take care of Splunk. I got an alert saying "indexer is not reachable". I can ssh to the server, the CPU and disk are...
View Articlewhy fields should be extracted from raw data in splunk?
why we need to extract fields from machine data?
View ArticleResources utilization of Splunk Indexer with possible numbers of Splunk Apps...
Hi all! I am Charles from Hong Kong and new to Splunk. Hello everyone! My boss asked me to fully utilize our newly installed Splunk Indexer and Heavy Forwarder by installing as much Splunk Apps as it...
View ArticleDashborad PDF Report limitations
Hi All, Default PDF report generated from dashboard is looking very bad. Fonts are getting very small when number of columns in the table is around 8 or more, making very hard to read. Not seeing any...
View ArticleWhy is my data not displayed in the Tango Honeypot Intell app?
If i upload a .json file from cowrie to splunk the data is not displayed within the Tango app. I can search it and can confirm it is in the honeypot index, but it is not being displayed.
View ArticleIs it possible to disable replication to specific peers in the cluster?
I've read on peers going into detention status due to storage capacity restrictions, however, is it possible to manually place a peer in detention status so that the data present on it remains...
View ArticleSplunk indexing local syslog with differing remote formats?
A local syslog process receives data from multiple remote syslog processes and writes the data to a local file indexed by Splunk. That file ends contains events with different formats. When Splunk...
View ArticleGetting errors for every search I run
Hi All, I am getting below error for every search I am rinning for Summary indexing. Search process did not exit cleanly, exit_code=255, description="exited with code 255". Please look in search.log...
View ArticleWhat could be the best approach to migrate an existing single-site indexer...
Hi Splunkers, We are going to migrate our current single-site indexer cluster (running 4 nodes, with replication factor: 2 and search factor: 2, multiple TB or raw data) to new multi-site cluster on 2...
View Articlemay i know if there is any new version of xmlutils app
may i know if there is any new version of xmlutils app or another app that replace xmlutils
View ArticleMixed Support Years
Hi, We have ordered 50G of Splunk perpetual license with three years of support and now we're ordering another 100G to be added but with only one year of support due to budget limitations. What happens...
View ArticleWhy aren't my virus total hashes being looked up?
I've added requests to the directory as per directions and added my api key but none of my file hashes are being processed.
View ArticleDoes splunk enterprise runs on RHEL7..?
we're planning to upgrade our server hardware, wanted to make sure if splunk enterprise v6.3+ runs on RHEL7...?
View ArticleSum of count conditionally within a query
I have incoming calls and I'm trying to get total number of calls followed by sum of calls where the field "result" equals declined, caller_ended, or callee_ended. I'm able to get the sum(count) but...
View ArticleBlue Coat Field extractor name=custom_client_events is unusually slow
We are running the Blue Coat ProxySG App for Splunk app (https://splunkbase.splunk.com/app/2815) and associated TA downloaded from the BTO site. When running on a distributed environment with multiple...
View ArticleSplunk add on for Cisco IPS 2.1.5 has error conneting to sensor
I recently migrated my Splunk from Windows 2012 to Linux (CentOS). I am currently running Splunk Enterprise 6.3.2. I added the Splunk add on for Cisco IPS ver. 2.1.5 and had to manually configure the...
View Article