Timeout talking to Deployment Server Windows
I'm seeing this message in the splunkd.log file just before a Universal Forwarder starts a shutdown. 11-25-2017 18:38:11.690 -0800 INFO NetUtils - Connect timeout - waited for 5 seconds....
View ArticleDoing search through REST API using PostMan giving [Error in 'SearchParser']
same query return results on Splunk web interface. ![alt text][1] [1]: /storage/temp/220000-splunk-postmantxt.png
View ArticleIs it possible to setup HEC on Heavy forwarder without deployment servers and...
Current cluster: Master Nodes: 1 Indexers: 5 SearchHeads : 3 Universal Forwarders 2 I am planning to add 2 additional Heavy forwarders since HEC is not supported on universal forwarders. Cluster...
View Articlelookup with _row
Can I use _row when matching with lookup? It seems to me that it can not be done. Can you give me some hints?
View ArticleRex extraction of fields
I have the following CVE results form a vulnerability report and would like to extract the CVEs to individual CVEs on a separate field....
View ArticleAre there known issues with having Nokia / Alcatel Lucent boxes sendind...
I have several devices that are being seen by Splunk "Data Summary" area and are accumulating "Events" but none can be displayed by a search. Clicking the host under "Data Summary" yields 0 "Event"...
View ArticleWhy "done" tag is disappeared when I edit panel's search in UI.
I created dashboard has two panels like below. 1. Panel displaying results in table view 2. Panel showing the count of result of panel1 To display Panel2, I use the tag in the source of Panel1....
View ArticleWill Splunk for Nagios work with Icinga2?
Hi, can anyone tell me if the add-on will works with Icinga2? We are planning to start with icinga2 and it would be nice if we can use this add-on. Kind regards Oli
View ArticleConvert field values (e.g 15/12) to date format understandable to SPLUNK ,...
I have field with values such as "06/12", "13/01", "20/05" i/e human readable dd/mm. I dont know weather splunk understands the format is date format dd/mm or it takes it as a string. I have to perform...
View ArticlePopulating dropdown error : Could not create search
I am trying to populate values to a dropdown using the search query. Following is the code:Subdivisions ListAll*subdivisionsubdivision`mymainlog` | rex field=_raw max_match=100 "<(\d{4})," | stats...
View ArticleHow can I visualise at what time a daily event happened during the last month?
I have an event that should occour every day, I would like to visualise a a chart where I can see over the last month at what time of the day that event occurred (if it did occour) Many thanks
View ArticleFixed Issues listed for 6.6.4 doc in HTML is different from the list in PDF...
Hi I see the different information for fixed issue for 6.6.4 in HTML version and PDF version (download PDF). http://docs.splunk.com/Documentation/Splunk/6.6.4/ReleaseNotes/6.6.4 Could anyone know which...
View ArticleHow to calculate percentage deviation
Hi, I have logs which looks similar to the sample data attached. In my current scenario I have 30 days hourly data for each of the 9 nodes i.e., "msc "and 303 KPIs i.e., "never" in the sample log. I...
View ArticleCreate Submit Button in XML to run the search?
I have 6 multi-select input in my dashboard .Whenever I select one of the values the search starts running but I want a"Submit" button to control the search so that my tables and graphs load after I...
View ArticleSplunk Buckets
I want to keep all hot/warm buckets under /opt/Splunk_hot dir and cold to /opt/Splunk_cold dir. I have updated all addons indexes.conf file by following: [volume:splunkdb_cold] path=/opt/Splunk_cold...
View ArticleSplunk File presedence
I know the configuration file precedence, my question is if /system/local is first path of a configuration file then Splunk skips to check /system/default for the same conf file?
View ArticleHow to count the number of columns in a file
Hi, I'm trying to do a comparison, wherein I want to verify that the number of columns in file X matches the number of columns in file Y. Its literally a comparison of two figures. Does anyone have any...
View ArticleDrilldown query doesn't start automatically
I'm fairly new at this, but I have done a LOT of Googling before asking here... ;-) I have a dashboard that has single-value visualizations on it. When I click on any of them, it drills down to a form...
View ArticleMonitor specific services on Windows host
Software needed to be installed on a Windows machine which has it's own service with specific states. After some research, I found that using this stanza on the remote Windows machine (which is an UF...
View ArticleJSON element names contains dynamic part - how to create table
My JSON log file contains metrics - below message example. Json elements name and number are not fixed. As you can see element meters.bytesInPerSec.APPLICATION_NAME can be repeated for all applications...
View Article