How can we monitor DHCP scope usage through Splunk
It is possible to monitor DHCP scopes usage by Splunk Enterprise. Can we try DHCP scopes usage monitoring with splunk enterprise trail version???
View ArticleLookup when format is not equal.
I already have a CSV file for an other app that uses mac to IP/Name. Format is like this: mac,ip,host_name 6067.209c.ce2c,10.10.10.186,pc-test c01a.da25.da0e,10.10.10.163,server...
View ArticleNeed to create an Alert to trigger when access to a list of internal IP's...
I tried the following, sourcetype="cisco:*" [|inputlookup Testlist.csv | fields scr_ip | rename scr_ip AS dest_ip] | stats count by src_ip | sort desc - count
View ArticleResults not returned from all indexers
I have 2 indexers. I've just migrated one 6.1.3 indexer from Windows to Linux (in prep for an upgrade to 6.3 but want a stable environment first). Everything seems to be working. The search peers all...
View ArticleMonitor That Windows 7 is listening on a specified port
I need to monitor that an application is active on a Windows 7 machine. The application listens on port 80. If the application is up, the Windows machine will show it is listening on port 80. A netstat...
View ArticleDo we read log data from inmemory?
I would like to write log data to java inmemory using Memory Handlers in Java Application. Can we read these log data from java application? Thanks, Mini
View ArticleSplunk lookup using wildcard on web
Hi All, Is it possible to create lookup with wildcard on Splunk web it self. Our use case : 100+ lookup need to be created with wildcard, creating it manually using transforms.conf is difficult. Please...
View ArticleSearch based on different requests?
Hello, I'm trying to create a search that will allow me to search a subnet for requests made from a single source IP to more than X amount of destination IPS. for example, if 10.10.10.10 sends traffic...
View ArticleWhat's the average size for a log file?
Hello everyone. I'm just trying to get a ball park estimate here. Granted everything is set to default, what do you think is the general log file size for the following logs: Window 2012 Server log...
View ArticleMy management URI is not showing correctly in the rest endpoint info
I am getting an incorrect value for the mgmt_uri value when accessing the rest endpoint /services/shcluster/status This is on a search head node on a search head cluster on version 6.3.3 My server.conf...
View Articlealert notification on mobile device without internet
I am checking the possibilities to have splunk alert notification on mobile device (android). So far, I understand that google/apple servers are necessary to send the notification. Local way would be...
View Articlehypervisor-xenserver-getSR.py is only reporting Physical DVD Drive and...
When I run the getSR.py the Splunk source is only reporting Physical DVD Drive and Removable Local storage. It does not report the Host Local storage or the attached iSCSI SR's. I am looking to monitor...
View ArticleLevenshtein Search Command incomplete results and work with tstats
The following changes will make the command work reliably in a larger environment. 1. Fix to allow tstats to work with the command: Edit line 30 in the levenshtein.py in bin: replace the if '_raw' in r...
View ArticleAdding Alert Trigger Condition (token) to Email
Hello all, is there a token usable in the Email alert body that indicates the Trigger Condition? I'm using a "Customer" trigger condition and would like to include it in the email to normalize...
View ArticleDisable all scheduled searches with REST
I am trying to disable ALL scheduled searches for all users in our test environment. Users need to be able go back in and enable the scheduled searches they need. So disabling the pipeline won't work....
View ArticleBucket details check
Hi , I would like to check how many hot/cold/warm buckets on my instance? and also about from when to when that buckets were created? could someone please help me here?
View Articledatamodel_summary directory in _internaldb - can we delete?
Hi Team, datamodel_summary directory in _internaldb is consuming huge disk space nearly equivalent to hot DB. Can we delete it? From the documents description its understood that it's used for some...
View ArticleSplunkJavaLogging is not able to write logs to splunk server using TCP Port
I am newbie to splunk. I need to write logs from java application to splunk server directly. I guess splunklogging may suit for this after surfing google. But I could not able to write logs to splunk...
View ArticleHow can I get the average amount of data indexed in the last year?
Hi Everyone, How can I get the average volume of data indexed by our indexer for the last year? I am using the licensing queries but it's not giving me licensing information older than one month. Are...
View ArticleConvert Format of apiStartTime to Epoch
Hi, I wonder whether someone may be able to help me please. I'm trying to change the "apiStartTime" which is in the following format 'Sat Mar 5 00:00:00 2016' including the apostrophes to an epoch time...
View Article