Formating question and regex
Hi All, I'm trying to search for start up and shutdown message of AWS instances and build a nice table. On my test instance, the first message on the /var/log/message is the following line when I run...
View Articlethere is a very important typo in sample_app/local/readme.txt
"This is where you put all your configs for this app. Splunk Web will right out configs here, too." I don't have a Splunk subscription so I can't post this as an issue in Jira. Unrelated side question:...
View ArticleDo a lookup with results of another lookup
Does anyone know if this is possible? I have a search that works that gives me results for a particular user from a csv. | inputlookup ldapsearch_corporate_identities | search identity="particular...
View ArticleIntermediate Forwarder Question
We would like to deploy intermediate forwarders in our environment. The IFs receive Windows Event logs from Universal Forwarders and the IFs send data to Splunk indexer. Currently this is working fine...
View ArticleHow do I remove a Splunk event via the Splunk C# SDK?
I apologize in advance for the long question...I want to make sure to describe the issue thoroughly. **The basic goal:** I am trying to get a table from one database (let's call this the source table)...
View ArticleNeed to add a separator in Stats table between each Sort
----| stats sparkline as magnitude_trend,count by rest_api_name,http_status_code,a | lookup AppIdLookUp a OUTPUT PartnerName | sort PartnerName Above is my query to do refer a lookup file and populate...
View ArticleTrying to get SNMP data into Splunk...
I'm having problems getting any SNMP data into Splunk using the SNMP Modular Input. I've set up a Polling Input that is polling a Windows 2008 Server. So far no data has shown up in Splunk. I've...
View Articleデータ入力にて指定したパスの "/" が "%2F"と表示される
Splunk version 6.3.2 を使用した際に、データ入力画面でログファイルのパスを指定した際に、"/" が "%2F" と表示されてしまうことが頻繁にあります。正しく、"/" と表示させる方法はありますでしょうか。 例: >(正)/var/log >>(誤)%2Fvar%2log
View ArticleSplunk won't be accessible after installing Enterprise Security
Hello, I installed Enterprise Security 4.0.2 on Windows 2012 R2. After intsalling the ES, splunk became unresponsive. How do I fix this?
View ArticleSplunk Add-on for Cisco ASA 3.2.4: DateParserVerbose - Failed to parse...
On our Heavy Forwarder 6.3.3 with Cisco ASA 3.2.4 we keep receiving `DateParserVerbose - Failed to parse timestamp. Defaulting to timestamp of previous event`. Why does the Cisco ASA TA have a...
View ArticleLookup csv missing in definitions
Hi, Hopefully a quick one :) I have a user that can upload lookup table files, but when a lookup definition is created, the file does not appear in the lookup file list. The uploaded file is present...
View ArticleSplunk licensing
Is it possible for me to install Splunk Enterprise for a couple of days and play with AD integration and DB Connect to a postgres database?
View ArticleClub results from multiple search in a single table.Search involves dedup and...
index=* activatesessionIdsForREST() : partnerId=11111111111 ActivateOfferRequestVO |dedup sessionIds|stats count(sessionIds) as SessionCount by partnerId append [search index=*...
View ArticleDB Connect 2.0 Index access security issue
I'd tried to get this fixed previously but it hasn't so i'm posting this here to get it some visibility. There is an inadvertent security issue that is included with this app. The issue in that users...
View ArticleCluster not working
For my client I am trying to build a test cluster that will be used for production deployment. The indexer are not communicating with he master server. This is an example of the problem:...
View Articlehigh cpu usage with mi_input in dbx2
I want to collect the data of mysql through the dbx2. To collect the 1000 event every 10 seconds. Query's 59 To use a simple query mode. In a server environment, 6Core Cpu / 32GB Mem stand alone...
View ArticleParallel development in Splunk on the same app - use GIT for management and...
Hi all, Just wondering if anyone has had any experience using GIT as a tool to manage Splunk development work across multiple branches? e.g. if I have two DEV environments and one master environment.....
View ArticleTimechart & Stats Dc.
Hi, I wondered whether someone may be able to help me please. I'm using the query below which works but contains duplicate id numbers under field "detail.ur" index=main auditSource=preferences-frontend...
View ArticleHow splunk.key and mongod.lock work in Splunk KV Store?
Hi Team, Here I have some questions regarding `splunk.key` and `mongod.lock` file (in `/opt/splunk/var/lib/splunk/kvstore/mongo/`). The curiosity of raising these question are from `KVStore` error....
View Article