Can I try my query without having to install the splunk server?
I want to verify the correctness of my queries without using the Splunk server. It will be good enough if I can copy my sample logs in a file and then run my new queries with a splunk query tool (if...
View ArticleUnable to join results with all the required stats calculations
What I am trying to do is write a report on bandwidth from firewall logs based upon different sites and work out the total bandwidth, unique users, unique sessions at each site but also the avg...
View ArticleSplunk forwarder file monitoring not detecting new files
Hi Splunkers, I am monitoring a folder (/opt/pvlogs/QUT-GP-P10) with a collection of CSV text files, as follows: .... int_magnetek_151019.txt int_magnetek_151020.txt int_magnetek_151021.txt...
View ArticleHow to get Consecutive Success Percent Column in Splunk Dashboard
I ran a search to get total request count, success count and error count by Application ID and then calculated success percent as well and get the application ID, request count, success count, error...
View ArticleAutomatic rename of fields name , generated from kv_mode=xml
My output is not 100% xml however Splunk can help break it to KV pair by using KV_Mode=XML as customized source type It will give nice key-value pair however with long names , flattened from xml path....
View ArticleFrequency of sending data from DCN to Head
I see that from DCN data come time 5 minutes how to reduce this interval? I use heavy forwarder as DCN
View ArticleSA-Ldapsearch return some BINARY-BLOB and empty groups
Hi, I am getting partial result with ldapsearch, some groups i know to have users are empty some groups have <BINARY-BLOB> as name and members. as our active directory is in French special...
View Articleone of splunk search head crashed which was part of a 4 member search head...
Hello, One of our splunk search head crashed which was part of a 4 member search head cluster. The crashed server cannot be brought online anymore. How to remove it from the cluster setup? so that i...
View ArticleHow to use the value of a text box defined in a Sideview Utils HTML module in...
Hi, I have defined a datepicker in a Sideview Utils HTML module Date: ]]> How can we access this in other Sideview Utils modules? For example:index=re source="*step.csv" date=$datepicker$
View ArticleHow to combine different types of events from different data sources into one...
Hello I have three different data sources (so 3 different types of events) DataSource_1: Event_Number Ticket DataSource_2: Event_Number Create_Event_Date DataSource_3: Ticket Create_Ticket_Date I would...
View ArticleStack Traces Not being Pulled in with Rest of Event
We are seeing sporadic issues with stack traces not being pulled in with the body of their respective error level messages. In the splunkd.logs, the only issue that even occurs around the time of this...
View ArticleAfter upgrading from Splunk 6.1 to 6.3, why am I unable to generate a PDF...
I am unable to generate a pdf since I upgraded from 6.1 to 6.3. I get this message when I try to export a report to a pdf: Unable to render PDF. Exception raised while trying to prepare "Report" for...
View ArticleWhy is a random outputs.conf file being automatically created and deployed to...
I have 3 search heads in a search head cluster, and I'm having some issues with building the outputs.conf files to them. I have 2 outputs.conf files I'd like to use. One is deployed via a deployer and...
View ArticleSplunk 6.3 Extract Fields Props.conf & transforms.conf not working
I setup a field extraction two ways, neither have worked and have caused Splunk to not function in a manner I think it should. I setup a field extraction through the GUI and applied a transform through...
View ArticleHow to manually Index Data in Splunk 6.2.5?
Our production environment just upgraded to 6.2.5 from 6.0.3. The new data inputs seem to be pretty straight forward, except the index and sourcetype options are fairly limited. I will explain what I...
View ArticleAre there currently any apps to parse and index VMware NSX logs?
Are there currently any apps geared to ingesting VMware NSX logs? A few videos, and documents online seem to indicate this is possible, and that Splunk can ingest and parse NSX logs, however I cannot...
View ArticleIs there a Splunk features roadmap to bring features from premium apps to...
Is there a roadmap to bring features (like glass tables and deep dives) from premium app to splunk core?
View ArticleI am trying to search for a data that gives a report only from 6 am to 6.30...
I am trying to search for a data that gives a report only from 6 am to 6.30 am everyday. How do I set the search?
View ArticleWhat method does Splunk use when moving warm buckets to cold?
Hello all, Hot and warm buckets reside on our fastest disks, but when we move to cold it is shipped off to a slower disk. There is a command to manually force the hot to warm transition but is there...
View ArticleHow to filter transaction results based on results of a subsearch?
I have a search which is using transaction to create events for each transaction. I then need to filter those events to show only transaction events containing one of many IP addresses returned from a...
View Article