Difference between splunkd -p 8089 restart or splunkd -p 8089 start
When I do *top -c1* on the indexers/Heavy Forwarders, splunkd process is running as follows **splunkd -p 8089 restart** or **splunkd -p 8089 start**. What is the difference between these two processes?...
View Articleconverting to an epoch date format using strptime
I’m trying to extract the date and time from the Winevent log when an unexpected shutdown has occurred(EventCode=6008) The message in the event is below: The previous system shutdown at 7:53:08 AM on...
View ArticleAbout DBX connection pool and troubleshoot dbx app.
Hello all. I'm using splunk 6.2.2 with dbx 1.1.6 connected oracle 11g. I'm have 32 realtime savedsearch running two headers. And all dbx config file inherited default file. I'm wondering why dblookup...
View ArticleSplunk Architecture
does anyone have an architecture plan that describes what is needed, etc for a large deployment?
View Articlesyslog-ng can't write to mounted partition
Hi Splunk Community, We are testing forwarding syslog traffic to a syslog-ng server so we can forward those events with a Splunk Forwarder running on the same host. We can't get syslog-ng (running as...
View ArticleHow to control colors of piecharts by order? (6.3.0)
This is options of piecharts.[0xf56363,0x7a5aa4,0x287bbe,0x19bdc4,0xb5ec4f,0x5cdb88,0xf0e24a,0xffa921,0xf34a89,0xfb8fb3] I set this options to 4 piecharts. But some view(3rd view) is not applied. ![alt...
View ArticleSplunk is crashing due to RunDispatch
Hello, We are getting crash.log on every 5 minutes as following. Does anyone have any information ? [build aa7d4b1ccb80] 2016-03-22 01:55:02 Received fatal signal 8 (Floating point exception). Cause:...
View ArticleUse different Regex in one search
Hello I have a dashboard with a radio-button input. Depending on which value is selected, I want to use a different regex to extract some fields. Example: base search | if...
View ArticleGroup searches or alerts
Hi At this time i have 2 alerts that are triggered every morning and i receive 2 separate e-mails. Would it be possible to have just one e-mail that contains the results from the 2 alerts ? Alert1:...
View ArticleRestart a splunk app via script
Unfortunately our installation of the AMQP Modular Messaging Input App stops running because of not enough memory every night. To workaround here, we set up a trigger, which should start a script that...
View ArticleAccessing Splunk Enterprise for Azure after Installation
I have just installed Splunk Enterprise through the Azure Marketplace. The deployment has completed and I haven't changed any of the default security settings. I cannot access the application through a...
View ArticleCan an alert fill a lookup?
I have certain events running into my index that have more of a describing nature to other events. Some kind of metadata. Now as I learned metadata to events is best stored in a lookup. Let's say a...
View ArticleVMWare syslog hosts not showing up properly
I have 5 VMWare hosts sending syslogs to an indexer. 3 servers, vmw010 - vmw012, show up just fine when I do a search using vmw01*. But vmw013 and vmw014 do not show up. 013 and 014 show up...
View ArticleResponse time dashboard for webservice hits
hi , i want to create a dashboard which will show the individual response time for the respective webservice. i have already created a dashboard which will capture the average response time. PFB my...
View ArticleHelp with regex whitelist
Hi, I need to whitelist files that match this format in a directory. Hoping someone can help me.... WebAPIServ_RTP_L1.20160102_171339_084.log WebAPIServ_RTP_L2.20160216_225645_002.log...
View ArticleHow to extract a value into a field from a string?
I have this string : Leaving className=com.vsp.il.drools.business.spring.SpringRulesBusinessImpl....
View ArticleHunk bucket archive question?
When HUNK does its bucket pushes to HDFS, it also pushes a couple small supporting files, metadata, etc... With Hadoop's issues handling small files, I was wondering if that is something that's been...
View ArticleQuestions regarding to the Splunk / Hunk Splunk Archiver dashboard
In the Archive dashboard, I see two panels for archiving via coldToFrozen by index, I've googled it and looked through the documentation, but don't see how to configured this for HDFS. Am I correct to...
View ArticleSideview button action to refresh page
There's probably a quick way to do this with a customBehavior, but all those warnings on the docs for customBehavior make me want to ask first before trying it. I've followed instructions from:...
View ArticleHow to center the title of a panel and color the title background?
Hi, I've seen panels like this in a video. ![alt text][1] How can I center the panel title and color the background of the title? Thanks in advance [1]: /storage/temp/119186-panel-title.png
View Article