Errors increasing on search where "lookup table does not exist" for multiple...
When running ad-hoc searches, I am getting errors that are increasing. My last search produced "20 errors occurred while the search was executing. Therefore, search results might be incomplete.". When...
View ArticlePrint rex result on search
First, i'm sorry for my bad english. Let me explain my problem. I have to do a search on splunk, and in the result, get a specific value, between ": [44444]" (In this case, i want the value 44444.) and...
View ArticleSpunk Enterprise Deployment in Vcloud enviroment
I am in the process of architecting Spunk Enterprise in a Vcloud public environment and am trying to capacity plan for future state. I am new to the splunk community and would appreciate any input and...
View Articleindex entire file as a single event but avoid duplicate indexing
I need to monitor a folder where each file should be treated as a single event. The files get their entire content over some time (usually hours). Initially, loosely segregated events used to get...
View ArticleField Extraction not working
I'm logging from a program called pega, which spits out some lengthy logs. I found the field names, and attempted to assign the names to the fields, but am having problems doing so. Below is an output...
View ArticleCompare Search Result Against Lookup File and Output Multiple Fields
Hello, I am not sure what I am doing wrong but logically I feel this search string should work however it isn't working. S here is a description of what I am trying to do, I am trying to run a search...
View ArticleWhy Do I Get 404 error When Accessing McAfee v2.1.2 with Fully Configured DB...
I have a splunk Enterprise instance using DB Connect v2 successfully configured. When I access the McAfee module v2.1.2, I have the webpage returned 404 Page not found. Looking at the docs, it...
View Articletotals for a transaction
I have a system with customers interacting with a catalogue, stepping through the menus, searching etc. I can chunk these into transactions using user ID & time period (max 7 mins, max pause 1...
View ArticleStrptime statement not extracting date/time
I've been trying to import the data into splunk and have been unable to get the time/date to work. Included is a screenshot. Any help is appreciated![alt text][1] [1]: http://i.imgur.com/L6fCwRx.png
View ArticleWhat is the process for setting up an alert to trigger for >15 events in a 30...
Hello fellow Splunkers...I am currently work on a search that I need to alert on if it occurs greater than 15 times in a 30 minute period. I have set up the search/alerting, but I am a little lost on...
View ArticleOLD Splunk Server: lookups and other slow-downs?
All.. I have inherited the task of learning about an older Splunk installation (4.1.5). It is working just fine, however, it has been starting to show some high-cpu usage and other indications that it...
View ArticleBEWARE: srchFilter usage may negate each other in certain situation.
If you are using deny (NOT) in your srchFilter be aware that inheritance of multiple roles with negative filters will negate each other. For example: role1: srchFilter = NOT abc role2: srchFilter = NOT...
View ArticleURL rewrite not properly handeled
Splunk web is configured to be accessed trough sso kerberos (mod_auth_kerb) It work perfectly well, but some part of the application are not properly rendered. when we click on some link a blank page...
View ArticleCSV records limit from Monitoring
Is there any limit on data being indexed from a csv file which is monitored from a remote machine with Splunk UF installed ? The file has over 1 million records and I am seeing less events than...
View ArticleCSV file with column named "Index"
I've got a CSV file with a column called "Index." Naturally, this is a bit of a problem. Is there a way to deal with this other than making a new sourcetype for it and specifying the header row? I'd...
View ArticleInclude date on a Splunk report
Hello Splunkers - I'd like to include the time/date range of a search in my report. If I have a report that runs at midnight showing all the results for yesterday, I'd like to be able to see the actual...
View ArticleHow to pass search result from one Panel to a different Panel?
Hello. I'm trying to construct a footer containing my app's version in a dashboard. The footer resides in a different panel. I can find the version from a search, but I haven't found a way to pass that...
View ArticleAdd line numbers to multiline event using rex in sed mode
Hi, Is there a way to use fields in rex expression? I would like to do something like this: > | eval *num*=1 | accum *num* | rex mode=sed "s/(?m)^(.*)$/*num*. \1/g" meaning adding to multiline event...
View ArticleUsing Timewrap to compare to a specific static date or week
I'd like to compare a chart of this week's activity to a specific, never changing baseline week. I would determine which week is the perfect representative week of normal behaviour, say Feb 08 to Feb...
View ArticleDBConnect 2 batch input
When creating a new input in DB Connect 2 if I set type as Batch input, does it mean that the Splunk index will delete all old data in the assigned index and populate it with the new data at every...
View Article