Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Archive
Archive
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Community
- :
- Archive
Options
- Mark all as New
- Mark all as Read
- Float this item to the top
- Subscribe
- Bookmark
- Subscribe to RSS Feed
- Invite a Friend
- Threaded format
- Linear Format
- Sort by Topic Start Date
Discussions
Start a Conversation
| Thread Info | |||||
|---|---|---|---|---|---|
|
Hi there,
I need to re-index some data. In inputs.conf, host_segment parameter is configured as follows:
host_s...
|
1
|
8
| ||
|
I am configuring SNMP traps based off of scheduled searches - does Splunk log this whenever a trap is generated? I as...
|
1
|
1
| ||
|
|
In Windows I have the following in the Inputs.conf:
[monitor://C:\Program Files\Microsoft SQL Server\MSSQL10_50.MS...
by
Kyle_Brandt
Path Finder
in
Archive
09-30-2010
|
0
|
5
| ||
|
I have syslog-ng data coming from LWFs that have been earmarked for indexA. I want to intercept these events and rero...
by
the_wolverine
Champion
in
Archive
09-27-2010
|
0
|
12
| ||
|
|
Hello, How do i use multikv to extract fields that have % or / in them ? I'm unable to extract if it has those charac...
|
1
|
2
| ||
|
|
[1] I would like to know if I can tar an index from a Splunk instance and then untar it into other Splunk instance?
...
by
Nicholas_Key
Splunk Employee
in
Archive
09-28-2010
|
0
|
2
| ||
|
|
Is there any way to get popup or lite mode AccountBar WITH the logo clickable? This would be very useful for turning ...
|
0
|
1
| ||
|
|
Hi,
I used the app library interface to install the OSSEC app. It always gives me this error:
500 Internal Se...
|
0
|
1
| ||
|
|
Dear ziegfried,
Firstly, I really like your Google Maps App. but I have question about input. When I search with g...
|
0
|
3
| ||
|
|
I want to install Splunk for Cisco Security App
I used downloaded http://www.splunkbase.com/apps/All/4.x/App/app:S...
by
ryanbyrdbasicre
Engager
in
Archive
09-23-2010
|
1
|
1
| ||
|
|
I am trying to setup *Nix app. However, I am having a hard time understanding it.
Ideally, I want to use this app ...
|
0
|
2
| ||
|
|
Do you have any readily available scripts that I can use?
|
0
|
3
| ||
|
|
I don't have a clue anymore. My data hasn't been indexed anymore. I attempted all the three ways of Files & Directori...
by
Caio_Santos
Path Finder
in
Archive
09-21-2010
|
2
|
4
| ||
|
|
Hey,
I have been searching through the vast module reference and have not been able to find a specific <param...> ...
|
1
|
4
| ||
|
|
We have a LWF on Linux that is forwarding to our indexer. We're a little tight on space, but in my experience the LWF...
|
1
|
3
| ||
|
|
we have a license for our QA environment for 500MB. We wanted to have the same functions (deployment, alerts, securit...
by
atulmistry
Engager
in
Archive
09-20-2010
|
4
|
2
| ||
|
|
Hi, I'm using Splunk to index logs which timestamp is in the format Y2010M09D17H10N07S00. As Splunk couldn't understa...
|
2
|
5
| ||
|
|
I didn't find it mentioned anywhere in the documentation. I might have overlooked it.
http://www.splunk.com/base/D...
by
Nicholas_Key
Splunk Employee
in
Archive
09-18-2010
|
0
|
2
| ||
|
|
Hi,
I've installed splunk in order to see what it's like and what it does. It looks very nice at first glance, but...
|
0
|
2
| ||
|
|
We'v got license violations six times with 500MB license level, but when we update with new license level 20G(stop th...
|
0
|
4
| ||
|
When I try to start Splunk it gives the following output -
Splunk> CSI: Logfiles.
Checking prerequisites...
Ch...
|
4
|
4
| ||
|
|
I have installed the 64 bit version of splunk onto a 2003 64 bit OS. It is asking me to install flash 9 or better.......
by
berniefieldhous
Engager
in
Archive
08-23-2010
|
0
|
2
| ||
|
|
So I have the following in inputs.conf:
[udp://10005]
connection_host =
index = serverlogs
sourcetype = syslog
dis...
|
0
|
3
| ||
|
|
I'd like to know the specific version of the third-party packages (openssl, pcre, openldap, etc.) Splunk ships with. ...
by
Alan_Bradley
Path Finder
in
Archive
09-15-2010
|
0
|
1
| ||
|
|
How can I submit an Enhancement Request (ER) / Request for Enhancement (RFE) to Splunk>?
|
7
|
2
| ||
|
|
I find myself continually mystified by Splunk's strategy for placing things like event types, saved searches etc. How...
|
0
|
1
| ||
|
|
Hello. My logs contain Simple Chinese characters. After setting CHARSET = GB2312 in the props.conf, some Chinese char...
|
0
|
2
| ||
|
How do I force splunk to index new files in the directory that is being monitored immediately? sometimes it takes rea...
by
sfmandmdev
Path Finder
in
Archive
09-13-2010
|
1
|
1
| ||
|
|
i downloaded the following logs to my workstation running xp and i have splunk running on it. how do i import them in...
|
0
|
3
| ||
|
|
I've often heard this considered, but am wondering if anyone has done actual work with one or the other or both of th...
|
0
|
3
| ||
|
|
I have SplunkLightForwarder turned on for AIX and Linux (Suse) and when initiating a Splunk stop it takes 5-10 minute...
by
MasterOogway
Communicator
in
Archive
09-03-2010
|
0
|
6
| ||
|
|
Dear
I search cmd:
sourcetype="access_combined" clientip="192.0.1.42" | sendemail to="teng.johnny@msa.hinet.net...
|
0
|
1
| ||
|
|
Any gurus know why there are files created in /var/tmp/ folder by Splunk?
splunk@splunk:/var/tmp> more ddtb5535964...
|
0
|
2
| ||
|
|
Does anyone know how to load saved results from a previous search via CLI command? The documentation suggests that we...
|
1
|
1
| ||
|
|
I know this Question has been asked before (http://answers.splunk.com/questions/712/put-data-in-separate-index-based-...
|
0
|
11
| ||
|
|
I am just getting started with splunk. I imported a log file from my web server. however, the file dosn't show up in ...
|
0
|
1
| ||
|
|
I read a similar post about this here but I'm not sure I completely understand.
My tomcat log name looks like thi...
|
0
|
2
| ||
|
|
So then what is the recommended method for ingesting evtx files from Windows 2008? Also, when I enable and configure ...
|
0
|
2
| ||
|
|
From our weblogs, I have extracted fields including http_bytes and http_domain. I would like to get a stacked chart o...
|
1
|
2
| ||
|
|
Hi,
is the Windows App supported on Splunk installed on Linux ? When I go for example to section Windows -> Event ...
by
jrosenmayer
New Member
in
Archive
09-06-2010
|
0
|
2
| ||
|
|
C:\Program Files\Splunk\Python-2.6\Lib\smtpd.py??
|
1
|
1
| ||
|
|
I'm following the tutorial for embedding dashboard elements in 3rd party software here
http://www.splunk.com/base/...
by
caphrim007
Path Finder
in
Archive
09-02-2010
|
1
|
3
| ||
|
|
We're building an app which is intended to be deployed onto Windows, Unix, and Mac versions of Splunk. In our app's c...
by
Justin_Grant
Contributor
in
Archive
08-18-2010
|
3
|
5
| ||
|
|
I would like to add the total amount of time an cs_id spends on the web daily. Ironport provides logs where the time ...
|
0
|
1
| ||
|
|
I’m seeing conflicting info in the Splunk docs about how an app should specify its version in app.conf.
I’ve seen...
by
Justin_Grant
Contributor
in
Archive
06-24-2010
|
6
|
9
| ||
|
|
I've got certain events that I want to send to collect. I see the addtime option (defaults to true). What does it do?...
by
the_wolverine
Champion
in
Archive
09-01-2010
|
0
|
2
| ||
|
I'm running Enterprise on a Linux (RH Ent 5) box. Just installed the PDF app per the directions ("auto" install). The...
|
3
|
6
| ||
|
|
I have a bit of an issue, as I typo'd a path change this morning, and ended up with about 8-10 hours of data being in...
by
mcafeesecure
Explorer
in
Archive
08-31-2010
|
2
|
5
| ||
|
|
I am having some problems with the Google Maps app for Splunk. I am not seeing consistency of the maps. I expect the ...
|
1
|
2
| ||
|
|
Hi,
We now have a setup in which we use splunk like this. Forwarders deployed on windows Domain Controllers, that ...
|
1
|
4
| ||
|
|
Hi all,
I'm trying to forward my summarized events from an indexer (machine1) to multiple indexers (machine2 and m...
by
Nicholas_Key
Splunk Employee
in
Archive
08-29-2010
|
0
|
1
| ||
|
|
There's a limitation in the dbinspect command where you cannot specify multiple indexes to report on, therefore repor...
by
Brian_Osburn
Builder
in
Archive
08-27-2010
|
2
|
2
| ||
|
|
Hi. Some of the scheduled saved searches have stopped running. When click on these saved searches from Search App's "...
|
0
|
2
| ||
|
|
Hi
Is it possible to create pdf interactive report. I mean to get pdf report with links to results. For example wh...
by
jmaslowski
Engager
in
Archive
08-26-2010
|
1
|
1
| ||
|
|
I am trying to make a chart using autoregress with the previous 365 values/days... My time range needs to be at least...
by
charlessplunk
New Member
in
Archive
08-26-2010
|
0
|
2
| ||
|
|
Is SPLUNK an SIEM, SIM or SEM tool?
A. Strongly agree B. Slightly agree C. Agree D. Slightly Disagree E. Strongly ...
by
alphonzeus
New Member
in
Archive
08-25-2010
|
0
|
2
| ||
|
|
Hi There,
I would like to know how to configure axis. With the following XML, I got _time on Y-axis and count on X...
|
1
|
2
| ||
|
|
Hi All
my PDFserver cant contact the appserver. Both are running on the same host. How do I set these kind of prop...
|
1
|
3
| ||
|
|
Does the windows app work with 2008 event log files? Is the Windows app the best way to monitor windows logs?
|
0
|
2
| ||
|
|
Dear Sir
Does you have advenced xml example file to explain "Selector" module ??? I can't understand the explana...
|
0
|
6
| ||
|
|
Hello, I have been using splunk for about 6 months and continue to be amazed at what the product can do..
Anyway,...
by
ericrobinson
Path Finder
in
Archive
08-23-2010
|
0
|
2
| ||
|
|
I have following inputs.conf
[script://$SPLUNK_HOME/etc/apps/mck-perflog-aix/bin/lsvgdetails.sh]
index = mck-perfl...
|
2
|
4
| ||
|
|
Is HP-UX 11i v1 supported by Splunk? The download page only lists v2 and v3.
|
0
|
2
| ||
|
|
08/17/10,0:15:02,start load_updates.sh 9.3
08/17/10,0:20:04,start load_updates.sh 9.3
08/17/10,0:25:02,start lo...
|
1
|
5
| ||
|
|
Hi,
Will have a very variable throughput. Some time with a lot of Http request (about 100.000 per seconds during o...
|
0
|
2
| ||
|
|
Splunk appeasrs to be failing to index the server.log for our ATG Joss instances. On the Splunk indexer the following...
|
0
|
3
| ||
|
|
I have multiple LightForwarded, in different domains, who have similar host names (machines inside one domain are the...
|
1
|
13
| ||
|
|
Hi all,
We use google apps in the office and it requires ssl/tls. Splunk sendemail.py does not seem to be able to ...
|
0
|
1
| ||
|
|
1
|
1
| |||
|
|
Hi,
I am using Websphere process server and would like to use JMX monitoring for the same. Can you lease let me kn...
by
ravi_shah01
Engager
in
Archive
08-11-2010
|
1
|
1
| ||
|
|
Hello,
I'm new to splunk and I'd like to use this app with a file as data input and not a port on the splunk serve...
|
0
|
2
| ||
|
|
Splunk is installed in a Windows Domain. The service accounts are running as a Domain Admin. The authentication for t...
by
ricksimonds
Engager
in
Archive
07-12-2010
|
1
|
3
| ||
|
|
Is there a way to deserialize the LoggingEvent produced by Log4J when using the socket appender? Splunk appears to re...
|
0
|
3
| ||
|
|
I had a power outage on my system and upon restoring, I now get this in the splunkd.log and the splunkd service will ...
|
0
|
5
| ||
|
|
We are trying to get Splunk to monitor a cluster of federated WebSphere Application Server v6.1 instances, which are ...
|
2
|
4
| ||
|
|
Can Splunk index SQL LDF and MDF files?
|
0
|
2
| ||
|
|
Any ideea if Splunk 4.0.9 it's working on Solaris 8.2?
|
0
|
2
| ||
|
|
My situation is: I have installed the Net-snmp and I have configured this to receive trap to the snmptrapd.log and I ...
|
0
|
1
| ||
|
|
I am using the following in my search options: index="my_site_hosts" "hostABC" "failed"
The results displays send...
|
1
|
2
| ||
|
|
Hi there --
I completed installing the latest version of Splunk on two systems where the first is the server, and ...
|
0
|
2
| ||
|
|
Hello, I was trying to send a pdf report thru email by using a saved search, and in the email an error messages displ...
|
2
|
4
| ||
|
|
Hello,
I am trying to get control with the cisco Mars logs, and have trouble with the separator. Acording the manu...
|
0
|
8
| ||
|
|
Hi, I searched the Splunk>answers and saw someone had asked the question before. But my situation is a little differe...
|
1
|
5
| ||
|
|
We would like to measure the performance and throughput. I would like to have line-graphs that shows:
Throughput p...
|
1
|
4
| ||
|
|
on a mac os x server, I am trying to add a directory as input. I encounter the following error when trying to save th...
|
0
|
1
| ||
|
|
Hello,
We have some issues while implementing the Websphere app module in splunk.
1) Our profile directory doe...
|
1
|
2
| ||
|
|
Hi,
Have just installed SplunkForF5 app. Would like to check on the methods to configure data input for it?
|
2
|
2
| ||
|
|
How do you properly set a source matching stanza in props to be lower than the default stanza matching priority?
P...
|
2
|
3
| ||
|
|
License Violations continue daily even though I have taken the daily indexing down below the Allowance. With a 500Mb ...
|
1
|
6
| ||
|
|
We installed the PDF server. We followed the instruction in the manual and checked if Xvfb was installed. The only di...
by
benoitvanderbec
Engager
in
Archive
06-22-2010
|
1
|
1
| ||
|
|
I need to enrich my event data (web logs) with several other fields based on a value of one of the events fields. I p...
|
0
|
1
| ||
|
|
I'm brand new to Splunk. I'm trying to setup Cisco Security for Splunk, specifically for logging for our IPS. I've go...
|
1
|
1
| ||
|
|
I wanted to use Splunk to look at data in a file. I added this file in Data Inputs. After reviewing the data I want t...
|
0
|
1
| ||
|
|
Hi,
I am trying to start splunk on a server running RH5, and get the belowmessage re: selinux. I have tried adding...
|
1
|
4
| ||
|
|
I have been looking everywhere and i have not found the procedure to execute this tasks.
Please help me.
Kind R...
|
0
|
4
| ||
|
|
We're building a Splunk app and need to decide which index to use to store the events captured by our app's inputs. W...
by
Justin_Grant
Contributor
in
Archive
05-12-2010
|
2
|
3
| ||
|
|
Hi All,
I need a sanity check. This extraction seemed to work in 4.0, Can someone help? mac_address and source_ip ...
|
0
|
4
| ||
|
|
I'm currently working with inputs.conf and would like to have the stanzas recognize the values that are assigned to t...
by
Nicholas_Key
Splunk Employee
in
Archive
04-30-2010
|
3
|
5
| ||
|
|
I am expecting to see each record as an event, but the result is not as expected. Some records are displayed as indiv...
by
msenthilganesh
New Member
in
Archive
05-26-2010
|
0
|
1
| ||
|
|
Hi
I need to extract a splunk app file (.spl) created in v4.1.2 onto a non splunk machine (linux workstation) to c...
by
Pete_Bassill
Path Finder
in
Archive
05-25-2010
|
0
|
4
| ||
|
|
Is it possible to change the axis titles for line charts? I can do so with column charts
<option name="charting....
by
caphrim007
Path Finder
in
Archive
05-24-2010
|
0
|
1
| ||
|
|
I am trying to use a host name in the stanza [udp://foo.514] but the name is not taking, on the same subject if I hav...
|
1
|
3
| ||
|
|
Hello,
I have a central splunk server, a splunk server specifically for the PDF Server application, and my mail se...
|
3
|
3
| ||
|
|
If our app's inputs.conf uses an index other than "main" (e.g. a custom index for our app) does our app's setup UI (o...
by
Justin_Grant
Contributor
in
Archive
05-12-2010
|
1
|
5
| ||
|
|
I am attempting to setup Splunk on a VM that will become a VM template. I have run sysprep and made it a template. I ...
|
1
|
3
| ||
|
|
Is there a way to completely isolate a user, so that they can only see themselves as a user and only their host - no ...
|
1
|
2
| ||
|
|
I read in the Knowledge Manager Manual "All extraction configurations in props.conf are restricted by a specific sour...
by
thepocketwade
Path Finder
in
Archive
03-29-2010
|
0
|
5
| ||
|
|
I've been asked to look into renaming my Splunk indexer server (don't ask why). Is there a "best" or safe method for ...
|
1
|
2
|
Get Updates on the Splunk Community!
