Monitoring Splunk

Community Activity

How do you parse the following JSON data? Hi, I want to parse below json data .Below is one sample event- Objabco.codecnullavro.schema�{"type":"record","n... by ips_mandar Builder in Monitoring Splunk 12-25-2018 0 3	0	3
Can you help me remove some unnecessary values in a field? Hello Folks, I'm struck with removing result fields unnecessary values: ex: src domain (1)www(2)google(3)co... by leninkp3005 Explorer in Monitoring Splunk 12-20-2018 0 2	0	2
Can you help us find web GUI log in attempts from index=_audit? Hi, We're looking for web GUI log in attempts from index=_audit. Note that for event like following: Audit:[timest... by stwong Communicator in Monitoring Splunk 12-20-2018 0 6	0	6
Monitoring Remote log via file share but have \x00\ usually the first few line have issue, i suspect the application still writing the log file but splunk already try to... by kennethyeung New Member in Monitoring Splunk 12-19-2018 0 0	0	0
How do I search results that depend on the subsearch being empty? Hello, I have following search: index=mlbso sourcetype=BWP_hanatraces earliest=1543313122.531 latest=1543313122.537... by damucka Builder in Monitoring Splunk 12-19-2018 0 1	0	1
How can we handle under spec search heads? Most of our Search Heads are of 252 GBs of RAM but there are some old VMs with 48 GBs of RAM. These ones have been un... by ddrillic Ultra Champion in Monitoring Splunk 12-17-2018 1 6	1	6
Has anyone brought Prometheus data into Splunk? Hey there, our private cloud team currently uses Prometheus to monitor system level data. I was wondering if anyone ... by paimonsoror Builder in Monitoring Splunk 12-14-2018 2 2	2	2
How can I calculate the average duration between changes of two fields / events? Hi  My base search looks like this: I used \| dedup RobotSubState for this screenshot. In reality, every 1 second,... by j_r Path Finder in Monitoring Splunk 12-13-2018 0 12	0	12
Should our two multisite clusters have distinct site numbers? We have our original multisite cluster with site1 and site2. It will be decommissioned in 6 months when all of its i... by lycollicott Motivator in Monitoring Splunk 12-13-2018 1 7	1	7
Can you help me with the following error that showed up after restarting the server: "Could not create path D:\Splunk\cisco\db appearing in indexes.conf: 3" I restarted my server, and the Splunk web GUI didn't load up. My other servers and search heads load up, just not thi... by willsy Communicator in Monitoring Splunk 12-11-2018 0 5	0	5
Login Attempts And Lockout Status Hello Community, I'm new to splunk and couldn't seem to find an answer to my question. I'm currently running a Splu... by thijsvl Engager in Monitoring Splunk 12-11-2018 0 3	0	3
Is it normal for Splunkd to attempt to terminate the McAfee Processes? Hello, I'm using McAfee VirusScan Enterprise and Host Intrusion Prevention (HIPS), and HIPS is reporting that Splunk... by foxmccloud Explorer in Monitoring Splunk 12-07-2018 0 10	0	10
How to restrict time range picker to specific period for search? Hello Team, Here, I want some way to restrict events to search more than a specific period. eg. user can only selec... by kamlesh_vaghela SplunkTrust in Monitoring Splunk 12-06-2018 0 3	0	3
Splunk - JSON Parsing error Hi All, I'm a newbie to the Splunk world! I'm monitoring a path which point to a JSON file, the inputs.conf has bee... by ashrafshareeb Path Finder in Monitoring Splunk 12-04-2018 1 11	1	11
How to pull logs from Symantec Protection Engine? Can we pull the logs from Splunk end instead of sending them from Symantec Protection Engine using a third party too... by vrattlesnake Engager in Monitoring Splunk 12-04-2018 0 6	0	6
While running the rebalance command on an indexer cluster, it is possible to improve performance? We recently resized our indexer cluster from a 3 node to a 4 node. We've ran the "rebalance" command from the master ... by ejharts2015 Communicator in Monitoring Splunk 12-02-2018 2 7	2	7
Can we improve on a standard index=index_name sourcetype=prod \| stats query? We have this standard query - index=<index name> sourcetype=prod clientID=aaa OR clientID=bbbb OR clientID=ccc OR... by ddrillic Ultra Champion in Monitoring Splunk 12-02-2018 0 5	0	5
Errors when monitoring core log in symlink we are using 6.5.2 Enterprise> On new search heads, the core logs have been moved to a symlink: ls -l /opt/splunk/va... by greich Communicator in Monitoring Splunk 11-30-2018 0 1	0	1
Can you help me with the time series data and axis behavior on a chart? I have a chart that shows a time series, for example, let's say it's the # of donuts sold by noon every day for a mon... by grantsmiley Path Finder in Monitoring Splunk 11-30-2018 0 6	0	6
Displaying real-time values with an auto-fresh rate of 0.1sec. Is it possible to display real-time values with an auto-refresh rate of 0.1sec on a timechart/single-value display? ... by marvinlee93 Explorer in Monitoring Splunk 11-30-2018 0 4	0	4
How to Calculate Splunk Organic Growth Regards, I am making a plan for organic splunk growth for the next year. The main question is: How to calculate the... by marcus_santos_s Path Finder in Monitoring Splunk 11-28-2018 0 6	0	6
Can you help me with my subsearch? Hello I tried to combine the first query (before \| append) with the subsearch ( [ search index=.........) but it doe... by jip31 Motivator in Monitoring Splunk 11-23-2018 0 4	0	4
Local data added in splunk server getting deleted Hi, I have uploaded 15 csv files in splunk from local by Add data option and view in the search. After some days i... by SathyaNarayanan Path Finder in Monitoring Splunk 11-22-2018 0 2	0	2
How to get ASCII log file to ingest as plain text from windows 2016 server We are trying to ingest Peregrine logs for Asset Manager and we can open the log file up on the windows server and it... by AndreaSimon New Member in Monitoring Splunk 11-21-2018 0 2	0	2
How come the CPU utilization of one indexer is always higher than those of our other indexers? Hello, We have a non-clustered indexer environment. We have one indexer (blue line) that is always well above the CP... by king2jd Path Finder in Monitoring Splunk 11-21-2018 0 2	0	2