Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
All Posts
Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- All Posts
All Posts
02-27-2024
05:25 AM
It's logged as a bug and fixed for 9.1.3/9.2.1
02-27-2024
05:21 AM
Hi Team, We are facing discrepancy with Splunk License total usage vs Index wise usage. Could you please help us on this? Our Actual Splunk Stack is 50GB. 1. Index wise License Usage: ...
See more...
Hi Team, We are facing discrepancy with Splunk License total usage vs Index wise usage. Could you please help us on this? Our Actual Splunk Stack is 50GB. 1. Index wise License Usage: for individual index for 1 index showing 65.46GB for the same day Total usage we are getting 55.42GB as shown in below screen shots. 2. Total License Usage: This is the Overall License usage for Feb 15. Kindly assist us with License Usage query based on index wise and it should match with the total License Usage and indicate any changes that need to be made at the server or configuration level. @gcusello @isoutamo @PickleRick Regards, Siva.
Labels
- Labels:
-
using Splunk Enterprise
02-27-2024
05:20 AM
It is true one cannot change the labels. That means we have to choose between having week numbers in numerical rather than calendar order or having year-week numbers in calendar order.
02-27-2024
05:17 AM
I have been building KV Store lookups with the lookup editor and I have noticed that when I add a line in the UI, when I leave it and come back to it, it duplicates the line multiple times and I have...
See more...
I have been building KV Store lookups with the lookup editor and I have noticed that when I add a line in the UI, when I leave it and come back to it, it duplicates the line multiple times and I have to go back and delete the duplicates. This seems to happen whether I am copying and pasting or just simply adding a line by hand. Has anyone else seen this issue or am I doing something wrong? To add a line I right-click on the row and select add a new line above. Once I finish the data input I leave the line to commit it. I go to my dashboard that is displaying the store, refresh and note that there are multiple copies of the line I just added. This does not happen with CSV file lookups, just the KV Stores. Thoughts? More info?
Labels
- Labels:
-
using Splunk Enterprise
02-27-2024
04:35 AM
1 Karma
It would be great if this is logged as an actual bug, or at least a known issue. Some of us have several 1000 of UF's, spread across multiple environments, and updating the log-local.cfg just isn't ...
See more...
It would be great if this is logged as an actual bug, or at least a known issue. Some of us have several 1000 of UF's, spread across multiple environments, and updating the log-local.cfg just isn't feasible.
02-27-2024
04:27 AM
Hi guys, I am trying to set up a code in javascript which will refresh page after javascript run, because now my dashboards loads, but javascript run first and the visualizations depends on javascr...
See more...
Hi guys, I am trying to set up a code in javascript which will refresh page after javascript run, because now my dashboards loads, but javascript run first and the visualizations depends on javascript and then coloring for example don't change. When I tried to put refresh under query to 5seconds, then it was reloaded and all visualizations were loaded, but I would like to do it better way and I am sure with javascript is possible, but I am very basic with javascript, so I was searching here, but nothing worked, because mainly it was set up, that after some button click the javascript will reload the page, but I would like to have it automatically. Thank you for any ideas. v.
- Tags:
- javascript
Labels
- Labels:
-
Classic dashboard
-
form
02-27-2024
04:26 AM
Thanks, will definitely look into it!
02-27-2024
04:25 AM
Selenium works for a big part, but unfortunately not with dropdowns. Might need a combination of tools!
02-27-2024
04:20 AM
@gcusello @PickleRick I have changed my approach. I have used one script which copy the files from the network folder and paste it to local folder and changed the monitoring stranza in inputs.conf bu...
See more...
@gcusello @PickleRick I have changed my approach. I have used one script which copy the files from the network folder and paste it to local folder and changed the monitoring stranza in inputs.conf but this also not worked. Below I changed in inputs.conf
[monitor://C:\Windows\Temp\outgoing\*.xml]
disabled = false
index = new_demo_scada
host = VIDI
sourcetype = new_demo_scada
props & transform remains same.
02-27-2024
04:15 AM
@scelikok I tried but No luck found.
02-27-2024
04:05 AM
Hi @ynag This is a legacy App please check this docu : https://docs.splunk.com/Documentation/CPVMwareDash/latest/CP/About It appears that you don't have sufficient permissions. To resolve thi...
See more...
Hi @ynag This is a legacy App please check this docu : https://docs.splunk.com/Documentation/CPVMwareDash/latest/CP/About It appears that you don't have sufficient permissions. To resolve this, please assign both the 'splunk_vmware_admin' and 'splunk_vmware_user' roles to the admin user. You can find detailed instructions in the documentation provided below: https://docs.splunk.com/Documentation/VMW/4.0.4/Installation/ConfigureuserrolesfortheSplunkAppforVMware
02-27-2024
04:01 AM
1 Karma
Any documentation on this error? I did not see it in any of the Release Notes or Fixed Issues
02-27-2024
03:24 AM
Thanks Giuseppe, I don't see any historical data in my index as yet, this is what's in the splunkd.log file
02-27-2024
03:15 AM
To inject trace context fields in logs, enable log correlation by setting the SIGNALFX_LOGS_INJECTION environment variable to true before running your instrumented application. Reference: https:/...
See more...
To inject trace context fields in logs, enable log correlation by setting the SIGNALFX_LOGS_INJECTION environment variable to true before running your instrumented application. Reference: https://github.com/signalfx/signalfx-dotnet-tracing/blob/main/docs/correlating-traces-with-logs.md After enabling this environment variable: SIGNALFX_LOGS_INJECTION, I was able to see the traceId values in Splunk.
02-27-2024
03:08 AM
Hi @rene_splunk, please try this: [monitor:///var/log/mail.log*]
index = postfix
sourcetype = postfix_syslog Ciao. Giuseppe
02-27-2024
03:04 AM
Hi @uagraw01 , probably something changed! analyze from scratch the input, starting from thetimestamp, that I dont see where it comes from. Ciao. Giuseppe
02-27-2024
03:00 AM
Hi @scout29, use an eval command at the end of the search. Ciao. Giuseppe P.S.: Karma Points are appreciated
02-27-2024
02:56 AM
@gcusello - Thanks! How could i modify this to include one more column showing the percent variance between the average count and latest hour count?
02-27-2024
02:46 AM
Looking to create a report showing the uptime of all hosts in a specific index which ingest data via a UF. I would like to see over the past 30 days, what was the percentage of uptime per host in tha...
See more...
Looking to create a report showing the uptime of all hosts in a specific index which ingest data via a UF. I would like to see over the past 30 days, what was the percentage of uptime per host in that index=abc. I am trying to create a metrics report showing the frequency a host is logging to Splunk.
Labels
- Labels:
-
saved search
-
scheduled search
02-27-2024
02:40 AM
Anyway, regardless of the reason, if it used to work and stop, it would be prudent to troubleshoot for the cause instead of blindly trying to add a setting here and there. Check your splunkd.log on ...
See more...
Anyway, regardless of the reason, if it used to work and stop, it would be prudent to troubleshoot for the cause instead of blindly trying to add a setting here and there. Check your splunkd.log on the forwarder for errors. Check output of splunk list inputstatus and splunk list monitor
