Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
- Find Answers
- :
- About jmallorquin
jmallorquin
Builder
Member since:
01-22-2013
10-09-2020
Community Statistics
| Posts | 229 |
| Solutions | 22 |
| Karma Given | 23 |
| Karma Received | 60 |
| Member Since | 01-22-2013 |
Activity Feed
- Got Karma for Re: If a peer goes down in an indexer cluster, how does new indexed data get replicated, and what happens when the peer comes back up later?. 05-28-2024 11:56 AM
- Got Karma for Issue log event alert action distributed environment. 06-24-2022 08:46 AM
- Karma Re: Why is curl search giving an error after upgrading Splunk to 7.2.4? for nickhills. 06-05-2020 12:50 AM
- Karma Re: Where can I find what has been introduced in Splunk 6.4.1 that is different from 6.4.0? for woodcock. 06-05-2020 12:48 AM
- Karma Re: Official way to clean indexed data from index cluster for gfuente. 06-05-2020 12:48 AM
- Karma Re: How do I reset the Password if I do not remember the original one? (working on a MAC) for lguinn2. 06-05-2020 12:48 AM
- Karma Re: Why is our Search Head Cluster captain generating "ERROR KVStorageProvider - Could not update replica set configuration" every 5 seconds? for splunkIT. 06-05-2020 12:48 AM
- Got Karma for Re: Is it possible to have the options for a checkbox input appear in a horizontal line instead of a vertical list?. 06-05-2020 12:48 AM
- Got Karma for Re: How can I have alerts in splunk free!. 06-05-2020 12:48 AM
- Got Karma for Re: How to set an alert to run every 5 minutes with an alert throttle set for 24 hours based on 2 fields?. 06-05-2020 12:48 AM
- Got Karma for Re: How to configure Splunk to monitor and index a file that is generated by a script daily, even if there is no change?. 06-05-2020 12:48 AM
- Got Karma for Re: How to migrate a whole indexer with almost no logs lost ?. 06-05-2020 12:48 AM
- Got Karma for Re: Saving extracted field in Props.conf Vs Using regex extraction directly in search with out saving in props.conf. 06-05-2020 12:48 AM
- Got Karma for Re: How can I have alerts in splunk free!. 06-05-2020 12:48 AM
- Got Karma for Re: Trying to performance test my Splunk searches, but why are results sometimes returned too fast?. 06-05-2020 12:48 AM
- Got Karma for Re: I have just installed Splunk (Windows - 64-bits), and when it tries to start Splunk, it returns the following error: "HTTP 404 Not Found". The web page that is trying to open is "http://localhost:8000/". Could you tell me what web page I have to open?. 06-05-2020 12:48 AM
- Got Karma for Re: Storage size thoughts and calculations. 06-05-2020 12:48 AM
- Got Karma for Re: Storage size thoughts and calculations. 06-05-2020 12:48 AM
- Got Karma for Re: TCP Routing and Anonymizing data. 06-05-2020 12:48 AM
- Got Karma for Re: Lookup table greater than 2GB - possible solutions?. 06-05-2020 12:48 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 0 |
03-30-2016
06:41 AM
Yes,
Just configure in the search peers in case of cluster one indexer of the cluster (to not duplicate events) and the standalone servers.
Hope i help you
... View more
03-30-2016
06:38 AM
Use this props.conf configuration
DATETIME_CONFIG=CURRENT
SHOULD_LINEMERGE=false
NO_BINARY_CHECK=true
LINE_BREAKER=([\r\n]+)(\[ERROR\]|\[INFO\]|\[DEBUG\])\s+
... View more
03-30-2016
06:28 AM
And the replication factor?
... View more
03-30-2016
06:24 AM
In the clusters how many servers do you have?
... View more
03-30-2016
06:07 AM
Ok,
So the problem is with perl... have you try to build the command before execute?
$command = "find." ".$flags[0]." -maxdepth 1 -type f -name"." ".$flags[1]." -mmin ".$min_val." -ls";
printf($command);
system($command);
Hope i help you
... View more
03-30-2016
04:14 AM
Hi,
The problem is in the stanza
you have to use
[script://./bin/dir_patrol.pl]
disabled = 0
interval = 60
sourcetype = dir_patrol
Hope i help you
... View more
03-30-2016
02:54 AM
Hi,
Can you show the inputs.conf conf and also have you check that the user of splunk have rights to execute the script?
... View more
03-30-2016
02:41 AM
Hi,
The events in the example are correct? I see that not all of them have time stamp.
You sould identifie when start and ends a event and what timestamp do you want to setup.
Regards,
... View more
03-30-2016
02:35 AM
Hi,
Use the bin folder to write a sh script with you perl command, then in the inputs.conf configure a stanza with the sh script.
Hope i help you.
... View more
03-29-2016
05:37 AM
Ofcourse,
You can use props.conf and transforms.conf to routing the events that you want.
Hope i help you.
... View more
03-29-2016
04:36 AM
1 Karma
Hi,
You can use a HeavyForwader to send the coocked data to the indexer. In the heavy forwarder you can anonymize the info.
Hope i help you.
... View more
03-29-2016
03:58 AM
1 Karma
Hi,
You can set in the panel de number 10000 and in the query filter the eventes with |head $token_number_of_rows$
Hope i help you.
... View more
03-17-2016
09:55 AM
Hi,
The best way is to install a universal forwarder in remote server.
Othe way is to mount the filesystem of the remote server with the log file in the indexer (NO RECOMENDED AT ALL).
Hope i help you.
... View more
03-17-2016
09:46 AM
Hi,
If a user need to use a lookup, they have to have read access, but you can control the write access just assign only read righ to the lookup.
In that way, they only will be able to query and NOT edit.
Hope i help you.
... View more
03-15-2016
04:53 AM
Hi,
I't could be possible to get more information about this issue? SPL-98594
Thanks,
... View more
- Tags:
- known_issue
03-10-2016
07:13 AM
Hi,
Reviewing your configuration there is a mistake about the name of the transform.
eliminate_opsec vs eliminate-opsec
They have to be the same.
Hope i help you.
... View more
03-10-2016
06:28 AM
Hi,
Have you checked if in the indexers the configuration is replicated?
Hope help you.
... View more
03-10-2016
06:24 AM
Hi,
Have you restarted splunk daemon?
Hope help you
... View more
02-26-2016
03:16 AM
Fixed updating to last version 2.0.0
Thanks.
... View more
02-26-2016
02:57 AM
Hi,
I already have configured a kvstore and I can see data with the command |inputlookup kv_lol , but I am unable to edit the kvstore with the Lookup File Editor App for Splunk Enterprise.
The permissions are global and I can't see the kv_lol in the app's lookup editor list.
Any body know what happened? thanks.
... View more
02-23-2016
07:22 AM
Thanks fdi
But i still unable to login 😞 with your links.
Regards,
... View more
02-23-2016
06:07 AM
Hi,
I can't login into Support Portal.
http://login.splunk.com/page/sso_redirect?type=portal
Regards,
... View more
02-16-2016
08:08 AM
First you should use LINE_BREAKER just to split the one line log to events.
... View more
