I have contacted the splunk team they said they gonna create a ticket for this case. That is two days ago and no update to me currently. ... View more

Hi piUek, I'm afraid it is not what we want. the whole thing in this directory has a different structure as version 1.1 and copying it to my website as required library wont work. ... View more

Just take a look at splunkjs/mvc/simpleform/input/ to see how many files in it. Mine is 1.1 so it only has radio.js in it, while v1.2 has a lot of other files in it. ... View more

Hi piUek, Currently I have the version 6.2, and the js library from the path you gave is not version 1.2. ... View more

Unfortunately the question hasn't been solved and thus remain oooooopen.. The reason is that the sdk from the path /share/splunk/search_mrsparkle/exposed/js/build/splunkjs is still from version 1.1 and the other one which is from /share/splunk/search_mrsparkle/exposed/js/splunkjs can not be used in the app. ... View more

Good point. I found the v1.2 in this path: $SPLUNKHOME/share/splunk/search_mrsparkle/exposed/js/splunkjs Thanks mate. ... View more

that is not true. You can use splunkjs stack for doing so. ... View more

Thanks muebel, but I still don't quite get it. What I want to do is build a independent website which do some analytical stuff with the Logs. One way I think it could be done is by using SDK on the client side communicating with a server that runs splunkd. I can do searching and display the results with a graph. Second way is by using Web Framework. It allows me to build a new dashboard inside splunkweb, and it seems to have more powerful features than SDK (for instance, the chart graph produced by Web Framework can be zoomed in/out while the graph from SDK can't.) But the downside of using Web Framework is that the dashboard(even converted to HTML) can only be run inside SplunkWeb, while I want a separated webside. Am I understanding it correctly? Can I use Web Framework outside SplunkWeb or can I make the graph generated from SDK have the ability to zoom in/out. Thanks! ... View more

If the log constantly changes, then it would be expensive to send a TCP traffic every time it changes. ... View more

It does the job!! ... View more

Thanks, in the last statement which is actionDuration=mvindex(split(end,"#"),1)-mvindex(split(start,"#"),1), it says '-' only takes number, which _time is apparently not. How could I solve it? ... View more

because I need to make sure it happens inside the user's login session so that I can know some much time one user spent on this action. Or maybe there's another way? ... View more

Thanks, but I need the timestamps difference between two events that inside the transaction, not the first or the last. Any way I could do that? ... View more

Yeah sure: the log is like: SessionID ConnectionID (both are fields extracted) ..user_auth..(plaint text inside log) SessionID ConnectionID (both are fields extracted) ..user_action_start..(plaint text inside log) SessionID ConnectionID (both are fields extracted) ..user_action_end..(plaint text inside log) SessionID ConnectionID (both are fields extracted) ..user_signoff..(plaint text inside log) and my current query is *| transaction Session connectionID startswith="user_auth" endswith="user_signoff" ... View more

Cool. My remaining question is how come nobody experienced this problem before? ... View more

Problem Sovled!! Basically what I did is change the hostname of linux through "hostname xxx", and edited my /etc/hosts to map this xxx to 192.168.1.23 DONE! ... View more

Cheers mason, problem SOLVED!! ... View more

Fedora Linux ... View more

Hi muebel, it is an entry in my /etc/hosts and it is mapped to 127.0.0.1 and nslookup tell me server cannot find localhost.localdomain. I don't think this is the reason because I have already changed the hostname in inputs.conf as well as the servername in server.conf to 192.168.1.23(which is the ip address of the deployment client ) ... View more

Hi mason, just a quick update. I just tried these two commands and I saw the changes have been done to inputs.conf and server.conf (changing the hostname in inputs.conf and servername in server.conf to 192.168.1.23), but after i restarted the splunk and it still doesn't work and the log said the same thing as in the question. ... View more

Hi mason, I check my hostname is just localhost.localdomain. I know it's just from the system command "hostname". Could it be the reason why the client cannot phone home? Should I change it to the IP address of the universal forwarder? ... View more

Hi esix, This is my server.conf, could you help me verify it? server.conf: [sslConfig] sslKeysfilePassword = .... [lmpool:auto_generated_poll_forwarder] description = auto_genterated_poll_forwarder quota = MAX slaves = * stack_id = forwarder [lmpool:auto_generated_poll_free] ... [general] pass4SymmKey = .... serverName = localhost.localdomain ... View more