Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About nikhilagrawal
nikhilagrawal
Path Finder
Member since:
04-18-2012
06-05-2020
Community Statistics
| Posts | 34 |
| Solutions | 0 |
| Karma Given | 6 |
| Karma Received | 4 |
| Member Since | 04-18-2012 |
Activity Feed
- Got Karma for Can I blacklist sourcetype or Index?. 10-10-2022 12:44 AM
- Karma Re: Any Issue if I use latest Forwarder installation on some boxes for dwaddle. 06-05-2020 12:46 AM
- Karma Re: Discard specific events (Debug) and keep the rest for Jason. 06-05-2020 12:46 AM
- Karma Re: Unable to distribute to peer : Authentication failed Error for dart. 06-05-2020 12:46 AM
- Karma Re: How to Add New Tab on main App for rturk. 06-05-2020 12:46 AM
- Karma Re: Define Multiple clientName in deploymentclient.conf file on splunk forwarder for alacercogitatus. 06-05-2020 12:46 AM
- Karma Re: Upgrade Splunk on Linux for bbingham. 06-05-2020 12:46 AM
- Got Karma for Need to disable Source Type. 06-05-2020 12:46 AM
- Got Karma for Need to disable Source Type. 06-05-2020 12:46 AM
- Got Karma for Setting more then one Client name on Deploymentclient.conf on Indexer. 06-05-2020 12:46 AM
- Posted Re: how we can identify peoples region in Splunk ? on Splunk Search. 09-05-2016 06:24 AM
- Posted Re: how we can identify peoples region in Splunk ? on Splunk Search. 09-05-2016 06:05 AM
- Posted Re: how we can identify peoples region in Splunk ? on Splunk Search. 09-05-2016 06:04 AM
- Posted how we can identify peoples region in Splunk ? on Splunk Search. 09-05-2016 05:22 AM
- Posted Use UDP to index rest api logs on Splunk Enterprise. 03-17-2016 02:59 AM
- Tagged Use UDP to index rest api logs on Splunk Enterprise. 03-17-2016 02:59 AM
- Posted Re: Why is splunk/_internaldb/db suddenly indexing high volumes of internal logs in our environment (8-10GB per day)? on Getting Data In. 01-28-2016 06:56 AM
- Posted Why is splunk/_internaldb/db suddenly indexing high volumes of internal logs in our environment (8-10GB per day)? on Getting Data In. 01-27-2016 02:47 AM
- Tagged Why is splunk/_internaldb/db suddenly indexing high volumes of internal logs in our environment (8-10GB per day)? on Getting Data In. 01-27-2016 02:47 AM
- Tagged Why is splunk/_internaldb/db suddenly indexing high volumes of internal logs in our environment (8-10GB per day)? on Getting Data In. 01-27-2016 02:47 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
09-05-2016
06:24 AM
all users are in Active directory
... View more
09-05-2016
06:05 AM
Its mainly application logs indexed to Splunk and we are trying to create performance dashboard categorise people as internal/external and region (UK/US/APAC/Other).
... View more
09-05-2016
06:04 AM
Its mainly application logs indexed to Splunk and we are trying to create performance dashboard categorise people as internal/external and region (UK/US/APAC/Other).
... View more
09-05-2016
05:22 AM
Hello Team,
We have use case where we need to map/identify people's region in Splunk and create dashboard. Can we do something in Splunk?
we want to be able to write some performance dashboards and categorise people as internal/external and what region (UK/US/APAC/Other)
thanks
Nik
... View more
- Tags:
- splunk-enterprise
03-17-2016
02:59 AM
We are currently using TCP capability to index REST API logs in Splunk. We now have requirement to use UDP instead of TCP. When I select UDP capabilities under same role nothing happens.
I am keeping rest all setting (port, URL etc. ) same and adding UDP capability for the role. Do I need to make any other changes to index REST logs using UDP?
Source setting are as follows:
1.) Add slpunk Nuget Package
2.) Add a class SplunkAppender.cs
internal class SplunkAppender : log4net.Appender.AppenderSkeleton
{
…
public SplunkAppender()
{
var connectArgs = new ServiceArgs
{
//TODO: Read this from config file
Host = {splunk url},
Port = 8089
};
var service = new Service(connectArgs);
service.Login(username, password);
_receiver = new Splunk.Receiver(service);
}
protected override void Append(log4net.Core.LoggingEvent loggingEvent)
{
string data = RenderLoggingEvent(loggingEvent);
_receiver.Submit(new ReceiverSubmitArgs()
{
Index = _index,
Source = _source,
SourceType = _sourceType
}, data);
}
}
3.) Change Configuration – Add a new appender
4.) For logging to splunk end point
var logger = LogManager.GetLogger("SplunkLogger");
logger.Info("logged to splunk! GFX2Client Plugin Loaded");
... View more
01-28-2016
06:56 AM
Thanks guys. Appreciate your help. Found the real culprit. One of the forwarder's was keep trying to connect to the indexer and was failing. Hence logging high volumes of error message.
... View more
01-27-2016
02:47 AM
Hello Team,
splunk/_internaldb/db is indexing high volumes of internal logs in our environment (8-10GB per day). This is something recently started. Earlier, we never had issues with internaldb logs. No change has been done in default settings. The only difference I can see under db logs-- lot of .lock files.
-rw------- 1 uatfxspl fxituser 15 Jan 26 16:50 hot_v1_1944.lock
drwx--x--x 3 uatfxspl fxituser 4096 Jan 26 16:50 db_1453827013_1453826043_1944
drwx--x--x 3 uatfxspl fxituser 4096 Jan 26 17:07 db_1453828033_1453826997_1945
drwx--x--x 3 uatfxspl fxituser 4096 Jan 26 17:24 db_1453829051_1453828016_1946
Please let me know if you need more details.
... View more
01-14-2016
07:18 AM
1 Karma
We have client logs getting indexed using Rest API and our license is overloaded with high volume. Because of REST API setup, we don't have a forwarder pushing logs to Splunk indexer-- it's getting indexed directly from user machines. Is there any way we can just blacklist the index or source type?
Thanks
... View more
05-13-2014
09:11 AM
I have created the filed and used in transform.conf but it does not seems to be working. Field Name=Test
Test="Ndi reversed position attributes:"
[strip_header]
REGEX = Test
DEST_KEY = queue
FORMAT = nullQueue
props.conf:
[source::/opt/splunk_fx_prod/fx_hot_bucket/fxmp_hedger_prod/.../*]
TRANSFORMS-null= strip_header
Can someone help here please?
... View more
04-14-2014
04:34 AM
Thanks for response.We have log pattern as below and I want to discard all events which includes "Ndi reversed position attributes" string and log the rest of the log file.
2014-04-14 12:29:04,394 INFO [com.rbsfm.fxmicropay.netpositioner.ndi.NdiPositionPublisher] Ndi reversed position attributes: CNH:-753.21:GBP:70.25:FXMPMALN:16-Apr-2014 00:00:00:0
So Can I use something like this?
[strip_header]
REGEX = "Ndi reversed position attributes "
DEST_KEY = queue
FORMAT = nullQueue
... View more
04-14-2014
03:21 AM
Hi
I want to discard log lines which includes specific tag "reversed position attributes
" in log file.
We want to avoid lines which includes these specific tags and index rest of the log file. Is it possible to discard these log lines on forwarder level?
Please suggest suitable solution. If you need more information please let me know.
Thanks.
... View more
- Tags:
- discard
01-07-2014
10:17 AM
We have recently upgraded the Splunk SearchHead and Indexer to Splunk V6. Since afternoon we are facing below error and no logs are coming on Indexer or Search head.
1. Search peer lonrs10215 has the following message: Tcp output pipeline blocked. Attempt '400' to insert data failed.
I looked at the splunkd.log on indexer and can see below error message:( 11.192.36.204 is the Indexer server lonrs10215 mentioned in above error)
01-07-2014 18:10:33.233 +0000 WARN TcpOutputFd - Connect to 11.192.36.204:9997 failed. Connection refused
01-07-2014 18:10:33.234 +0000 ERROR TcpOutputFd - Connection to host=11.192.36.204:9997 failed
01-07-2014 18:11:03.235 +0000 WARN TcpOutputFd - Connect to 11.192.36.204:9997 failed. Connection refused
01-07-2014 18:11:03.235 +0000 ERROR TcpOutputFd - Connection to host=11.192.36.204:9997 failed
01-07-2014 18:11:23.237 +0000 WARN TcpOutputProc - Shutdown timed out for 11.192.36.204:9997
01-07-2014 18:11:23.237 +0000 WARN TcpOutputFd - Connect to 11.192.36.204:9997 failed. Connection refused
01-07-2014 18:11:23.237 +0000 ERROR TcpOutputFd - Connection to host=11.192.36.204:9997 failed
01-07-2014 18:11:23.421 +0000 WARN TcpOutputFd - Connect to 11.192.36.204:9997 failed. Connection refused
When i tried the command (netstat -an | grep 9997) on indexer I can see its connecting and have established connections:
tcp 24778 0 11.192.36.204:9997 11.182.8.168:2621 ESTABLISHED
tcp 1304190 0 11.192.36.204:9997 11.182.8.168:2620 ESTABLISHED
tcp 1613142 0 11.192.36.204:9997 11.192.36.204:46875 ESTABLISHED
Can you please suggest to resolve this?
Thanks
Nik
... View more
01-07-2014
06:51 AM
Hi I have recently upgraded to Splunk version6. I am facing the same issue.
Tcp output pipeline blocked. Attempt '200' to insert data failed.
Can someone suggest solution please?
... View more
12-12-2013
04:54 AM
slight change:
tar -xzvf splunk-6.0-182037-Linux-x86_64.gz --strip-path=1
it worked with the change.
Thanks
... View more
12-12-2013
03:45 AM
Hi
We are running Splunk 5.0.3, build 162460 on our UAT environment. I tried upgrading to latest version 6. I am following the steps described in the document.
1. Stop current Splunk instance.
2. Copy splunk-6.0-182037-Linux-x86_64.gz same directory (opt/splunk/).
3. run: tar xvfz splunk-6.0-182037-Linux-x86_64.gz under (opt/splunk/). Which created another directory "Splunk". so now there is /opt/Splunk/Splunk.
4. Then tried (mv * ../ )under opt/splunk/splunk to move all dir from new splunk instance to upper level. I thought this will overwrite the existing splunk files. But its returning error "Can't overwrite etc, Bin and some other directories.
Can someone please suggest what is wrong here?
Thanks
Nik
... View more
- Tags:
- upgrade
11-06-2013
05:05 AM
It worked... Thanks
... View more
11-06-2013
03:51 AM
we have two separate App running on one server and need to monitor both Application (different log path).
[target-broker:deploymentServer]
targetUri = test:8089
[deployment-client]
clientName = fx_test1_fx_test2
phoneHomeIntervalInSecs = 300
serverclass.conf
[serverClass:fxtest1]
whitelist.0 = *
[serverClass:fxtest1:app:forward_fxtest1]
whitelist.0 = fx_test1
restartSplunkd = true
[serverClass:fxtest2]
whitelist.0 = *
[serverClass:fxtest2:app:forward_fxtest2]
whitelist.0 = fx_test2
restartSplunkd = true
Can someone please help I need to do with Whitelist to push these two deployment apps to splunk forwarder.
Thanks
... View more
- Tags:
- deploy-client
06-21-2013
07:45 AM
We have situation where other team want to manage their own instance of universal forwarder on the same Windows box. Is it possible to run multiple forwarder under different dir on Windows box?
Thanks
Nik
... View more
- Tags:
- forwarder
10-26-2012
08:09 AM
Anybody can suggest how to setup email alerts if Splunk service is down. I am trying to configure alerts in a way so we get email alert if service is down.
Any sort of help will be appreciated.
Thanks
Nik
... View more
09-04-2012
03:38 AM
I am working on new setup for splunk and facing "Unable to distribute to peer named lonrs10457 at uri https://SPLUNK-IDX1:8089 because peer has status = "Authentication Failed" " error on SearchHead. I have distributed search setup. I have checked the status under
Manager » Distributed search » Search peers>
Status: Authentication Failed; Replication status:Initial
Forwarder are not enabled at the moment. indexer is up and running.
Any suggestion please.
... View more
- Tags:
- distributed
