cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
cyphertek
Explorer
Member since: ‎12-30-2012
‎06-05-2020
Community Statistics
Posts 6
Solutions 0
Karma Given 2
Karma Received 1
Member Since ‎12-30-2012
Activity Feed
View All

Re: How can I use timechart to report IIS time_tak...

by in Splunk Search
‎02-05-2017 05:52 PM
‎02-05-2017 05:52 PM
gvmorley, Thank you for your help, it worked! ... View more

How can I use timechart to report IIS time_taken b...

by in Splunk Search
‎02-04-2017 03:02 PM
‎02-04-2017 03:02 PM
Hello Splunk peoples! Would someone please help me figure out how to use timechart to find IIS time_taken by locations using a CIDR inputlookup to figure out the subnet's locations? To show you what I do have working on my Splunk 6.5.2 instance: the following search shows time_taken by c_ip from the IIS sourcetype: index=foo sourcetype=iis | timechart max(time_taken) by c_ip the following search builds a “host Location SubNet” table: index=foo sourcetype=iis [| inputlookup MyServers] | append [| inputlookup SubNetLocations] | table host Location SubNet …here is contents of my transforms.conf [SubNetLocations] filename = SubNetLocations.csv min_matches = 1 default_match = NONE match_type = CIDR(c_ip) [MyServers] filename = MyServers.csv …here is the contents of my MyServers.csv lookup: host ServerA …here is the contents of my SubNetLocations.csv lookup: SubNet,Location 184.174.182.128/26,Remote_IP 172.31.33.0/25,LAN_IP Yet, the following search: index=foo sourcetype=iis [| inputlookup MyServers] | join SubNet* max=0 [| inputlookup SubNetLocations] | timechart max(time_taken) as IISLatency by Location ...merges the Location values to 1 line, like: If I mouse over the different Locations on the right, the line color in the graph changes to that Location's color. By now I have tried following at least 10 other Splunk community pages (some on inputlookup and others on lookup)...but I can’t get anything to graph the Location values separately into their own time_taken value lines. Does anyone have any ideas how I can graph the Location values as their own line in the timechart graph? Thank you in advance. ... View more

Re: Netflow information is being fetched but not b...

by in All Apps and Add-ons
‎07-14-2013 03:47 PM
‎07-14-2013 03:47 PM
Thank you Damian. I'm trying to capture from an Linksys E2500 router running DD-WRT v24 sp2 firmware. I'm starting to think I may need the Standard Software version. Is that what I should be using to collect from the E2500? ... View more

Re: Netflow information is being fetched but not b...

by in All Apps and Add-ons
‎07-13-2013 09:10 PM
‎07-13-2013 09:10 PM
I installed NetFlow for Splunk Powered by NetFlow Integrator 3.1.3 on Splunk 5.0.1 on my Debian server. I configured UDP data input on 9995 to use "netflow" as the source type and the index of "netflow_si_traffic". However, there is nothing found when searching "sourcetype=netflow" and "index=netflow_si_traffic". Also I get "No results found." when going to Overview for All Time in the NetFlow app. I'm seeing a lot of posts about this app not working…what in the world do I have to do to get this to work? I appreciate anyone that will help with a real solution! ... View more

Re: remove source type

by in Getting Data In
‎07-13-2013 12:54 PM
‎07-13-2013 12:54 PM
fbl_itcs, Thank you, that is the answer. ... View more

Re: remove source type

by in Getting Data In
‎07-13-2013 08:44 AM
1 Karma
‎07-13-2013 08:44 AM
1 Karma
My company recently rolled out Splunk for our Citrix XenApp 6.5 environment (>900 2008 R2 servers). So I'm running Splunk at home on my personal Debian server to get more exposure to this app...love it btw, keep up the good work. However, I have this question too on my personal Splunk 5.0.1, build 143156 Debian box... "...After i created a lot of source type, i want to delete them because there are too many." Maybe the title of this question could more specifically read "remove (user created) sourcetype" as this is what I'm after as well. "You need to delete the events carrying those sourcetypes in that case." This seems to be the way I've seen this question answered in other posts too (I'm done searching/reading, it's time to post), but this doesn't delete the sourcetype in the dropdown box chosen when creating an input file. Specifically, what is being asked is how are user created sourcetypes deleted/removed from the Set Source Type popup box seen by doing the following: Manager » Data inputs » Files & directories » Data preview > Set Source Type popup box. So far, I understand the steps to be... verify your ID has the "delete_by_keyword" capability in Manager » Access controls » Roles » yourID run sourcetype=User_Created_Foo | Delete in Splunk » Search to remove entries that have have the User_Created_Foo sourcetype ? Dear Splunk Ninja, please answer what task needs to be done to delete the User_Created_Foo indextype from the Set Source Type popup box in step 3. Thank you very much! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All
Karma given to
View All