Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About yAlff
yAlff
Path Finder
Member since:
08-02-2013
06-05-2020
Community Statistics
| Posts | 29 |
| Solutions | 2 |
| Karma Given | 11 |
| Karma Received | 10 |
| Member Since | 08-02-2013 |
Activity Feed
- Karma Re: Restart a splunk app via script for fdi01. 06-05-2020 12:48 AM
- Karma Re: Restart a splunk app via script for Damien_Dallimor. 06-05-2020 12:48 AM
- Karma Re: What are the yellow and red warnings [object Object] that pop up when loggin in and navigating through Splunk? for gyslainlatsa. 06-05-2020 12:47 AM
- Karma StreamedSearch - Streamed search connection terminated for ben_leung. 06-05-2020 12:47 AM
- Karma Re: StreamedSearch - Streamed search connection terminated for BP9906. 06-05-2020 12:47 AM
- Karma Re: StreamedSearch - Streamed search connection terminated for wsnyder2. 06-05-2020 12:47 AM
- Got Karma for Why am I getting "Error fetching event from search peer" when searching for a specific sourcetype?. 06-05-2020 12:47 AM
- Got Karma for Why am I getting "Error fetching event from search peer" when searching for a specific sourcetype?. 06-05-2020 12:47 AM
- Got Karma for Why am I getting "Error fetching event from search peer" when searching for a specific sourcetype?. 06-05-2020 12:47 AM
- Got Karma for What are the yellow and red warnings [object Object] that pop up when loggin in and navigating through Splunk?. 06-05-2020 12:47 AM
- Got Karma for What are the yellow and red warnings [object Object] that pop up when loggin in and navigating through Splunk?. 06-05-2020 12:47 AM
- Got Karma for Forward data from logstash-forwarder to Splunk Indexer. 06-05-2020 12:47 AM
- Got Karma for Forward data from logstash-forwarder to Splunk Indexer. 06-05-2020 12:47 AM
- Karma Too many streaming errors to target on cluster for responsys_cm. 06-05-2020 12:46 AM
- Karma Re: Timechart with overall count for kristian_kolb. 06-05-2020 12:46 AM
- Karma Re: Timechart with overall count for martin_mueller. 06-05-2020 12:46 AM
- Karma Re: Add "Price" field with different values for specific timeranges for gfuente. 06-05-2020 12:46 AM
- Got Karma for Cumulate counts in timechart for sw-rollout. 06-05-2020 12:46 AM
- Got Karma for Re: Customize time scale. 06-05-2020 12:46 AM
- Got Karma for Re: Daily maximum of concurrent Logins. 06-05-2020 12:46 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 2 | |||
| 2 | |||
| 3 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 0 |
06-27-2016
08:08 AM
Hi,
I just created a script, which will reload a Splunk Add-On. Unfortunately, my savedsearch cannot run the script.
Its location is /bin/scripts/restart_amqp.py , so it's a python script. I also introduced some logging to see when it is started. If I run it with splunk cmd python scripts/restart_amqp.py it works fine and does what it should do.
My Splunk is running on Windows server 2008.
Thanks.
... View more
06-05-2016
11:04 PM
Did you resolve this issue? And how?
The Same for me.
Latest 6.3-version of Splunk running on win server 2008 r2
... View more
03-31-2016
05:32 AM
I will test it. But I'm wondering if this is the cause. The app always stops working at midnight. Should rather stop after memory is full, shouldn't it?
I will observe it with some tools and produce a protocol.
... View more
03-31-2016
05:30 AM
Thanks! The following worked for me:
splunk _internal call /apps/local/your_application_name/_reload
I'm running Splunk on Windows. The only difference now is the missing /services in the beginning. Splunk added it by itself. Don't know, if it has to do that splunk is running on Windows.
... View more
03-22-2016
05:11 AM
I downvoted this post because this is how to restart splunk. i want to restart an applikation installed in splunk, as it is written in the question.
... View more
03-22-2016
02:40 AM
Unfortunately our installation of the AMQP Modular Messaging Input App stops running because of not enough memory every night. To workaround here, we set up a trigger, which should start a script that restarts the Splunk app. Is there a way to restart a splunk app via CLI?
... View more
03-21-2016
02:39 AM
Hello Damien,
can you please check the picture? I cannot see it and also need a resolution for this.
... View more
08-06-2015
03:24 AM
It influenced the search results and it was neccessary to
upgrade immediate to Splunk 6.2.4
double the RAM in the machines to give the indexers more air to breathe
... View more
08-06-2015
03:23 AM
In retrospective it influenced my results. We had to upgrade the whole cluster to 6.2.4 and double the RAM.
... View more
08-06-2015
03:21 AM
Hi,
as mentioned in the title I'm wondering, if the props.conf or indexes.conf can be split for a more clear structure. Does anybody do this?
Best regards,
Yannic
... View more
06-16-2015
02:22 AM
2 Karma
Hi all,
some times we see warnings on the top of the page, that say [object Object]. We did not do any configurations before. They just pop up, when logging in and navigating through Splunk.
Please see the following picture:
Can you help us here? What does it mean?
Best,
Yannic
... View more
05-07-2015
05:19 AM
2 Karma
Hi all,
we have an ELK-cluster in our company and now we want to have the data, we have in ELK, as well in Splunk. Installing splunk Forwarders on the servers to monitor is not an option unfortunately.
We don't want to query Kibana from Splunk and import those results into Splunk; we want the raw logs.
Has anyboy of you experiences with configuring logstash-forwarders, to send the data as well to the Splunk Indexers?
We are thinking as well of shipping the logs to a file on a syslog-server where a UF can pick them up and forward them to the indexers - but maybe there is something more elegant?
Thanks,
Yannic
... View more
10-01-2014
02:44 AM
Yes, this seems to be the solution. Only the "results" earlier than the last 2 days showed this error.
Yes, it is a distributed search environment.
Thanks for your answer. In the meatime all results started looking normal.
... View more
09-25-2014
05:43 AM
I added the query. But it was only sourcetype=mysourcetype. After this certain time, there are results shown.
... View more
09-25-2014
05:10 AM
3 Karma
Hi,
searching for a specific sourcetype I get the message
### ERROR FETCHING EVENT FROM SEARCH PEER ###
What can I do with this error? It only occurs at a certain time range (before sept 24, 7 pm).
Maybe someone has an idea about what this error tells me? I didn't find anything yet.
The whole search query is sourcetype=mysourcetype
Best regards,
Yannic
... View more
11-28-2013
03:00 AM
Hey,
did you just try to filter for Trend Micro?
Just extract the field behind search? (maybe named as what ), and then filter with sourcetype=bla what="Trend Micro*"
It means that all the returned results contain Trend Micro $reason$ and the just extract the $reason$-tag
Regards
... View more
11-28-2013
02:56 AM
1 Karma
Hello pytb,
i'm not sure what you mean with concurrent logins reached for each day , but maybe take a look at http://docs.splunk.com/Documentation/Splunk/5.0.2/SearchReference/Timechart#More_examples.
So, just add | timechart span=1d to your search string and you will get a timechart. You can visualize this timechart as line or whatever you want to use.
... View more
11-28-2013
02:53 AM
1 Karma
Hello leustan,
did you try
| timechart span=20s
already?
It is referenced here: http://docs.splunk.com/Documentation/Splunk/5.0.2/SearchReference/Timechart#More_examples
... View more
11-27-2013
11:34 PM
Thanks, but it just adds the field totals and now the results are zero - over all time.
... View more
11-27-2013
01:26 AM
1 Karma
Hi,
I'm looking for a function to cumulate values in a timechart, so I can see a real-time development of a software roll-out - distincted by a UID. The result should look as a ramp.
My search string looks like this:
sourcetype="foo" devicetype="Bob" | timechart dc(uid) as totale by sw | addtotals
This table as an example of the desired results:
Time # events w/ new sw cumulated
Day 1 128 128 128
Day 2 230 102 230
Day 3 220 78 308
So at Day 3 in the example, there are 308 devices with the new software AND it is clear to see, that it doesn't depend primary on how many events where registered.
I think I have to extract the UIDs from one day into a file, to compare them with the UIDs from the next day.
I just tried accum and streamstat, but nothing fits my expectations.
Is there any possibility to solve the problem? This problem is driving me crazy...
Regards 😉
... View more
11-21-2013
02:54 AM
Please apologize, I put my question in a hurry and didn't formulate it well. Please see my updated question.
Thank you for your advise 🙂
... View more
11-19-2013
07:16 AM
Hi,
I'm looking for a function to cumulate previous values in a timechart. Means that I can see a real-time development of a software roll-out - distincted by a UID. The result should look as a ramp.
My search string looks like this:
sourcetype="foo" devicetype="Bob" | timechart dc(uid) as totale by boxsw | addtotals
This table as an example of the desired results:
Time # events w/ new sw cumulated
Day 1 128 128 128
Day 2 230 102 230
Day 3 220 78 308
So at Day 3 in the example, there are 308 devices with the new software AND it is clear to see, that it doesn't depend primary on how many events where registered.
I just tried streamstats like mentioned in the first comment (that was made according to a badly formulated question...), but it doesn't give me the result I need. (As a first step I would be happy, if there where any cumulated results)
So, I'm looking forward to seeing an instructive answer to my question 🙂
Regards 😉
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
