About kairobin

kairobin · ‎08-03-2022

What benefits would it be to disable replication bundle to indexers What is the downside to disable disable replication bundle to indexers When searching index=_internal we see alot of warnings about replication took to long time. And several times a day the event "timeout" from reading from a peer. We receive a lot of these events, and no customers are reporting issues regarding lookups failed or failed searches. We are not using cascading replication bundle, but maybe this would stop the error events. Since it will not try again before every peers`s got its copy. Thanks in advance, Kai

kairobin · ‎06-08-2022

Hi, Did you find a fix for this issue?

kairobin · ‎10-25-2018

health checks are more searches mainly to check up on the Splunk installation itself. To look for maintenance and service checkup. And to troubleshoot the splunk design. And a app and search can be used to check IIS logs.

kairobin · ‎10-25-2018

What is a F5?

kairobin · ‎09-07-2018

Is this just the exams? What about course material?

kairobin · ‎08-31-2018

Renandprado96: Did it work?

kairobin · ‎08-31-2018

Did it work?

kairobin · ‎12-06-2016

Does anybody know the price for this app?

kairobin · ‎12-06-2016

this was a really good answer:)

kairobin · ‎12-05-2016

Hi all:) I have updated the filter_disabled but it still shows removed websites. Do I need to restart the Splunk app?

kairobin · ‎04-10-2015

I dont understand the question. Do you want to get a mail each time an alert is run?

kairobin · ‎04-10-2015

This wil give me much more to work With. thank you

kairobin · ‎04-10-2015

Do you have an examle of this script? I thought that this only worked with a live search. That for instanc $5 only has information when it ran a search.

kairobin · ‎04-10-2015

In the web Interface of Splunk - Saved Searches. One can view the latest result of a saved search. This wil give the user the information without doing the search over again. Does anybody have a way or an example on how to to get these result out using PHP, Curl og even Powershell? Thanks in advance. kai

kairobin · ‎04-09-2015

It Works now as It was planned: First I made an saved search. 1: Searchstring: index=etc something something | outputcsv result.csv 2: This makes a New file called result.csv 3: A script is triggered looking like this: logger -f /opt/splunk/var/run/splunk/result.csv What this script does it puts all the info inside the file and post it into syslog. That way Our ticket program can look for certan types of text and react to it. Thank you very much for the help.

kairobin · ‎04-09-2015

I wil add the Complete code here when I have made it to work.

kairobin · ‎04-09-2015

This is the walktrough I needed, Thank you.

kairobin · ‎04-09-2015

In the search string I use to pipe the result in OUTPUTCSV. The I can get the result in Clear text. And inside the script that is running when the alert i set off. It wil use logger and send the text in the csv file into syslog. This only works manually

kairobin · ‎04-08-2015

Hi all I am using RedHat Linux on Our Splunk installation. On our search head, we are using alerts a lot and I am wondering if anyone out here has a example of how to get the search result into the syslog of the RedHat server? The reason for this is because we are using a ticket system which can monitor the syslog. I now use this search: searchstring | outputcsv result.csv And I am trying to make a script that will send the data inside the file into syslog, like this: RedHat Script logger -p -t Name_of_alert -f /opt/splunk/var/run/splunk/resultdata.csv This will pass the result into syslog, but the alert does not use this when it is scripted. If I do it manually, then it will work, Using a script for this does not give me the result in cleartext, only metadata about it. 0 SPLUNK_ARG_0 Script name 1 SPLUNK_ARG_1 Number of events returned 2 SPLUNK_ARG_2 Search terms 3 SPLUNK_ARG_3 Fully qualified query string 4 SPLUNK_ARG_4 Name of report 5 SPLUNK_ARG_5 Trigger reason For example, "The number of events was greater than 1." 6 SPLUNK_ARG_6 Browser URL to view the report. 7 SPLUNK_ARG_7 Not used for historical reasons. 8 SPLUNK_ARG_8 File in which the results for the search are stored. Thanks in advance to splunk and all answers.

kairobin · ‎04-08-2015

Hi Does Exchange have the ability to enable more logging?

Posts	21
Solutions	0
Karma Given	9
Karma Received	4
Member Since	‎05-30-2014

Online Status	Offline
Date Last Visited	‎08-03-2022 11:17 AM

Can I disable replication bundle to indexers?

Can i use rest API to see the latest result of a ...

Output search results from alert to syslog. Retrie...

How to add a search head to search against our Spl...

Can I disable replication bundle to indexers?

Re: Clustered indexes not showing up in the index ...

Re: How to set up monitoring of F5 health checks i...

Re: How to set up monitoring of F5 health checks i...

Re: Can you update us on Splunk certification exam...

Re: How to configure the timezone by sourcetype?

Re: How to configure the timezone by sourcetype?

Re: How to Detect Web Application Attacks using Sp...

Re: Does Splunk run IIS or Apache for its web serv...

Re: How to remove a website from the Website Monit...

Re: Configure alerts in the user interface "Messag...

Re: Can i use rest API to see the latest result o...

Re: Can i use rest API to see the latest result o...

Can i use rest API to see the latest result of a ...

Re: Output search results from alert to syslog. Re...

Re: Output search results from alert to syslog. Re...

Re: Output search results from alert to syslog. Re...

Re: Output search results from alert to syslog. Re...

Output search results from alert to syslog. Retrie...

Re: How to monitor Exchange logs on Splunk without...