Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
- About kairobin
kairobin
Path Finder
Member since:
05-30-2014
01-29-2026
Community Statistics
| Posts | 23 |
| Solutions | 0 |
| Karma Given | 11 |
| Karma Received | 4 |
| Member Since | 05-30-2014 |
Activity Feed
- Posted Re: How to get a list of all hosts installed with Universal Forwarder on Getting Data In. 10-30-2024 02:13 AM
- Karma Re: How to match fields with the same name from two events and if match add a field for gcusello. 10-25-2024 07:10 AM
- Posted Re: Receiving the following error: "failed to start splunk.service: unit splunk.service not found"/ SplunkFor on Installation. 05-29-2024 03:16 AM
- Karma Re: How to bulk delete multiple hosts from Splunk that have not phoned home within a set interval? for brent_weaver. 02-26-2024 11:32 AM
- Posted Can I disable replication bundle to indexers? on Deployment Architecture. 08-03-2022 06:28 AM
- Posted Re: Clustered indexes not showing up in the index list. on Getting Data In. 06-08-2022 01:10 AM
- Karma Can you update us on Splunk certification exams? for vumanhtai. 06-05-2020 12:49 AM
- Karma Re: Can you update us on Splunk certification exams? for 493669. 06-05-2020 12:49 AM
- Got Karma for Re: Can you update us on Splunk certification exams?. 06-05-2020 12:49 AM
- Karma Re: Can i use rest API to see the latest result of a saved search? for acharlieh. 06-05-2020 12:47 AM
- Karma Does Splunk run IIS or Apache for its web server? for molinarf. 06-05-2020 12:47 AM
- Karma Re: Does Splunk run IIS or Apache for its web server? for MuS. 06-05-2020 12:47 AM
- Karma How to Detect Web Application Attacks using Splunk? for brian_799. 06-05-2020 12:47 AM
- Got Karma for Output search results from alert to syslog. Retrieving search output vs. alert statistics from variables. (Linux). 06-05-2020 12:47 AM
- Got Karma for Output search results from alert to syslog. Retrieving search output vs. alert statistics from variables. (Linux). 06-05-2020 12:47 AM
- Got Karma for Re: Output search results from alert to syslog. Retrieving search output vs. alert statistics from variables. (Linux). 06-05-2020 12:47 AM
- Karma Re: Extracting Data from Splunk for reporting in an external system for barakreeves. 06-05-2020 12:46 AM
- Karma Re: when splunk crash,how can i got the information for DaveSavage. 06-05-2020 12:46 AM
- Karma Re: warning during installation for briang67. 06-05-2020 12:46 AM
- Posted Re: How to set up monitoring of F5 health checks in Splunk? on Alerting. 10-25-2018 04:45 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 2 | |||
| 0 |
10-30-2024
02:13 AM
Hello This really sums it all up to me.
index="_internal" source="*metrics.lo*" group=tcpin_connections fwdType=uf
| stats latest(_time) as lastSeen by hostname, sourceIp, fwdType, guid, version, build, os, arch
| eval lastSeenFormatted = strftime(lastSeen, "%Y-%m-%d %H:%M:%S")
| eval timeDifferenceSec = now() - lastSeen
| eval timeSinceLastSeen = tostring(floor(timeDifferenceSec / 3600)) . "h " . tostring(round((timeDifferenceSec % 3600) / 60)) . "m"
| table hostname, sourceIp, fwdType, guid, version, build, os, arch, lastSeenFormatted, timeSinceLastSeen
... View more
05-29-2024
03:16 AM
Hello We also got this issue. Did you find any answer or solution? When installing SplunkForwarder.service have enabled boot start But after at reboot it is changed to disabled boot start. We clearly can not be the only ones experienced this. This is running on a Red Hat Plow and running UF version 9
... View more
08-03-2022
06:28 AM
What benefits would it be to disable replication bundle to indexers What is the downside to disable disable replication bundle to indexers When searching index=_internal we see alot of warnings about replication took to long time. And several times a day the event "timeout" from reading from a peer.
We receive a lot of these events, and no customers are reporting issues regarding lookups failed or failed searches. We are not using cascading replication bundle, but maybe this would stop the error events. Since it will not try again before every peers`s got its copy.
Thanks in advance, Kai
... View more
Labels
- Labels:
-
search head clustering
06-08-2022
01:10 AM
Hi, Did you find a fix for this issue?
... View more
10-25-2018
04:45 AM
health checks are more searches mainly to check up on the Splunk installation itself.
To look for maintenance and service checkup. And to troubleshoot the splunk design.
And a app and search can be used to check IIS logs.
... View more
Is this just the exams? What about course material?
... View more
08-31-2018
04:26 PM
Renandprado96: Did it work?
... View more
12-06-2016
03:28 AM
Does anybody know the price for this app?
... View more
12-06-2016
03:25 AM
this was a really good answer:)
... View more
12-05-2016
05:32 AM
Hi all:)
I have updated the filter_disabled but it still shows removed websites.
Do I need to restart the Splunk app?
... View more
04-10-2015
11:20 AM
I dont understand the question.
Do you want to get a mail each time an alert is run?
... View more
04-10-2015
11:13 AM
This wil give me much more to work With.
thank you
... View more
04-10-2015
06:21 AM
Do you have an examle of this script?
I thought that this only worked with a live search. That for instanc $5 only has information when it ran a search.
... View more
04-10-2015
03:03 AM
In the web Interface of Splunk - Saved Searches. One can view the latest result of a saved search.
This wil give the user the information without doing the search over again.
Does anybody have a way or an example on how to to get these result out using PHP, Curl og even Powershell?
Thanks in advance.
kai
... View more
It Works now as It was planned:
First I made an saved search.
1:
Searchstring:
index=etc something something | outputcsv result.csv
2:
This makes a New file called result.csv
3:
A script is triggered looking like this:
logger -f /opt/splunk/var/run/splunk/result.csv
What this script does it puts all the info inside the file and post it into syslog.
That way Our ticket program can look for certan types of text and react to it.
Thank you very much for the help.
... View more
04-09-2015
01:08 AM
In the search string I use to pipe the result in OUTPUTCSV.
The I can get the result in Clear text.
And inside the script that is running when the alert i set off. It wil use logger and send the text in the csv file into syslog.
This only works manually
... View more
Hi all
I am using RedHat Linux on Our Splunk installation.
On our search head, we are using alerts a lot and I am wondering if anyone out here has
a example of how to get the search result into the syslog of the RedHat server?
The reason for this is because we are using a ticket system which can monitor the syslog.
I now use this search:
searchstring | outputcsv result.csv
And I am trying to make a script that will send the data inside the file into syslog, like this:
RedHat Script
logger -p -t Name_of_alert -f /opt/splunk/var/run/splunk/resultdata.csv
This will pass the result into syslog, but the alert does not use this when it is scripted.
If I do it manually, then it will work,
Using a script for this does not give me the result in cleartext, only metadata about it.
0 SPLUNK_ARG_0 Script name
1 SPLUNK_ARG_1 Number of events returned
2 SPLUNK_ARG_2 Search terms
3 SPLUNK_ARG_3 Fully qualified query string
4 SPLUNK_ARG_4 Name of report
5 SPLUNK_ARG_5 Trigger reason
For example, "The number of events was greater than 1."
6 SPLUNK_ARG_6 Browser URL to view the report.
7 SPLUNK_ARG_7 Not used for historical reasons.
8 SPLUNK_ARG_8 File in which the results for the search are stored.
Thanks in advance to splunk and all answers.
... View more
04-08-2015
08:46 AM
Hi
Does Exchange have the ability to enable more logging?
... View more
03-10-2015
07:45 AM
What are the best practices for setup and using a search head server to take the load off of our indexer?
We have an enterprise license. Do you have a how-to somewhere for adding another search head
and how is the licensing being added to the enterprise license?
... View more
