About kochera

D2SI · ‎08-29-2019

Alright, great!

pj · ‎02-09-2018

This worked - thx

kochera · ‎06-13-2017

Hi, we already have a HEC up and running and this is the only service we want to expose. cheers, Andy

woodcock · ‎12-01-2015

I would open a support case and ask that exact question.

pmdba · ‎01-13-2015

Because DBX builds the JDBC uri dynamically from parameters in the database.conf file (host, port, and service name), I do not believe this kind of connect string is currently possible.

linu1988 · ‎03-25-2014

Kristian's one will be efficient as it will get all the required values before creating the chart.

wcolgate_splunk · ‎04-29-2014

If you had no netmon stanza's then this "error" is erroneous -- and it has been removed; not having any stanza's is not an error case. If you have a bad stanza, this is another issue entirely.

johncosta · ‎06-06-2015

Wow! thank you piebob it is very helpful for my program writing because i do not how to connect the data base app but this link is very clearly describes the all information about the database app.I read the many tutorials from the internet and best essay writing service (http://www.essayguardian.com/) and i did the connection.

bwooden · ‎06-28-2013

Sigi & kochera, your science is pure and appreciated. I tweaked solution slightly for MS-SQL. I'll paste those configs here for anyone else querying MS-SQL. Query Snippet: SELECT CAST([EPOEvents].[ReceivedUTC] as varchar) as [timestamp], ... Respective parameters in inputs.conf: output.timestamp = 1 output.timestamp.column = timestamp # format for writing event: 2012-08-03 08:17:00 output.timestamp.format = yyyy-MM-dd HH:mm:ss # format for translating date from query results: Aug 3 2012 8:17AM output.timestamp.parse.format = MMM dd yyyy HH:mmaa Relevant bit from props.conf: TIME_FORMAT=%Y-%m-%d %H:%M:%S TZ=UTC

kochera · ‎03-20-2013

Problem solved. Used servicename instead of SID

bravon · ‎08-25-2015

Same error here. Splunk 6.2.3 (264376) on Windows.

puneethgowda · ‎12-12-2016

can any one help us to set the print margin

dwaddle · ‎07-27-2012

This may be Java's fault. Well, "fault" may be a little harsh, but it is a result of how certain versions of the JVM buffer GC log writes versus Splunk's assumptions of when a file is "done". When the JVM writes these messages, they don't seem to be line-buffered - so a partial line is possible, with a few-second delay until the completion of said line. Splunk reads the log to EOF and sees the (partial) line and saves it in memory, setting a timer of some sort. The JVM doesn't write the rest of the line until after the timer expires so Splunk's assumption is "that's all of that event" and forwards it on with a "done" flag on it. The "done" flag is like an implicit line breaker, which makes for a broken GC log event... I don't know if there's a way to tune Splunk to "wait longer", or a way to tell the JVM "please line-buffer these" Either would seem to help the issue.

ashutoshab · ‎09-22-2017

I think your Splunk Web is trying to resolve 'splunk.com' while doing a SPLUNK START OR SPLUNK RESTART. You can try and provide connectivity to Public Internet so that splunk can resolve and connect to splunk.com. I faced this same issue recently and found out by doing a tail -f /opt/splunk/var/log/splunk/splunkd.log while giving splunk restart command, that in some way, splunk is trying to resolve splunk.com and is failing as the system does not have Connectivity to public Internet. Check to see if the connectivity is proper and then give the splunk restart command, this solved the problem for me.

hexx · ‎01-10-2012

FYI this has been fixed in SoS 2.1 which is now live.

kochera · ‎01-20-2012

Thanks so far. I opened as well case with Splunk. cheers, Andy

kochera · ‎10-31-2011

Hi Mike, no, the indexes do not exist on the searchhead. Nevertheless I see indexes from the indexers (6) on the searchhead, just not all of them. cheers, Andy

kochera · ‎04-05-2011

if I leave the IP away, then I see results but as you mentioned, this doesn't make any sense...

ftk · ‎03-17-2011

Lookups are a good call on this.

jrodman · ‎02-16-2011

At least one customer has gone the route of constructing conf files eg inputs at splunk-start time. I'm not sure if they wanted includes... I think not, but obviously the goal of doing things your own way exists. Generally we created the bundle system (apps) with the idea of encapsulating logical sets of configuration. The idea of them having a life in the UI, and permissions came much later. You can make apps not have any life in the UI.

Posts	49
Solutions	1
Karma Given	3
Karma Received	19
Member Since	‎02-15-2011

Online Status	Offline
Date Last Visited	‎04-29-2024 02:09 AM

Why is this event splitting into three single even...

Unknown error message from Admin Manager

Forwarder send data to http event collector

saved search with collect command not running/not ...

In our Oracle RAC environment with dataguard, how ...

Same hour for the last 7 days

Windows splunk-netmon on Windows server 2012

write data to database

DB connect - timestamp issue

DBX: Problems after upgrading to 1.0.8

Re: Why is this event splitting into three single ...

Re: Unknown error message from Admin Manager

Re: Forwarder send data to http event collector

Re: saved search with collect command not running/...

Re: In our Oracle RAC environment with dataguard, ...

Re: Same hour for the last 7 days

Re: Windows splunk-netmon on Windows server 2012

Re: write data to database

Re: DB connect - timestamp issue

Re: DBX: Problems after upgrading to 1.0.8

Re: export raw AllTime: file not found

Re: Print report in landscape format

Re: Event not complete in Splunk with field extrac...

Re: Splunkweb - slow startup

Re: serverinfo.py on Solaris x86 server

Re: Splunk server stops taking client data

Re: Indexes are not visible for adding them to a r...

Re: Use extracted field in a subsearch

Re: Suppress well known events

Re: includes in inputs.conf

Are you a member of the Splunk Community?