One of my teammates got a message ,when she tried to post a question as Your user doesn't have enough privileges to post a new question today Can anyone say what is the reason for this message and where to view and set the user privileges. ... View more

There's a problem in creating a Splunk Forum id for one of my teammates. After registering the validation mail from splunk.com was not received and hence the email was not received as well. Hence she is not able to post questions in forum. Please advise. ... View more

I have below requirement, some one Please guide how do I achieve using Splunk I have host called SourceHost where log files are generated and I have another host called TargetHost where I have to transform the source log and write. Source log SNM5 YAHOO3SN.#### :: 03/03/13 00:00:07 :: B ::User yahoo3sn logged in SNM4 YAHOO3SN.871F :: 03/03/13 00:00:07 :: S ::User logged off, Processing will begin Target log Buy | 13/03/03 | YAHOO3SN |03/03/13 00:00:07 | User yahoo3sn logged in Sell | 13/03/03 | SNM4 |03/03/13 00:00:07 | logged off, Processing will begin where 1. B stands for buy and S stand for sell 2. Soruce date is mm/dd/yy and target date is yy/mm/dd 3. if third word in the log is "####" then pickup the second word otherwise pickup the first word. ... View more

I created a dashboard displaying certain results out of a search.i want to add show & hide options to the dashboard so that if i click show button results should get displayed and when i click hide button results should not get displayed. ... View more

How to change the format of the input data to our need before indexing in splunk. My original lof is in the format. SNM4 YAHOO3SN.#### :: 03/03/13 00:00:07 :: User yahoo3sn logged in SNM4 YAHOO3SN.871F :: 03/03/13 00:00:07 :: User logged off, Processing will begin SNM4 YAHOO3SN.871F :: 03/03/13 00:00:07 :: Autoforward profile found for site YAHOO3SN i want to change the format of the above log before indexing starts in splunk t tp the below format YAHOO3SN.871F|logged in|03/03/2013|00:00:07 ... View more

I deleted an uploaded file"C:\Data\acctdata\snm4-logger.log" but when i am trying to upload it again after renaming it, i couldn see that file in summary page.So i checked in manager->data inputs,there i found that file .I opened that file i m a getting a notepad opened with the following message as {"msg": "Successfully updated \"C:\Data\2013\Splunk\FTPLOG.log\". ", "redirect": "/en-US/manager/search/data/inputs/monitor?redirecting=true&msgid=1520000.788126835839&ns=search", "status": "OK"} i proceeded with saving the file.but no progress from there. ... View more

I have the below search index=main sourcetype=summa | rex "::\s(?<timestamp>\S+)\s" | rex "^\S+\s(?<userid>\S+)\." | sort userid timestamp |transaction login startswith="Logged in" endswith="Processing complete" | rex "^\S+\s(?<userid>\S+)\." Which provide the rsultlinke Table-1, I want fix few things in T-1. 1. The reuslt should display some thing like this now this details are spread in two rows one after the other. USER-id, Login time, log out time, number of login sessaion Thanks Rajan Table-1 4/3/13 11:46:12.000 AM SNM4 rajan.#### :: 04/03/13 11:46:12 :: User rajan logged in SNM4 rajan.857F :: 04/03/13 11:46:13 :: Processing complete host=hostname Options| sourcetype=summa Options| source=C:\Data\splunk\fxr\snm4-logger.log Options 4/3/13 11:46:08.000 AM SNM4 verify.#### :: 04/03/13 11:46:08 :: User verify logged in SNM4 different.855F :: 04/03/13 11:46:12 :: Processing complete 4/3/13 11:45:58.000 AM SNM4 suman.#### :: 04/03/13 11:45:58 :: User suman logged in SNM4 suman.853F :: 04/03/13 11:45:59 :: Processing complete host=hostname Options| sourcetype=summa Options| source=C:\Data\splunk\fxr\snm4-logger.log Options ... View more

I have a query as source="C:\Data\acctdata\snm4-logger.log" "Customer has successfully retrieved file"| rex "::\s(? \S+)\s"| rex "^\S+\s(? \S+)." | rex "\s(? \S+)\s((? \d+)\srecords/(? \d+)\sbytes)$"| stats count sum(record_count) as RecordCount sum(byte_count) as ByteCount by timestamp userid .I want to sort the timestamp in descending order so that result would be userid RecordCount ByteCount timestamp AAMG1FBY 3105 1586745 05/03/13 AAMG1SBY 3129 1597053 04/03/13 ... View more

I have my log as SNM4 PGHF14LR.866F :: 04/03/13 11:46:32 :: Received file MOBIUSJ741.20130403 - 317982 bytes transferred SNM4 TDAM1EBY.864F :: 04/03/13 11:46:34 :: Execute_profile_recs: Submitting ftp trans due to quit command SNM4 TDAM1EBY.864F :: 04/03/13 11:46:36 :: Execute_profile_recs: Issuing Put of TDAMUSA_20130403_1147.enc to 'MD.B.DMVR.DV180-50.TDAM1EBY(+1)' From this i want to extract only the timestamp at which the recieve file event has taken place like want the result as timestamp bytes transferred 04/03/13 11:46:32 317982 bytes transferred ... View more

I have a search as source="C:\\Data\\acctdata\\snm4-logger.log" | transaction FILENAME_FIELD keepevicted=true| where mvcount(BYTES_FIELD)>1 | table FILENAME_FIELD BYTES_FIELD producing filename and bytes transferred in each file. Also i have a search as source="C:\\Data\\acctdata\\snm4-logger.log" | transaction Plainuserip keepevicted=true| where mvcount(FILENAME_FIELD)>1 | table Plainuserip FILENAME_FIELD producing username and files transferred by each user. I want to combine the the above two searches to produce the result as follows Plainuserip FILENAME_FIELD BYTES_FIELD 1 EMBT01UK file corpfile5430695 148 bytes transferred 148 bytes transferredSSNM5 ... View more