Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About pmacdonald
pmacdonald
Explorer
Member since:
09-30-2022
10-13-2022
Community Statistics
| Posts | 7 |
| Solutions | 0 |
| Karma Given | 5 |
| Karma Received | 0 |
| Member Since | 09-30-2022 |
Activity Feed
- Karma Re: Windows Universal Forwarder - Not Forwarding for gcusello. 10-13-2022 04:39 PM
- Karma Re: Gauge Not Showing Correct Number for bowesmana. 10-13-2022 04:03 PM
- Posted Gauge Not Showing Correct Number? on Dashboards & Visualizations. 10-12-2022 06:15 PM
- Posted Re: Windows Universal Forwarder - Not Forwarding on Splunk Search. 10-12-2022 08:40 AM
- Posted Windows Universal Forwarder - Not Forwarding? on Splunk Search. 10-11-2022 08:13 PM
- Karma Re: This dashboard version is missing for kamlesh_vaghela. 10-07-2022 06:20 AM
- Posted Re: This dashboard version is missing on Dashboards & Visualizations. 10-06-2022 07:12 PM
- Posted Re: This dashboard version is missing on Dashboards & Visualizations. 10-06-2022 07:00 PM
- Posted This dashboard version is missing: Why am I getting this message? on Dashboards & Visualizations. 10-02-2022 06:50 PM
- Karma Re: Visualization Fromw Windows Universal Forwarder for richgalloway. 10-02-2022 03:29 PM
- Posted Visualization From Windows Universal Forwarder- What is this message? on Dashboards & Visualizations. 10-02-2022 08:55 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
10-12-2022
06:15 PM
I have the following that should display the current free memory in a windows system. However, it appears that I am missing something.
index="perfmonmemory" | eval mem_free=mem_free/1024 | eval mem_free=round(mem_free,0) | timechart count span=1min | bin _time span=1min | stats avg(mem_free) as rpm | gauge rpm 10 20 30 40 50 60
... View more
10-12-2022
08:40 AM
Hello, Yes it was a DNS issue with the host in question....
... View more
10-11-2022
08:13 PM
I am tying to track down why my Windows Universal forwarder is not forwarding to the Splunk server/index. I can't seem to see anything for example in the past 24 hours and not sure why?
## ## SPDX-FileCopyrightText: 2021 Splunk, Inc. <sales@splunk.com> ## SPDX-License-Identifier: LicenseRef-Splunk-8-2021 ## DO NOT EDIT THIS FILE! ## Please make all changes to files in $SPLUNK_HOME/etc/apps/Splunk_TA_windows/local. ## To make changes, copy the section/stanza you want to change from $SPLUNK_HOME/etc/apps/Splunk_TA_windows/default ## into ../local and edit there. ##
###### OS Logs ###### [WinEventLog://Application] disabled = 0 index = wineventlog start_from = oldest current_only = 0 checkpointInterval = 5 renderXml=true
[WinEventLog://System] disabled = 0 index = wineventlog start_from = oldest current_only = 0 checkpointInterval = 5 renderXml=true
###### Host monitoring ###### [WinHostMon://Computer] interval = 600 disabled = 0 index = hostmonitoring type = Computer
[WinHostMon://Process] interval = 600 disabled = 0 index = hostmonitoring type = Process
[WinHostMon://Processor] interval = 600 disabled = 0 index = hostmonitoring type = Processor
[WinHostMon://NetworkAdapter] interval = 600 disabled = 0 index = hostmonitoring type = NetworkAdapter
[WinHostMon://Service] interval = 600 disabled = 0 index = hostmonitoring type = Service
[WinHostMon://Disk] interval = 600 disabled = 0 index = hostmonitoring type = Disk
###### Splunk 5.0+ Performance Counters ###### ## CPU [perfmon://CPU] counters = % Processor Time; % User Time; % Privileged Time; Interrupts/sec; % DPC Time; % Interrupt Time; DPCs Queued/sec; DPC Rate; % Idle Time; % C1 Time; % C2 Time; % C3 Time; C1 Transitions/sec; C2 Transitions/sec; C3 Transitions/sec disabled = 0 index = perfmoncpu instances = *
mode = multikv object = Processor useEnglishOnly=true
## Logical Disk [perfmon://LogicalDisk] counters = % Free Space; Free Megabytes; Current Disk Queue Length; % Disk Time; Avg. Disk Queue Length; % Disk Read Time; Avg. Disk Read Queue Length; % Disk Write Time; Avg. Disk Write Queue Length; Avg. Disk sec/Transfer; Avg. Disk sec/Read; Avg. Disk sec/Write; Disk Transfers/sec; Disk Reads/sec; Disk Writes/sec; Disk Bytes/sec; Disk Read Bytes/sec; Disk Write Bytes/sec; Avg. Disk Bytes/Transfer; Avg. Disk Bytes/Read; Avg. Disk Bytes/Write; % Idle Time; Split IO/Sec disabled = 0 index = perfmonlogicaldisk instances = * interval = 60 mode = multikv object = LogicalDisk useEnglishOnly=true
## Physical Disk [perfmon://PhysicalDisk] counters = Current Disk Queue Length; % Disk Time; Avg. Disk Queue Length; % Disk Read Time; Avg. Disk Read Queue Length; % Disk Write Time; Avg. Disk Write Queue Length; Avg. Disk sec/Transfer; Avg. Disk sec/Read; Avg. Disk sec/Write; Disk Transfers/sec; Disk Reads/sec; Disk Writes/sec; Disk Bytes/sec; Disk Read Bytes/sec; Disk Write Bytes/sec; Avg. Disk Bytes/Transfer; Avg. Disk Bytes/Read; Avg. Disk Bytes/Write; % Idle Time; Split IO/Sec disabled = 0 index = perfmonphysicaldisk instances = * interval = 60 mode = multikv object = PhysicalDisk useEnglishOnly=true
## Memory [perfmon://Memory] counters = Page Faults/sec; Available Bytes; Committed Bytes; Commit Limit; Write Copies/sec; Transition Faults/sec; Cache Faults/sec; Demand Zero Faults/sec; Pages/sec; Pages Input/sec; Page Reads/sec; Pages Output/sec; Pool Paged Bytes; Pool Nonpaged Bytes; Page Writes/sec; Pool Paged Allocs; Pool Nonpaged Allocs; Free System Page Table Entries; Cache Bytes; Cache Bytes Peak; Pool Paged Resident Bytes; System Code Total Bytes; System Code Resident Bytes; System Driver Total Bytes; System Driver Resident Bytes; System Cache Resident Bytes; % Committed Bytes In Use; Available KBytes; Available MBytes; Transition Pages RePurposed/sec; Free & Zero Page List Bytes; Modified Page List Bytes; Standby Cache Reserve Bytes; Standby Cache Normal Priority Bytes; Standby Cache Core Bytes; Long-Term Average Standby Cache Lifetime (s) disabled = 0 index = perfmonmemory interval = 60 mode = multikv object = Memory useEnglishOnly=true
## Network [perfmon://Network] counters = Bytes Total/sec; Packets/sec; Packets Received/sec; Packets Sent/sec; Current Bandwidth; Bytes Received/sec; Packets Received Unicast/sec; Packets Received Non-Unicast/sec; Packets Received Discarded; Packets Received Errors; Packets Received Unknown; Bytes Sent/sec; Packets Sent Unicast/sec; Packets Sent Non-Unicast/sec; Packets Outbound Discarded; Packets Outbound Errors; Output Queue Length; Offloaded Connections; TCP Active RSC Connections; TCP RSC Coalesced Packets/sec; TCP RSC Exceptions/sec; TCP RSC Average Packet Size disabled = 0 index = perfmonnetwork instances = * interval = 60 mode = multikv object = Network Interface useEnglishOnly=true
## Process [perfmon://Process] counters = % Processor Time; % User Time; % Privileged Time; Virtual Bytes Peak; Virtual Bytes; Page Faults/sec; Working Set Peak; Working Set; Page File Bytes Peak; Page File Bytes; Private Bytes; Thread Count; Priority Base; Elapsed Time; ID Process; Creating Process ID; Pool Paged Bytes; Pool Nonpaged Bytes; Handle Count; IO Read Operations/sec; IO Write Operations/sec; IO Data Operations/sec; IO Other Operations/sec; IO Read Bytes/sec; IO Write Bytes/sec; IO Data Bytes/sec; IO Other Bytes/sec; Working Set - Private disabled = 0 index = perfmonprocess instances = * interval = 60 mode = multikv object = Process useEnglishOnly=true
## ProcessInformation [perfmon://ProcessorInformation] counters = % Processor Time; Processor Frequency disabled = 0 index = perfmonprocessinfo instances = * interval = 60 mode = multikv object = Processor Information useEnglishOnly=true
## System [perfmon://System] counters = File Read Operations/sec; File Write Operations/sec; File Control Operations/sec; File Read Bytes/sec; File Write Bytes/sec; File Control Bytes/sec; Context Switches/sec; System Calls/sec; File Data Operations/sec; System Up Time; Processor Queue Length; Processes; Threads; Alignment Fixups/sec; Exception Dispatches/sec; Floating Emulations/sec; % Registry Quota In Use disabled = 0 index = perfmonsystem instances = * interval = 60 mode = multikv object = System useEnglishOnly=true
... View more
10-06-2022
07:12 PM
I am getting errors (Error on line 2: Invalid attribute name😞 <form theme="dark"> <form version="1.1" script="myCustomJS.js"</form> <label>Overview</label> <description>Overview of Infrastructure Performance and Alerts</description> <fieldset submitButton="true" autoRun="false"> <input type="multiselect" token="field1"> <label>field1</label> </input> <input type="dropdown" token="field2"> <label>field2</label> </input> </fieldset> <row> <panel> <single> <title>Number of Currently Reporting Hosts</title> <search> <query>| inputlookup host_status.csv | search status="active" | stats dc(host) by status _time
... View more
10-06-2022
07:00 PM
Yes, thank you. And how exactly do I do that? What file do I edit? Thanks
... View more
10-02-2022
06:50 PM
I appear to be getting no data from the distinct windows performance app v1.2.0 running on Splunk 9. I have attached a screenshot of the app in question.
... View more
10-02-2022
08:55 AM
I am getting the following message when I switch to the Visualization tab after a search:
"Your search isn't generating any statistic or visualization results. Here are some possible ways to get results."
This is coming from a universal forwarder installed on a Windows server. I was trying to graph the network interface stats. I know I am missing something to allow me to do this.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
10-13-2022
09:31 PM
|
