I created AWS EC2 instance and installed Splunk Enterprise on that. Opened all rules for port 8000 and 8089. I can open this Splunk GUI from India. But whenever my peer is trying to open from US he got the message "Server Error". Is this anything related to EC2 security groups? Or password issue? No logs are recording in internal data as well. Could you please us to fix this? ... View more

Is it possible to call a shell script from dashboard button click. ... View more

I would like monitor all the files below except the first one Because sample.log from environment a1 conusming more data and is not required to index How to blacklist only this file from one environment? How to achieve blacklist for folder level /logs/sample/enva1/logs/sample.log /logs/sample/enva2/logs/sample.log /logs/sample/enva3/logs/sample.log /logs/sample/enva4/logs/sample.log /logs/sample/enva2/logs/purple.log /logs/sample/enva4/logs/purple.log ... View more

Can someone could explain the route attribute in inputs.conf [splunktcp] route = haskey.. What is matching rule here mentioned ... View more

I want to monitor a csv file which generated through a script and producing output as below Below am having 4 columns one with id one with date,one with description and one with explanation in some kind of xml stuffs 123,2016-07-07 05:00:00,gooddata,somexmldata 123,2016-07-07 06:00:00,baddata,somexmldata 123,2016-07-07 07:00:00,gooddata,somexmldata 123,2016-07-07 08:00:00,baddata,somexmldata How to monitor this csv file ( What are the things i need to have in my props & transforms) (Linebreaking/Timestamprule/...) I wanted to filter the rows which is having C column with the string "baddata". How can I send these rows to null queue Any help appreciated !! Thanks in advance ... View more

I want to monitor a csv file which generated through a script and producing output as below Below am having 4 columns one with id one with date,one with description and one with explanation in some kind of xml stuffs 123,2016-07-07 05:00:00,gooddata,somexmldata 123,2016-07-07 06:00:00,baddata,somexmldata 123,2016-07-07 07:00:00,gooddata,somexmldata 123,2016-07-07 08:00:00,baddata,somexmldata How to monitor this csv file ( What are the things i need to have in my props & transforms) (Linebreaking/Timestamprule/...) I wanted to filter the rows which is having C column with the string "baddata". How can I send these rows to null queue Any help appreciated !! Thanks in advance ... View more

I am able to see that the following search returns the same result for fieldformat as well as eval time conversion operation. Is there any significant difference between these two in performance wise or in any others? index=_internal | head 1 | eval abc="1468308151" | fieldformat mytime=strftime(abc,"%H:%M") | eval mytime1=strftime(abc,"%H:%M") | table abc mytime mytime1 index=_internal | head 1 | eval abc="1468308151" | fieldformat mytime=strftime(abc,"%c") | eval mytime1=strftime(abc,"%c") | table abc mytime mytime1 Here mytime and mytime1 fetch the same results. as "12:51" Thanks ... View more

Little confused in Indexer Clustering. I have 3 peers with One master and One Search Head. Replication Factor is 3 and Search Factor is 2. If one of the indexers goes down, Master can manage with 2 searchable copies by moving the primacy and convert non-searchable into searchable. Search Factor is good, but in this case, my rep factor is 3 and number of peers also 3. If one of the peers goes down, RF could not be met and this cluster is valid, but incomplete. Two questions here: If new data comes, how does it get replicated? Is it going to store only two copies of data in available indexers (one original + one replicated)? What happen if my downed peer came back after one week? Whether the new data captured during last week is going to get copied in this peer? Thanks in advance ... View more

How to change the series colors in Gantt chart? I have built with my Batch Job Start and End time and I wanted to mark Status (here status is series field) and I wanted to change its color code, say Green for Success Red for Failure..Where I do need to make changes? Thanks in advance ... View more

I wanted to prepare a Gantt chart with the following ideas. Need to display the jobs on Y-axis and Time period on X-axis. Job 1 starts at 10 am and ends at 3 pm. Job 2 is having its dependency on Job 1 and it's going to start at 11 am only when Job 1 completes. Similarly it's going on for 10 Jobs. Each Job has its own dependency and only starts if other one completes (Autosys commands) Any idea on how to come with solution for this? The details needs to be fetched from Database only. So I am not able to use transaction command to build gantt chart as discussed in Custom Visualization App Thanks in advance ... View more

Are we able to export indexed data from Splunk to Hadoop without running searches via Splunk Hadoop Connect? I know we could use Hunk for the same. But how far we could utilise Hadoop Connect in our environment to export the indexed data directly? Thanks in advance. ... View more