Activity Feed
- Posted Why am I unable to access Splunk web from different country? on Security. 05-25-2022 08:25 PM
- Got Karma for Shell script via button click. 06-05-2020 12:49 AM
- Got Karma for extract command. 06-05-2020 12:48 AM
- Got Karma for What is the difference between fieldformat and eval operation time conversion?. 06-05-2020 12:48 AM
- Got Karma for Streaming and non streaming commands. 06-05-2020 12:48 AM
- Got Karma for Difference between outputlookup and outputcsv. 06-05-2020 12:47 AM
- Got Karma for Re: Can someone explain when I would use "Once" versus "Each result" in Alert Trigger actions?. 06-05-2020 12:47 AM
- Got Karma for Can someone explain when I would use "Once" versus "Each result" in Alert Trigger actions?. 06-05-2020 12:47 AM
- Got Karma for Can someone explain when I would use "Once" versus "Each result" in Alert Trigger actions?. 06-05-2020 12:47 AM
- Got Karma for Difference between outputlookup and outputcsv. 06-05-2020 12:47 AM
- Got Karma for Difference between outputlookup and outputcsv. 06-05-2020 12:47 AM
- Got Karma for Difference between outputlookup and outputcsv. 06-05-2020 12:47 AM
- Got Karma for Difference between outputlookup and outputcsv. 06-05-2020 12:47 AM
- Got Karma for difference betwen output and outputnew in splunk lookup. 06-05-2020 12:47 AM
- Got Karma for difference betwen output and outputnew in splunk lookup. 06-05-2020 12:47 AM
- Got Karma for difference betwen output and outputnew in splunk lookup. 06-05-2020 12:47 AM
- Got Karma for Re: iframes and views broken after Splunk 6 upgrade. 06-05-2020 12:46 AM
- Got Karma for Re: Splunk for Netscaler. 06-05-2020 12:45 AM
- Got Karma for Re: Browse for more apps - Launcher doesn't seem to be able to connect to the Internet. 06-05-2020 12:45 AM
- Got Karma for Re: Browse for more apps - Launcher doesn't seem to be able to connect to the Internet. 06-05-2020 12:45 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 |
05-25-2022
08:25 PM
I created AWS EC2 instance and installed Splunk Enterprise on that. Opened all rules for port 8000 and 8089. I can open this Splunk GUI from India. But whenever my peer is trying to open from US he got the message "Server Error". Is this anything related to EC2 security groups? Or password issue? No logs are recording in internal data as well. Could you please us to fix this?
... View more
Labels
- Labels:
-
login
-
permissions
01-08-2018
09:43 AM
1 Karma
Is it possible to call a shell script from dashboard button click.
... View more
02-19-2017
11:36 PM
I would like monitor all the files below except the first one
Because sample.log from environment a1 conusming more data and is not required to index
How to blacklist only this file from one environment?
How to achieve blacklist for folder level
/logs/sample/enva1/logs/sample.log
/logs/sample/enva2/logs/sample.log
/logs/sample/enva3/logs/sample.log
/logs/sample/enva4/logs/sample.log
/logs/sample/enva2/logs/purple.log
/logs/sample/enva4/logs/purple.log
... View more
08-05-2016
06:56 AM
Can someone could explain the route attribute in inputs.conf
[splunktcp]
route = haskey..
What is matching rule here mentioned
... View more
08-01-2016
11:25 AM
romedome, I want to use in-page drill down for my gantt chart. Can you please provide some inputs to do so as we are trying this as new
... View more
07-18-2016
11:34 PM
Thanks tomodbp. Its worked !! aren't we able to use kvdelim alone?
... View more
07-18-2016
06:03 AM
Azeemering, thanks for the response. But can you please repeat the last part again
What is validity and gap and the corresponding values?
... View more
07-18-2016
03:45 AM
1 Karma
Hi,
This is sample event. I tried to explore extract command.
index=* sourcetype=orange | extract pairdelim=";", kvdelim=":"
4/18/161:00:00.000 PM 2016-04-18 13:00:00 user:hgfh;std:6;status:success
For the above event its only extracted std as 6 and status as success but not the user. Why is that like. So is it expecting ";" before and after?
And cant we use kvdelim alone in our queries?
index=* sourcetype=orange | extract kvdelim=":"
Thanks
... View more
07-16-2016
03:30 AM
I want to monitor a csv file which generated through a script and producing output as below
Below am having 4 columns one with id one with date,one with description and one with explanation in some kind of xml stuffs
123,2016-07-07 05:00:00,gooddata,somexmldata
123,2016-07-07 06:00:00,baddata,somexmldata
123,2016-07-07 07:00:00,gooddata,somexmldata
123,2016-07-07 08:00:00,baddata,somexmldata
How to monitor this csv file ( What are the things i need to have in my props & transforms) (Linebreaking/Timestamprule/...)
I wanted to filter the rows which is having C column with the string "baddata". How can I send these rows to null queue
Any help appreciated !! Thanks in advance
... View more
- Tags:
- csv
- props
- transforms
07-16-2016
03:29 AM
I want to monitor a csv file which generated through a script and producing output as below
Below am having 4 columns one with id one with date,one with description and one with explanation in some kind of xml stuffs
123,2016-07-07 05:00:00,gooddata,somexmldata
123,2016-07-07 06:00:00,baddata,somexmldata
123,2016-07-07 07:00:00,gooddata,somexmldata
123,2016-07-07 08:00:00,baddata,somexmldata
How to monitor this csv file ( What are the things i need to have in my props & transforms) (Linebreaking/Timestamprule/...)
I wanted to filter the rows which is having C column with the string "baddata". How can I send these rows to null queue
Any help appreciated !! Thanks in advance
... View more
- Tags:
- csv
07-12-2016
01:28 AM
thanks javiergn..so coming to this scenario, formattting my epoch time here going to work same right? no better performance over one another?
... View more
07-12-2016
12:39 AM
Assume I have all my folders distributed to Universal Forwarders under Repository location of my Deployment server.
Team1 -- App A - Serverclass A
Team2 -- AppB - Serverclass B
If am going to change some conf under App A and leave it as such without reloading deploy server. I want to know if in the next upcoming phoneHomeInterval my updated App A is going to be picked up by my UF automatically. Does it really need reload? and if so, what is the exact purpose of reload or phoneHomeInterval?
Thanks
... View more
07-12-2016
12:33 AM
1 Karma
I am able to see that the following search returns the same result for fieldformat as well as eval time conversion operation. Is there any significant difference between these two in performance wise or in any others?
index=_internal | head 1 | eval abc="1468308151" | fieldformat mytime=strftime(abc,"%H:%M") | eval mytime1=strftime(abc,"%H:%M") | table abc mytime mytime1
index=_internal | head 1 | eval abc="1468308151" | fieldformat mytime=strftime(abc,"%c") | eval mytime1=strftime(abc,"%c") | table abc mytime mytime1
Here mytime and mytime1 fetch the same results. as "12:51"
Thanks
... View more
07-08-2016
04:12 AM
Can someone please tell me what is viewstates referring to under metadata?
And if I want to hide only Settings for Splunk users (Only able to search and logout button), what should I do?
Thanks
... View more
07-01-2016
02:55 AM
1 Karma
Can someone explain exact difference between streaming and non-streaming commands in laymen terms?
Thanks
... View more
06-23-2016
05:31 AM
Hi Iguinn. Its a good answer. Could you please explain you have eliminated few words like typeahead metadata history and autosummary. I am able see the differences but am not able to understand the exact purpose
Thanks in advance
... View more
06-23-2016
04:47 AM
What exactly audit command is going to do
If I queried like this index=_audit | audit - It is saying valid attempts What is that
And can anyone explain the description in better way for newbies. Validate signed audit events while checking for gaps?
Thanks
... View more
- Tags:
- audit
06-20-2016
11:46 PM
I have logs like below
1.1.1.1 This is my sourceip
2.2.2.2 My source ip is 1.1.1.2
I have a situation where in some events, my sourceip comes first in the line (AS in First EVENT), and other events, IPs come first, but this is not sourceip. Whatever comes after (in this case, 1.1.1.2) is my source ip. How to write a regex for this lookahead?
Thanks
... View more
06-06-2016
01:50 AM
Little confused in Indexer Clustering. I have 3 peers with One master and One Search Head. Replication Factor is 3 and Search Factor is 2. If one of the indexers goes down, Master can manage with 2 searchable copies by moving the primacy and convert non-searchable into searchable. Search Factor is good, but in this case, my rep factor is 3 and number of peers also 3. If one of the peers goes down, RF could not be met and this cluster is valid, but incomplete. Two questions here:
If new data comes, how does it get replicated? Is it going to store only two copies of data in available indexers (one original + one replicated)?
What happen if my downed peer came back after one week? Whether the new data captured during last week is going to get copied in this peer?
Thanks in advance
... View more
04-18-2016
03:50 AM
How to change the series colors in Gantt chart? I have built with my Batch Job Start and End time and I wanted to mark Status (here status is series field) and I wanted to change its color code, say Green for Success Red for Failure..Where I do need to make changes?
Thanks in advance
... View more
04-13-2016
01:16 AM
Vincent,
I am trying to replicate the Gantt Visualization for monioring batch jobs. Can you please give me a rough idea in brief.
Thanks in advance
... View more
04-12-2016
11:15 PM
I wanted to prepare a Gantt chart with the following ideas.
Need to display the jobs on Y-axis and Time period on X-axis.
Job 1 starts at 10 am and ends at 3 pm. Job 2 is having its dependency on Job 1 and it's going to start at 11 am only when Job 1 completes.
Similarly it's going on for 10 Jobs. Each Job has its own dependency and only starts if other one completes (Autosys commands)
Any idea on how to come with solution for this? The details needs to be fetched from Database only. So I am not able to use transaction command to build gantt chart as discussed in Custom Visualization App
Thanks in advance
... View more
01-25-2016
04:29 AM
Thanks Dart. We have not touched both practically. I have just gone through the docs and came to know this. Our requirement is to get archive the indexed data from Splunk to Hadoop. What i am trying to do is can we export the indexed data (buckets) without exporting the search results through any other means without Hunk? Is this possible in Hadoop Connect?
... View more
01-24-2016
11:30 PM
Are we able to export indexed data from Splunk to Hadoop without running searches via Splunk Hadoop Connect?
I know we could use Hunk for the same. But how far we could utilise Hadoop Connect in our environment to export the indexed data directly?
Thanks in advance.
... View more
- Tags:
- hadoopconnect
- hunk
01-08-2016
06:02 AM
1 Karma
hexx,
I was trying to embed iframe for "https://localhost:8089/services/" in my xml located in "http://localhost:8000".
But it throws an error as "Refused to display in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'"
So I have modified the above stanza in my web.conf as you stated above. However no luck.
Then I added the following stanza in my system/local server.conf. Then it works like a charm.
[httpServer]
x_frame_options_sameorigin = False
Is there any notable difference between these two stanzas in web.conf and server.conf? Why the error occured even-though i changed my web.conf?
Splunk Version : 6.3.0
... View more
