Activity Feed
- Got Karma for Re: What are the differences between append, appendpipe, and appendcols search commands?. 11-18-2020 04:45 AM
- Posted Re: What are the differences between append, appendpipe, and appendcols search commands? on Splunk Search. 06-07-2017 03:21 PM
- Posted Re: How do you automate the "Apply Change" to register new servers on the Distributed Management Console? on Monitoring Splunk. 04-14-2017 11:43 AM
- Posted Re: Need to customize log4j sourcetype on Getting Data In. 12-01-2015 02:56 PM
Topics I've Started
No posts to display.
06-07-2017
03:21 PM
1 Karma
http://docs.splunk.com/Documentation/Splunk/6.5.1/SearchReference/Streamstats#Basic_examples
... View more
04-14-2017
11:43 AM
To configure or update the DMC in automated fashion, it seems like you have to fully populate all of these files correctly (for Distributed mode):
splunk_monitoring_console/local/app.conf
splunk_monitoring_console/local/assets.csv
splunk_monitoring_console/local/splunk_monitoring_console_assets.conf
splunk_monitoring_console/local/savedsearches.conf
etc/system/local/distsearch.conf
You can copy aside the files after your config management tool (e.g. SaltStack) has generated them and then diff with the version Splunk has modified once you "Apply Changes". Any major changes will tell you what you still need to do 'manually'. Once you have it all, clicking "Apply Changes" (or enabling Distributed mode or 'Enable Monitoring') is no longer needed.
... View more
12-01-2015
02:56 PM
Watch out, reader! In the second, very useful, snippet, the backslash has been lost and is needed in front of each 'r', 'n', and 'd':
LINE_BREAKER = ([\r\n]+)(?=\d{4}-\d{2}-\d{2} \d{1,2}:\d{2}:\d{2},\d{3})
... View more
