About kkalmbach

vinodgpt16 · ‎02-13-2024

This works perfectly fine.

araitz · ‎11-17-2011

Yes, I have added this bug to the queue for the next version of *nix.

araitz · ‎11-11-2011

The second option seems viable, but the first option seems super easy to implement. The app is open sourced under the Apache license, and it should be up on Splunk's github account pretty soon, so feel free to contribute your fix when that day comes.

fk319 · ‎08-30-2011

if you have something like this: Aug 30 12:34:54 "key1=value1*key2=value2*key3=value3" then you can extract the keys as a single field. From this field, you can then extract your keys.

gkanapathy · ‎08-24-2011

I don't know of a good way around this problem. It comes up fairly often and is something Splunk should be able to fix, either to use a larger CRC, or to offset some amount before the CRC. Please file an Enhancement Request with Splunk to help us get this fixed.

santosh_sshanbh · ‎02-06-2020

This helped me to hide a column from a table

mw · ‎06-07-2011

You should open a bug on this issue. You'd have to write your own script to look for new files.

niketn · ‎11-18-2016

In Case you are not running on Splunk 6.5 yet, for the older versions check out Define custom tokens example in Splunk 6.x Dashboard Examples App which gets environment tokens like App name and User Name though Javascript.

gkanapathy · ‎04-11-2011

There is a big difference performance-wise, yes. Doing a second search tells Splunk to actually bring back all the data (in the initial search), then filter it. Specifying it all in the initial search makes use of the full-text index, which means retrieving only the data you specify in the first place. Note that the cost of the initial query is what typically dominates search time. If there a a lot of stuff in the index that does not match the "service", then there will be a significant difference.

yannK · ‎04-21-2014

Splunk monitoring will look at the new lines added to a file. And consider new lines as new events. This is different that doing version control. If you want to compare the whole file between servers, you will have to index it fully on a regular basis. A scripted input could be used for that. And use a special sourcetype to avoid the file to be cut in multiple events (multiline default is 255 lines), and use the current timestamp, not any timestamp in the file. And to compare them between server, you will have to compare field per field.

nicci · ‎06-19-2014

Just wanted to say THANK YOU for this!! I've had this illegal cookie issue for MONTHS, and so far everyone I've bothered to help me looked at me like I have two heads... Firefox WORKS!!! 🙂

Posts	18
Solutions	0
Karma Given	1
Karma Received	11
Member Since	‎07-02-2010

Online Status	Offline
Date Last Visited	‎06-05-2020 02:02 AM

df script in *nix for aix not always printing corr...

Splunk for linux not grabbing right fields

make extract command overwrite fields

rotating log files with large headers.

drilldown from a hidden column

CPU usage using the lightforwarder

Determine the current app

using source for a field extractions

configuration monitoring across multiple boxes

Illegal cookie name

Re: Timezone and Timestamp modification at search/...

Re: df script in *nix for aix not always printing ...

Re: Splunk for linux not grabbing right fields

Re: make extract command overwrite fields

Re: rotating log files with large headers.

Re: drilldown from a hidden column

Re: CPU usage using the lightforwarder

Re: Determine the current app

Re: using source for a field extractions

Re: configuration monitoring across multiple boxes

Re: Illegal cookie name