Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About christantoy
christantoy
Path Finder
Member since:
01-26-2012
06-05-2020
Community Statistics
| Posts | 29 |
| Solutions | 0 |
| Karma Given | 10 |
| Karma Received | 2 |
| Member Since | 01-26-2012 |
Activity Feed
- Karma Re: "You do not have permission to spawn real-time searches" for yannK. 06-05-2020 12:46 AM
- Karma Re: About Summary Indexing for MuS. 06-05-2020 12:46 AM
- Karma Re: cpu.sh is not working in new unix app for Dimitri_McKay. 06-05-2020 12:46 AM
- Karma Re: Is there a way to add a CRC salt via the CLI? for hexx. 06-05-2020 12:46 AM
- Karma Re: Forward data into 3rd party systems using index instead of host? for Ayn. 06-05-2020 12:46 AM
- Karma Re: reboot after applying Enterprise license? for yannK. 06-05-2020 12:46 AM
- Karma Re: Filename was different, therefore source is not indexed. Why? for Simeon. 06-05-2020 12:45 AM
- Karma Re: Deployment Server with multiple repository locations using repositoryLocation= for JHill. 06-05-2020 12:45 AM
- Karma Re: Net-SNMP help needed for rturk. 06-05-2020 12:45 AM
- Karma Re: startminutesago/endminutesago vs earliest/latest for jrodman. 06-05-2020 12:45 AM
- Got Karma for Re: Net-SNMP help needed. 06-05-2020 12:45 AM
- Got Karma for Re: Net-SNMP help needed. 06-05-2020 12:45 AM
- Posted Re: cpu.sh is not working in new unix app on All Apps and Add-ons. 10-21-2013 07:20 PM
- Posted Re: Windows App not working after upgrading into splunk 6.0 on All Apps and Add-ons. 10-07-2013 07:28 PM
- Posted Windows App not working after upgrading into splunk 6.0 on All Apps and Add-ons. 10-06-2013 11:07 PM
- Tagged Windows App not working after upgrading into splunk 6.0 on All Apps and Add-ons. 10-06-2013 11:07 PM
- Tagged Windows App not working after upgrading into splunk 6.0 on All Apps and Add-ons. 10-06-2013 11:07 PM
- Tagged Windows App not working after upgrading into splunk 6.0 on All Apps and Add-ons. 10-06-2013 11:07 PM
- Tagged Windows App not working after upgrading into splunk 6.0 on All Apps and Add-ons. 10-06-2013 11:07 PM
- Posted Re: Is there a Splunk OPSEC LEA for Check Point Technology Add-on that runs on Windows? on All Apps and Add-ons. 10-04-2013 11:45 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
10-21-2013
07:20 PM
Your the man!!! you made my day dude!!!
... View more
10-07-2013
07:28 PM
Thanks for the information
Your right it seem to be my fault i didn't check first the version before upgrading it.
Thanks
Cris
... View more
10-06-2013
11:07 PM
Hi Splunkers
I would like to ask if you have also encountered this after upgrading it into 6.0 since i have a windows app and after upgrade some module are not working such as performance and eventmonitoring.
and hoping will have a fix and bug free windows app version for 6.0
please have time to check my uploaded screen-capture
Thanks
Cris
... View more
10-04-2013
11:45 PM
Hi To all/Splunking
Reviving this thread lol
in our current situation we are really need a opsec windows platform
Thanks
Cris
... View more
05-27-2013
07:55 PM
Can you explain how did you do it?? because i'll experiencing this last week till now..
... View more
03-06-2013
01:18 AM
Yes your right Ayn... it's strptime/strime... it working now thanks a lot for the support...
Take care alway....
... View more
03-05-2013
09:21 PM
To set a new timestamp for my data instead of default splunk timestamp
... View more
03-05-2013
07:18 PM
Good Day Splunkers
Can you help me to define this in regex format??
Sat Mar 2 01:02:02 2013 +08:00
Thanks in advance
... View more
01-22-2013
07:03 PM
Thank you.
hmm this one is tough for me for a newbie... maybe i need to read it first.
btw this is my case
i have a search to create a .csv format after that i need to send the .csv file via script.
... View more
01-22-2013
01:43 AM
Hi Ninjas
I would like to know if it possible to change the default csv file output directory below
Results written to file '/splunks/9000/splunk/var/run/splunk/mysearch.csv'
if is possible can you share it to me on how to? I read some others documents but no luck..
and the purpose of changing the default directory because i want to monitory my csv file outputs and to be send it to another server/client using custom scripts.
-----------00000-----------------
Regards and Thanks in Advance
Splunk Ninja From Philippines!
... View more
12-04-2012
07:10 PM
try to use
crcSALT =
please refer here
[http://splunk-base.splunk.com/answers/1851/filename-was-different-therefore-source-is-not-indexed-why][1]
[1]: try to use crcSALT = please refer here http://splunk-base.splunk.com/answers/1851/filename-was-different-therefore-source-is-not-indexed-why
... View more
11-07-2012
11:15 PM
Hi
Same problem here can you assist me? how i can install net-snmp on my windows 7?
Thanks
Cris
... View more
10-20-2012
02:27 AM
Gooday Splunkers!!!
Can you give me tips on how i can upload a .evt file to splunk?
Because i have a xxxx.evt here and how i can add as a data to splunk? and convert it as csv file.
i been reading this
http://docs.splunk.com/Documentation/Splunk/5.0/Data/Monitorwindowsdata
and it did not resolve mu issue
Thanks and Regards
Cris
... View more
- Tags:
- queue
10-15-2012
11:11 PM
This would be help!!
http://docs.splunk.com/Documentation/Splunk/5.0/Indexer/RemovedatafromSplunk
Just ready carefully... and always backup your files!!
Regards
Cris
... View more
10-12-2012
12:39 AM
Hi again Ayn
can i create a conf file? for output.conf and the other instead? it will work if i do that?
Thanks and Regards
Cris
... View more
10-12-2012
12:05 AM
Thank you again!
Forget about the second question. 🙂
BTW my outputs.conf is that correct? do i need to used that?
Regards
Cris
... View more
10-11-2012
11:50 PM
Thanks for you answer
But you said that i can put in a default section?
on here splunk > etc > system > default ? i am right?
and but the way i am not much familiar with regex can i done with a default?
Regards Cris
... View more
10-11-2012
09:21 PM
Good day
i Read this document regarding to the forward data to third-party systems
http://docs.splunk.com/Documentation/Splunk/latest/Deploy/Forwarddatatothird-partysystemsd#Forward_syslog_data
and my question is can i forward my created index? instead of host?
For example
props.conf
to this
[host::nyc*]
TRANSFORMS-nyc = send_to_syslog
Into this
[index::sample]
TRANSFORMS-sample = send_to_syslog
transforms.conf
[send_to_syslog]
REGEX = .
DEST_KEY = _SYSLOG_ROUTING
FORMAT = my_syslog_group
output.conf
[syslog:my_syslog_group]
server = loghost.example.com:514
In short i would like to send the contents of the index into other non-splunk systems
Regards
Cris
... View more
- Tags:
- forwarder
10-11-2012
03:14 AM
Good day
I have a question.
Where i can find and edit this?
1.)tranforms.conf
2.)props.conf
3.)outputs.conf
i am using windows and have a splunk instance version version 4.3.4, build 136012
thanks
Cris
... View more
10-03-2012
07:33 AM
@ Sowings
Thanks for the reply and into your time
Is this the same with distributed search located at manager tab?
Because my current set-up is
I set this set-up using distributed search located at mangers tab
Search Head Server search peer i add the 5 indexing servers
xx.xxx.xxx.xx:8089 Indexer Server
xx.xxx.xxx.xx:8089 Indexer Server
xx.xxx.xxx.xx:8089 Indexer Server
xx.xxx.xxx.xx:8089 Indexer Server
xx.xxx.xxx.xx:8089 Indexer Server
xx.xxx.xxx.xx:8089 Summary Indexing Server
Summary indexing Server Also i add a search peer
xx.xxx.xxx.xx:8089 Indexer Server
xx.xxx.xxx.xx:8089 Indexer Server
xx.xxx.xxx.xx:8089 Indexer Server
xx.xxx.xxx.xx:8089 Indexer Server
xx.xxx.xxx.xx:8089 Indexer Server
And now i need to save a search and enable it the summary indexing and choose my created sample index and set schedule and save it using summary indexing server
after a hour to check if the date already save with my created sample indexes the search head server will do that using this search string ( splunk_server=* index=sample_indexes ) and now i can view the consisting data that i created on my summary indexing server and now i can now used my created indexes from my summary indexing server to create a dashboard.
and now i am asking this is right or i am just wasting my time?
Thanks and regards
Cris
Please don't hesitate to ask me if i need to elaborate more my question
Thanks thanks
... View more
10-03-2012
06:36 AM
Thanks for the reply and your time
About with my current set-up it's working but i am not sure if that was right.
Now the question is!
I want to view or search my created index form summary indexing server into my search head server.
so i am asking if there is a another way to do it?
Thanks again!
Regards
Cris
... View more
10-03-2012
03:57 AM
Hi sir/ma'am
I have a 8 servers with splunk and splunkforwarder
Server 1 - indexer1 ( with Splunk )
Server 2 - indexer2 ( with Splunk )
Server 3 - indexer3 ( with Splunk )
Server 4 - indexer4 ( with Splunk )
server 5 - indexer5 ( with Splunk )
server 6 - Logs Server ( with Splunk forwarder and syslog-ng)
server 7 - search head ( with Splunk )
server 8 - summary indexing ( with Splunk )
And now this is my set-up on
Logs Server are now sending logs with the 5 indexer2
and
the the search head are now configured the listen into the 5 indexers using search peer in splunk and its working..
Now my question is
How i can set-up a summary indexing with my summary indexing server? that can search my created index in summary indexing server into my search head server
i tried my own set-up but i not quiet sure if i am right
this is my set-up
in summary indexing server i create search peer located at distributed search listening to the 5 indexing server and now i can view the logs came from the indexing servers and also i create a new index named sample_summary and also a create a search with summary indexing enable pointed with my new created index and now i check my created index and now it have a data.
so next step is to check into search head and its now searchable i used this kind of search string
( splunk_server="xxx-xxxxx" index=sample_summary )
Thats my current set-up
Let e know if i need to elaborate my question more
thanks and best regards
Cris
Sorry with my little poor English ^_^
... View more
09-12-2012
11:12 PM
Good day
I'm new in splunk-fu
i have a question here
how do i delete a apps in my splunk instance without restarting the splunk services because my search head is already in production
i tried to delete but it still need to restart? do we have any way?
thanks
Cris
sorry with my poor English
... View more
