Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About di2esysadmin
di2esysadmin
Path Finder
Member since:
01-23-2014
01-18-2023
Community Statistics
| Posts | 38 |
| Solutions | 1 |
| Karma Given | 1 |
| Karma Received | 10 |
| Member Since | 01-23-2014 |
Activity Feed
- Posted Re: Why are we seeing a "Server Error" message after each search, login attempt, etc. on our search head and i on Splunk Search. 05-24-2021 07:09 AM
- Karma Re: How to count the unique values of an extracted field by month? for javiergn. 06-05-2020 12:48 AM
- Got Karma for How do I resolve these errors during start up of Splunk 6.2?. 06-05-2020 12:47 AM
- Got Karma for How do I resolve these errors during start up of Splunk 6.2?. 06-05-2020 12:47 AM
- Got Karma for is there a logical OR available for searching?. 06-05-2020 12:46 AM
- Got Karma for Alert time range not saving correctly; get "Your changes to the time range of this alert will not be saved. " when I attempt to fix it. 06-05-2020 12:46 AM
- Got Karma for Alert time range not saving correctly; get "Your changes to the time range of this alert will not be saved. " when I attempt to fix it. 06-05-2020 12:46 AM
- Got Karma for Alert time range not saving correctly; get "Your changes to the time range of this alert will not be saved. " when I attempt to fix it. 06-05-2020 12:46 AM
- Got Karma for Alert time range not saving correctly; get "Your changes to the time range of this alert will not be saved. " when I attempt to fix it. 06-05-2020 12:46 AM
- Got Karma for Removed the syslog-host transform - but hostname is still getting pulled from /var/log/messages. 06-05-2020 12:46 AM
- Got Karma for Re: If we have a single indexer, is there any advantage to have a separate search head?. 06-05-2020 12:46 AM
- Got Karma for Alerts are working, but "No triggered alerts found." in triggered alerts activity screen. 06-05-2020 12:46 AM
- Posted Re: How to access splunk data from Postgres without moving data? on Getting Data In. 11-01-2019 10:08 AM
- Posted Capture AWS PostgreSQL database from Heavy Forwarder. on All Apps and Add-ons. 10-30-2019 12:26 PM
- Posted Re: removing data of a particular sourcetype in an index on Getting Data In. 08-29-2017 06:57 AM
- Posted Re: How to count the unique values of an extracted field by month? on Splunk Search. 06-29-2016 06:27 AM
- Posted Re: How to count the unique values of an extracted field by month? on Splunk Search. 06-28-2016 11:11 AM
- Posted How to count the unique values of an extracted field by month? on Splunk Search. 06-28-2016 07:01 AM
- Tagged How to count the unique values of an extracted field by month? on Splunk Search. 06-28-2016 07:01 AM
- Tagged How to count the unique values of an extracted field by month? on Splunk Search. 06-28-2016 07:01 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 2 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 1 |
09-13-2021
11:22 PM
I had this problem and managed to solve it by adding an "Add to triggered alert" trigger action
... View more
05-24-2021
07:09 AM
Your Splunk user might not have permission to create and update alerts.
... View more
10-31-2019
04:16 PM
ok, I'm not 100% certain but I want to clarify a couple things.
1. Your HF is receiving the data from AWS so it should be sending it to your indexers in the index and with the specified sourcetype
2. Your Search head should already be able to find the data with index=foo sourcetype=bar 'specifics of your search'
if the above isn't correct, then are you trying to search stream data without indexing it? I guess I'm a little unclear on your exact expectations, and I apologize for that. Perhaps you can further clarify exactly what you are trying to accomplish.
... View more
11-01-2019
10:08 AM
Hi xanthakita,
Yes, the HF is receiving data from AWS Cloudwatch using the ‘Splunk Add-on for AWS’ App default values: index=aws_rds_logs and sourcetype=aws:rds.
Our HF is configured to forward only, in our case to 2 Indexer hosts.
My goal is to get Splunk Stream to process the Postgres data already available in the index=aws_rds_logs without moving data.
... View more
01-15-2019
11:21 PM
@TStrauch , @renjith.nair for me _time and sourcetype is crucial so how to retain and index back the data. please see my above comments.
... View more
06-29-2016
06:50 PM
ok that was extended. If you replace values(username) by dc(username) in the first search will give you the count
... View more
06-22-2016
12:45 PM
Thank you. I've made these changes. I've my fingers crossed this will do the trick.
... View more
04-02-2015
05:39 AM
1 Karma
This solved the problem for me. I did not have /opt/splunk/etc/apps/unix/default/tags.conf. I only changed the entry in Splunk_TA_nix/default/tags.conf and that worked.
... View more
10-13-2016
06:43 AM
The above search I posted resolved my issue.
... View more
05-02-2014
09:40 AM
Concerning the NOT sourcetype=blah key combination, that used to be Alt+Click in the Splunk<=5 flashtimeline view, but for me that stopped working in the Splunk 6 search view. It's probably going to be fixed in the next major version as per http://answers.splunk.com/answers/109473/alt-click-not-working-selected-fields
... View more
04-18-2014
07:59 AM
Thank you!
... View more
03-04-2014
07:34 AM
1 Karma
As I suspected. THANKS!
... View more
03-13-2014
04:33 AM
I did NOT make it on the indexer. Got it in one ! thanks.
... View more
07-11-2016
09:43 AM
@di2esysadmin
I am not sure if you are still facing this issue.
You might want to check your server.conf and remove the following lines
[license]
active_group = Free
... View more
02-18-2014
12:07 PM
That's it! The problem is my field extraction. It was based on a filename. The entries for the others days came from log files with a different named format.
Thanks for the ideas!
... View more
09-02-2019
01:26 AM
2 Karma
I got it guys: Edit Alert > Alert type > Scheduled and below select Run on Cron Schedule -> Select time range
... View more
01-23-2014
12:01 PM
Disregard. It's working now. Apparently I'm lacking in patience.
... View more
This is interesting but how about the number of servers that appear in the forwarder management list but have never sent data? They have a forwarder but since they are not generating the data we look for (via white lists) we never can report on them. Can Splunk not retrieve the forwarder management list and use that for lookup?
... View more
