Forums: SplunkGeneral

Topic	Author	Replies	Latest Post
sourcetype=error-U232 (Not tagged) I just installed the open source version of splunk on 2 logging machines as a forwarder to my enterprise version...all is working wonderfully, but i am getting sourcetypes that are of the format: 'error-U###'. Initially i was getting all 'error-U232' and now have some 'error-U242'. I am wondering ...	marguin Posts	–	34 hours ago...
My reports have stopped mailing (Not tagged) Hello all, I have some saved searches that have been sending reports every Monday, suddenly the reports have stopped coming. I'm not exceeding the 500mb limit and I'm not out of space. Where can begin to troubleshoot in Splunk? Sendmail on the host is fine and email addresses in the saved searches ...	gbarton Posts	3	2 days ago...
Splunk Updates (Not tagged) Hi I have a question about Splunk versions and updates. At the moment, we use 3.4.3 but if there is no great technical need, I like to stay at this release. Where can I get informations about critical security issues which raises in a splunk version. This is no technical cause to upgrade to a ...	RobertRi Posts	1	2 days ago...
Syntax highlighting in text editors (vim?) for the ".conf" files (Not tagged) Hey, I was just wondering if anybody knows of any syntax highlighting modes for splunk's {{.conf}} files? I've watched a number of howto videos on splunk.com and you see them type in {{vi **config_file.**conf}} and up comes the config file in pretty colors. Does anybody know if they have a special ...	lalleman Posts	3	3 days ago...
MS SQL Server PCI auditing (Not tagged) I've got a customer that is facing the whole PCI compliance nightmare. One of the things they have to audit are access and changes to various databases that deal with cardholder data. For any other users out there with this requirement, what did you find to be the way to monitor those types of changes ...	ontai Posts	1	4 days ago...
Windows Server 2008 Core (Not tagged) I am currently testing Splunk 3.4.3 64-bit on Windows Server 2008 Standard Core . Everything seems to be working, but I wanted to see if this was a supported configuration.	sfloyd Posts	1	4 days ago...
Mac OS X Sleep issue... (Not tagged) Hello, I am running a MAC Mini with Leopard (10.5.6) and have recently installed Splunk v3.4.3 Splunk is working fine with no problems (a great app guys!), however the mac will no longer automatically sleep after it has been idle for a period of time. When I stop Splunk and the mac will automatically ...	shane_splunk Posts	1	4 days ago...
Splunk and FreeBSD 7.0? (Not tagged) Are there any plans for a release of Splunk for FreeBSD 7.0? The current release won't work as btool is linked against the old pthreads library, and 7.0 uses libthr (pthread 2.0). Is there any hope for splunk to work on my server again?	wwwdrich Posts	3	10 days ago...
question about fields (Not tagged) I have splunk logging messages from cisco radius server so I want splunk to keep record of certain fields. such as User-Name, Acct-Status-Type and Acct-Session-Time but in additional to these fields splunk adds other fields(see the excerpt from splunk log) 12/25/08 09:51:43 25 09:51:43 10.1.3.10 ...	UstasAlex Posts	1	11 days ago...
Limiting Data (Not tagged) In order to data to go to frozen, all of the data in the database must be beyond the FrozenTimePeriodinSecs. To me this seems to largely defeat the purpose of using such a configuration. I want to delete data older than a certain age, but at the same time want to continually feed data to Splunk. ...	tgiorgio Posts	4	17 days ago...
Problems with the metadata command and 3.3.2 (Not tagged) has something changed or been broken in 3.3.2 with regard to the metadata command? We have several custom lists that use the metadata command to list the sourcetypes in each of our custom indexes. Until now passing the index using the parameter "index" has provided the means. Having upgraded to 3.3.2 ...	nclarkau Posts	6	17 days ago...
splunk-wmi.exe won't start (Not tagged) Hi all, I'm try to install and get in production splunk 3.4.3 on a Windows 2003 R2 Std 32b. Goal is to obtain WMI enabled communication with my other servers. I'm unsuccessfull to correctly achieve my splunk installation : I've followed the how-to for user's right consideration but didn't make ...	nruiz Posts	1	18 days ago...
Error when extracting fields (Not tagged) Any thoughts on this error? When I try to extract a field from the following event (snort via rsyslog/tcp on linux) {{<33>Jan 1 12:00:00 hostname snort[31742]: [1:469:4] ICMP PING NMAP [Classification: Attempted Information Leak] [Priority: 2]: {ICMP} 12.34.56.78 -> 87.65.43.21}} When I click ...	anewell Posts	1	18 days ago...
Unexpected SplunkWeb error: 'No such method name' (Not tagged) I've tried to install it again but without the WMI stuff (we'll save that for later) I installed it very cleanly with admin credentials (UAC on mode) on my Windows vista build 6001 64bit machine. but when starting it for the first time it comes up with unexpected SplunkWeb error. What can be the ...	xmlfreak Posts	2	19 days ago...
Splunjk-Wmi.exe crashes (Not tagged) I have downloaded Splunk becuase now they have the 64bit verison (the 32bit verison didn't install on my vista 64bit machine) Now I cleanly installed and during the admin startup it shows me an Unexpected SplunkWeb error: 'No such method name' and splunk-wmi keeps crashing on me, this is frustrating ...	xmlfreak Posts	2	20 days ago...
How to map a source to a sourcetype? (Not tagged) Hi, Splunk receives myapp_access_log.2008-12-14.txt right after midnight and categorizes it as being of "too_small" sourcetype probably because the log file doesn't have enough data. This log file is in fact of "access_combined" sourcetype. How do I map a source to sourcetype? I need something ...	yuriy_zubarev Posts	3	22 days ago...
Event log inputs for W2K8 (Not tagged) I have installed Splunk 3.4.3 on Windows Server 2008 32-bit and 64-bit. The install defaults with the event log inputs checked. These default settings do not work. You have to enter the settings manually in local.conf, restart and then they work.	sfloyd Posts	–	22 days ago...
Searching within a transaction (Not tagged) Alright, here is my setup. [**validate_trx**] aliases = va=Validate_Active_ET, vc=Validate_Complete_ET pattern = va, vc fields = JobId So, I have the following events in my system. JobId=1 Status="A" <other_key_value_pair_data> **CL_ID=3** //JobId=1 Status="W" <other_key_value_pair_data> JobId=1 ...	sdblalock Posts	2	23 days ago...
devices behind router (Not tagged) I set up some machines to send their logs via network ports (udp:514) but since they are behind a router they are all showing up under one hosts in the dashboard. How do I get each machine to show up under hosts with their own hostname and not the router's hostname?	lburrows Posts	1	25 days ago...
SPLUNK remon.exe killing my processor (Not tagged) Just installed Splunk, and the splunk regmon.exe is killing my processor running at >95% for over 2hours now. Info It's running in a Win2003 SBS VM so I know it maybe a little slower, on a quad core processor, with nothing else running at all. The VM partition size is 10GB, with 850MB allocated to ...	cellweb Posts	1	25 days ago...

Log in to add a new discussion

close

Splunk.com