The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Forums: SplunkGeneral
Topics 1–20 of 1319
| Topic | Author | Replies | Latest Post |
|---|---|---|---|
|
Masking credit card numbers
(Not tagged)
While I'm able to mask 16 digit numbers I would like a more sophisticated approach as there are some numbers in that range that are not credit card numbers that I don't want to mask, such as error codes. Is anyone utilizing the Luhn Algorithm (http://rosettacode.org/wiki/Luhn_test_of_credit_card_numbers) ...
|
–
|
10 months ago... | |
|
Live tail
(Not tagged)
Feeling like this is a really silly question, but I just installed 4.2 and bought a 500MB license. I was running 3.x and using Live Tail all the time.
I can't find live tail in 4.2 can someone point me to the URL path?
Thanks,
James
|
–
|
10 months ago... | |
|
splunk2nagios when Splunk and Nagios not on the same machine
(Not tagged)
Has anyone modified splunk2nagios to work when the Splunk server and Nagios server are not on the same system? It should be fairly straight forward to convert handle_alert to use send_nsca instead of writing directly to the nagios cmd file, but I don't want spend the time doing the conversion if someone ...
|
1
|
10 months ago... | |
|
Splunk deployment services
(Not tagged)
Hello,
I'm looking for some in depth information about Splunk Depoyment services. So far I've only been able to find the following:
http://www.splunk.com/base/Documentation/4.2/Deploy/Aboutdeploymentserver
I'd like to get into the specifics of how I should plan to roll Splunk out, and how ...
|
3
|
10 months ago... | |
|
Convert from Trail to Free License
(Not tagged)
Hello,
I know this has been written up several times, but none of the solutions work for me. According to what I have found, it should be as simple as changing the name of the splunk-free.license file to splunk.license and then restarting the splunkd and splunkweb services. This does not work. ...
|
5
|
11 months ago... | |
|
change back to default value after refresh
(Not tagged)
Hi,
I setted a default value for TimePicker module using the following code:
<param name="selected">Last 60 minutes</param>. But when i selected another time such as Last 4 hours and did search, then i refreshed my browser, the value did not change back to the default value "Last 60 minutes". I ...
|
4
|
11 months ago... | |
|
Is it possible to show image link in front of Splunk ?
(Not tagged)
I have log included image info. Is it possible to show the image link in front of Splunk's search ? tks
Hudson
[Revised on Sun, 13 Feb 2011 19:34:31 -0800]
if there is tutorial or sample to study and it will be grateful , tks
|
–
|
12 months ago... | |
|
Web Service Doesnt Start
(Not tagged)
Just did a fresh Install (GUI Install) to try this software out, but the browser shortcut fails to start. When Navigating to localhost:8000 I get a page cannot be displayed error (In both IE and Firefox) Trying to launch the EXE via the command line i get an error saying splunkd has not started. If ...
|
9
|
12 months ago... | |
|
search for 200 hundred errors on multiple web servers with regex
(Not tagged)
I'm looking to do something like ...
//host="web10|web9|web11" sourcetype="access_combined" status=200 |stats //count by clientip
how does one specify multiple hostnames ?
Thanks.
|
–
|
12 months ago... | |
| Reference sheet for beginners |
6
|
12 months ago... | |
|
Howto - Use Splunk on one Linux server to analyse syslogs on remote Linux server
(Not tagged)
Hi all --
I've Google'ed about, and checked documentation, but I can't find exactly what I'm after here -
Plenty of documentation exists on how to get Splunk to analyse syslog when the syslog is +local+ to the same *nix or Windoze server
I can't find some notes on how to do this:
1. Splunk ...
|
1
|
13 months ago... | |
|
Why Splunk at all?
(Not tagged)
I mean the interface is cute and all, but why not just use a LogWatch or LogCheck script -- they mail me when there's an issue that needs to be looked into. Am I missing something?
|
4
|
13 months ago... | |
|
Comparing 2 events based on a common value of 2 different fields.
(Not tagged)
Hi,
I have 2 events that have the same value for different fields, i.e I have an event with field1 and another event with field2 and value of field1 = value of field2
I want to plot a graph of the difference in timestamps of events where value of field 1 = value of field 2. Is this possible?
|
2
|
13 months ago... | |
|
mySQL slow query log
(Not tagged)
Hi,
I would like to analyze mySQL "slow query log" using Splunk. Splunk doesn't understand the format of the log. Any chance to configure it?
Thank you,
Yuriy
|
2
|
14 months ago... | |
|
How to automate Splunk association/correlation of syslog IPs with "Whois" info?
(Not tagged)
As a network forensics college student, I am just begun using Splunk in an investigation to quantify the percentage of unsolicited visitors to my firewall from China rather than rely upon anecdotal information. A "manual" review of collected survey information so far shows 27 out of out of 90 unique ...
|
3
|
14 months ago... | |
|
network logging
(Not tagged)
Hi all -
I'm experiencing an issue where logging to splunk over the network (either via TCP or UDP) sometimes chunks multiple lines into the same log entry. Is there any way to force these entries to be split as splunk receives them from the port?
|
2
|
14 months ago... | |
|
Missing events in default syslog indexing
(Not tagged)
Hi guys!
This tool is awesome but pretty useless in my case since the indexer fails to grab ass events in the local logs of this 64bit opensuse 11 box.
I installed 4.05 64 bit rpm
set the config file to point to a mount point with 130GB of free space.
Started splunk 24hours ago.
The size of the ...
|
2
|
14 months ago... | |
|
Show license: Segmentation fault
(Not tagged)
I use splunk with Free license and have already 3 License violations:
License violation #3 at Nov 18, 2010 12:04:13 AM
License violation #2 at Nov 14, 2010 12:00:28 AM
License violation #1 at Nov 10, 2010 12:02:35 AM
'/opt/splunk/bin/splunk show license' shows the following info:
Current Daily ...
|
–
|
14 months ago... | |
|
Host monitoring
(Not tagged)
Hello
I have just installed splunk on my work and have the firewalls and wireless stuff send syslog to it.
Im also looking for some monitoring of the server. Now i wonder if its best to put on something like ossec and integrate it with splunk or use splunks own tool for monitoring servers?
The same ...
|
–
|
15 months ago... | |
|
Daily indexing volume limit exceeded
(Not tagged)
I install splunk with free licence and I send to it about 50 MB@day.
After some day I get this message on webGUI:
"Daily indexing volume limit exceeded"
What does this mean?
The index limit in free version is not 500 MB@day?
Thanks
|
2
|
15 months ago... |