The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.

Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.

Forums: SplunkPreview

Topics 1–20 of 45

Topic	Author	Replies	Latest Post
index only specific field from log file (Not tagged) Hi to all, excuse if I don't know splunk so well, but I'd like learn it. I show you my problem: I have to index the log about mail server, in the log file I have many many information, but I need index only the fiel contain the "LOGIN" "LOGOUT" words, and only for specific file ( mail.log ). Some ...	gabriele Posts	–	16 months ago...
Splunk queries do not return data in the dashboard (Not tagged) I have the following Splunk query that I have used in a dashboard: [search source="Stg" earliest=-15d cs_uri_token_2="0012c" cs_uri_filepath="web/mapservicecontroller*"\| stats avg(time_taken) by cs_uri_filepath \| sort - avg(time_taken) \| head 10 \| fields + cs_uri_filepath] \| timechart span=1d avg(time_taken) ...	poojamistry Posts	–	20 months ago...
How to count up clients ? (Not tagged) I would like to count the number of different clients ip that appears in an iis log. I would like to count too the number of connection. How can I do that ? Thanks in advance.	Tristaneo Posts	2	22 months ago...
Valid time values for minimumTime and maximumTime on splunk charts? (Not tagged) Hi, I'm messing with the 4.1 charting. I'd like for my chart x-axis to default to min=beginning of today, max=end of today. So I plugged in some dates based on what you can do in splunk searches: <chart> <searchName>MySearch</searchName> <title></title> <option name="charting.chart">area</option> ...	pvrmx Posts	1	22 months ago...
Top events groupd by device (Not tagged) Hello, I am running splunk on a alert log from a monitoring system. I have two fields 1) "msg" is the message such as "CPU at 100%" 2) "mc_host" is the host that generated the message such as "log01" What I want to do is have a report that shows the top "msg" and what "mc_host" sent them. ...	fitzb0z0 Posts	2	23 months ago...
removing the flash widget from the search results page (Not tagged) How would I do this?	sconover Posts	1	23 months ago...
truncating multi-line events at 500 lines (Not tagged) Hi, I noticed this in the 4.0.5 release notes: Splunk no longer truncates multi-line events of more than 500 lines. (SPL-26880) I have this rule in props.conf: [batch_logs] BREAK_ONLY_BEFORE = gooblygook MAX_EVENTS = 1000000 ...but my logs are still getting truncated to 500 lines. ...	sconover Posts	6	23 months ago...
Persistent error while opening a view (Not tagged) Hi, I get this on a clean install of Splunk 4.0.6(70313) Splunk encountered the following unknown module: "Count" . The view may not load properly. This is displayed as a dialog box in firefox each time I open a view such as the "Alert - syslog errors last hour" How can I fix this?	demorphica Posts	2	24 months ago...
Having trouble setting LightForwarding (Not tagged) Hi, I'm a Splunk newbie. I'm trying to elaborate forward and receive feature on splunk. My receiver is a server with Windows Server OS, and so far having no trouble setting that up. Includes add listen port whatsoever. On other machine (the forwarder) I couldn't even access splunk/manager page via ...	Lignify Posts	3	24 months ago...
filter out files from forwarder via _blacklist (Not tagged) I have a forwarder setup (aka was03), and a Splunk indexer (aka splunk00). The forwarder is sending all files from a particular directory (/opt/IBM/logs), and within that directory there are 50 files, but I want to filter out 2 of those 50 files. So I looked through the Splunk documentation, ...	seanlon11 Posts	1	25 months ago...
Display percentages on chart instead of raw count (Not tagged) Iâ��m trying to plot the size distribution of renditions (by type). Right now Iâ��m doing: index="XXX" logRecordType="YYY" operation="addRendition" \| bucket span=1log2 size \| chart count by size, renditionType That gives me sizes on the x-axis (on a log scale) and for each size bucket I have ...	sfmandmdev Posts	1	25 months ago...
Cant use Windows event id to access a specific even (Not tagged) How can I create a query in splunk to look for a specific windows event id? I have tried: host="Servername" 517 where 517 is my event id but it tends to find other events where the number 517 is used as well.	splunkdude Posts	4	25 months ago...
Indexes and Ports (Not tagged) If I am to use different indexes for writing my logs, do I need to set the devices write using different ports? In other words do I need to write my logs on different ports if I am using different indexes? Thanks.	sureshchinta Posts	1	27 months ago...
Splunk during load testing (Not tagged) Hi, We do some pretty serious load testing, and it's totally blowing out our limits on our splunk license. I'm trying to figure out how to handle it...I still would like to get a sense of what our app can do through splunk graphs, etc. Maybe this is just a dilemma. I want splunk to report on ...	sconover Posts	4	27 months ago...
How do I change default search time range? (Not tagged) How does one go about changing the default search time range in 4.0.x? Can it still be done via the web interface, or does it require a config file edit? Thanks.	evanbmtm Posts	–	28 months ago...
Viewing latest logs in Splunk (Not tagged) Hello .I installed Splunk on my server, and when I am trying to view my log files it shows me till October 29th, whereas if I use Putty it shows all the latest logs until November 3rd................. How do i solve this problem?	tanveer236 Posts	–	28 months ago...
Getting Windows Event Logs into Splunk (running on Linux) (Not tagged) Hello, is it required to install additional software on Windows machines in order to "forward" the Windows Event Logs to the Splunk-Server (running under Linux)? Thank's a lot! John	hans135 Posts	6	29 months ago...
How to monitor logs in other machine? (Not tagged) Hi folks: I'd to monitor logs update in some log directories located in a machine other than Splunk server machine, and I don't wanna install Splunk server everywhere. It seems add a File/Folder data input can only specify folders in local machine. If I know the root account, is it possible to ...	halcyon8 Posts	8	31 months ago...
Splunk Server not recieving FIle Integrity messages from Client... (Not tagged) My client system indexes all the FIM data on the local machine, however it forwards the data to the main Server only initially. If I search for index=_audit for the Main Central Server only the initial changes of files are indexed. Is there any parameter which stops the Splunk Client from sending ...	aamonkar Posts	–	32 months ago...
RSS feed does not work after default installation (Not tagged) when creating a saved search i am choosing to create an rss feed but when i click the rss icon to view the feed i get a page not found error. what gives?	jjd228 Posts	1	32 months ago...

1 | 2 | 3 Next »

Forums: SplunkPreview

Description:

Permalink:

Splunk.com

Product:

Solutions:

Industries:

Partners:

About_us:

Support:

Services:

Videos

Download