The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Forums: SplunkReporting
Topics 1–20 of 196
| Topic | Author | Replies | Latest Post |
|---|---|---|---|
|
Monitor MSN, videos etc...
(Not tagged)
Hello!
Is there any way that I am able to monitor stuff like MSN, videos etc... ? And is the log files auto generated or is there a script to have the log file generated? Sorry this is my first time using splunk. So pardon me.
Thanks
Cassie.
|
–
|
11 months ago... | |
|
generatic statistics per IP from netflow
(Not tagged)
Hello!
Is splunk able to generate traffic graphs per IP manipulating netflow?
Thanks,
Anca
|
–
|
15 months ago... | |
|
Group IP addresses by Subnet
(Not tagged)
I have Splunk configured to gather syslog data from a range of devices on multiple networks across our organisation and I am trying to find a way to build a report by subnet, not by individual host IP address.
Does anyone know of a way to perform this simply with the Splunk search interface?
T...
|
–
|
15 months ago... | |
|
500 Internal Server Error
(Not tagged)
Many reports (not all - some canned, some custom) are returning with the following error. I'm running version 4.0.5 on Windows.
//**500 Internal Server Error
BadRequest: [HTTP 400] Bad Request; [{'text': 'In handler \'savedsearch\': Argument "action.summary_index._name" is not supported by ...
|
10
|
16 months ago... | |
|
Custom Criteria to send report
(Not tagged)
tag::host="dc" "EventCode=4625" NOT Account_Name2=*$ | stats count(Source_Network_Address) as totalbadsbymachine distinct_count(Account_Name2) as uniquelybadbymachine by Source_Network_Address | sort -uniquelybadbymachine -totalbadsbymachine
is the query; but instead of running this based on the ...
|
–
|
16 months ago... | |
|
Help with grouping results
(Not tagged)
Hi everyone, new to the Splunk world and been trying to figure out regex and some of these search queries.
I was able to create and input and Splunk can read it. No problems there.
Here's a sample of the log entries.
job_AAA_AAA.name=abc
job_AAA_AAA.total.records.in.feed=167948
job_AAA_AAA.total.records.processed=167948
job_AAA_AAA.total.field.mismatch=125543
job_BBB_BBB.name=def
job_BBB_BBB.total.records.in.feed=98743
job_BBB_BBB.total.records.processed=234656
job_BBB_BBB.total.field.mismatch=1454
I ...
|
–
|
17 months ago... | |
|
Extracting fields with regex not working
(Not tagged)
Hi
I'm trying to "extract fields" with regular expressions for a specific position on a comma separated log file that always has the same number of fields on each row.
The file looks like this (one row):
2010-09-15 15:38:55 ,Default_TCr10.20_Webb.war,,ODRTEST01,HTTP,37,1,0,37,37,1,2010-09-15 ...
|
–
|
17 months ago... | |
|
Exporting results gets 404 errors
(Not tagged)
I have multiple users that are reporting issues with the exporting of reports. Selecting "Actions"=>"Export Results ..." with the following settings:
File name: Test
Format: Text
Max # of Output Lines: 10000
results in a 404 error using Explorer (v7 & v8) and the following error with Firefox ...
|
–
|
18 months ago... | |
|
Implementing for PCI
(Not tagged)
Hi,
I am installing for a central index server implementation. The PCI is for installing on a Linux/Solaris Box.... how to I install the PCI modules on my central Windows Server ?
I thank you in advance for your response.
Naren
|
2
|
18 months ago... | |
|
Help with creating FTP traffic report
(Not tagged)
Hey there, I need to generate a report based on the bytes transferred in our FTP logs. I haven't created any reports in Splunk so I'm not certain how to accomplish this. I've been manually getting the data for the last few days just by doing a search looking for the string "Transferred bytes". The ...
|
–
|
19 months ago... | |
|
sudo log report assistance
(Not tagged)
Greetings
This may be more of a query question than a reporting question so please correct me if I am wrong.
My boss wants a report of all sudo activity for a define time span such as 24 hours.
So i need to query for the keyword sudo - this is the easy part. The hard part is my boss wants the ...
|
1
|
19 months ago... | |
|
Bubble charts data format
(Not tagged)
Hi there,
Splunk newbie here. I'm having a few problems displaying bubble charts. My view code outputs a chart, but the data on the vertical axis is not displaying correctly, and bubbles don't display the way I expect them to.
As background, I want to display the source region of a packet ...
|
–
|
19 months ago... | |
|
Splunk Reporting and Emailing
(Not tagged)
My world is firewalls and syslog and I love the way I can query and sort the information in Splunk but I'm looking for a way to email the results in a nice format.
I really don't need bars or charts, I'm just wanting the syslog query results in a nice, easy to read format. I can get emails using ...
|
–
|
20 months ago... | |
|
Splunk quesries do not return data in dashboard
(Not tagged)
I have the following Splunk query that I have used in a dashboard:
[search source="*Stg*" earliest=-15d cs_uri_token_2="0012c" cs_uri_filepath="web/mapservicecontroller*"| stats avg(time_taken) by cs_uri_filepath | sort - avg(time_taken) | head 10 | fields + cs_uri_filepath] | timechart span=1d avg(time_taken) ...
|
–
|
20 months ago... | |
|
Schedule Search specific time
(Not tagged)
I am trying to setup a scheduled search that runs every morning and looks for users logged on between 2200 the previous day and 0200 of the current day (basically, I am looking for users that don't logoff their workstations at the end of the day). Is there a method to perform this so that it runs everyday ...
|
1
|
21 months ago... | |
|
Realtime timechart
(Not tagged)
I have a real time report on my dashboard with a very simple query that looks something like the followings:
sourcetype="syslog" index="d" my-server | timechart last(deletedRecords)
last(updatedRecords)
The time range is defined as a one hour real time window.
The event ...
|
–
|
21 months ago... | |
|
Omit specific field values from report
(Not tagged)
I have a locked user account security event from a Windows 2008 Domain Controller . Example:
04/28/10 05:53:20 PM
LogName=Security
SourceName=Microsoft Windows security auditing.
EventCode=4740
EventType=0
Type=Information
ComputerName=AD1.ACME.COM
TaskCategory=User Account Management
OpCode=Info
RecordNumber=129124492
Keywords=Audit ...
|
–
|
22 months ago... | |
|
Date without time
(Not tagged)
What I need to accomplish seems simple, but is not working:
I want a search (that can be stored in an index for speed) that has a DATE column without the time. I want to sum/min/max a couple other columns grouped by that date, AND I want the date to display in corect date order.
Here's where ...
|
2
|
22 months ago... | |
|
Splitting output for field extraction
(Not tagged)
Hi. I wrote a script that will produce an output like this:
0 fscsi0 NORMAL ACTIVE 3518549 0 3 2
1 fscsi1 NORMAL ACTIVE 3520158 0 3 2
I want to extract the "fscsi0" and "fscsi1" as a field named "Adapter".
When I ...
|
4
|
22 months ago... | |
|
How to have a Multiple data over time series.
(Not tagged)
I have the following Data. ofcourse along with the Date and Time. I woud like to know the query so that I want to put it in a graph.
Will look for Top 10 Sports over time ,then filter by City
X axis - Sports
Y axis - Count of Sports.
- Stacked Barchart (Stack section = City)
Sports ...
|
1
|
22 months ago... |