The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Forums: SplunkRequest
Topics 1–20 of 112
| Topic | Author | Replies | Latest Post |
|---|---|---|---|
|
Saved Search minor nitpicks
(Not tagged)
After managing a largish collection of saved searched a few things come to mind as annoying, yet probably easily fixed.
- When closing a search, clone the name of the search as well. Very often I find myself creating very similar searches that vary only by what systems they search, or what string ...
|
–
|
12 months ago... | |
|
SysV init script
(Not tagged)
The /opt/splunk/bin/splunk script is already very well suited to be dropped into /etc/init.d on most linux distributions so that splunk can be started and stopped automatically.
I'm requesting that reasonable comments be placed at the top of the file so that Red Hat's chkconfig (and possibly other ...
|
4
|
12 months ago... | |
|
Splunk Omni Graffle Stencils
(Not tagged)
Hi there :-)
So I heard on the grapevine that you're a Mac house... that being the case, I don't suppose you could point me towards your OmniGraffle stencils?
Cheers!
RT
|
–
|
13 months ago... | |
|
Splunk Visio Stencils
(Not tagged)
You guys have a bunch of great visual aids in your documentation. Any chance we can get some of those in Visio stencils so we can construct data flows for documentation?
|
10
|
13 months ago... | |
|
Rangemap Color Fading
(Not tagged)
Allow Rangemap or possibly even a new function to support color fading. Instead of saying "If count is between 1-10 be green and if count is over 10 be red" allow us to say "Fade from green to red between the values 1 and 100" In other words 1 would be completely green, 100 would be completely red, ...
|
1
|
20 months ago... | |
|
Monitoring files and directories: new files in directory not being indexed
(Not tagged)
I am running splunk on XP (32-bit). After reading through the forums and the manual, I organized a tree structure like this:
C:\log_test
C:\log_test\subdir
Inside subdir I have added 2 log files. Then I restarted the PC (just to restart the splunkd services) and splunk searches then accurately ...
|
–
|
22 months ago... | |
|
Indexing and parsing tool
(Not tagged)
I'd be nice to be able to point Splunk at a test file and see how your regexs and whatnot will effect it at index time without actually have to index and clean over and over.
|
1
|
22 months ago... | |
|
Love the app, hate the documentation
(Not tagged)
Are there any plans for a revamp of the documentation system?
I've been able to accomplish a lot in quite a short time with the app, but when I come to the site to learn how to do something it is like pulling teeth. I have spent the past couple of hours running into page redirects when I think I ...
|
26
|
22 months ago... | |
|
No Frork/Foreground server run
(Not tagged)
Please consider adding this options to slunk daemon control. This is essential to run spunk from upstart or inittab.
There are several other ways, how to run daemon from upstart, bud this is the cleanest and preferred. UpStart is now by default in ubuntu, fedora and many other mainstream linux distributions.
I ...
|
1
|
23 months ago... | |
|
deployment server changes
(Not tagged)
Looking at the deployment server configuration files, specifically deployment.conf it looks as if it would work great for a small number of hosts, or groups of hosts very simliar. If I had a deployment.conf similar to the following:
172.21.* = all_output
web1 = web_inputs, tomcat_inputs
where ...
|
7
|
23 months ago... | |
|
editing/replacing reports/graphs
(Not tagged)
Not sure if this has been discussed or not, but editing existing reports/searches is a pain. What would seem like a real easy fix to do, would be to add a simple Save As and change the Save (over the existing) function.
For example, I'm editing an existing report right now. I have two options: "Save ...
|
–
|
24 months ago... | |
|
FreeBSD 7 and 8 support
(Not tagged)
I've emailed support on Splunk 4.0.4 segfaulting on FreeBSD 7.2, and on 8.0.
So, I'd like to put it out there again, and request for official support.
|
12
|
24 months ago... | |
|
Splunk integration with SCOM
(Not tagged)
Hi,
Do you all have Splunk for SCOM?
I need to integrate Splunk with SCOM.
Splunk gather all data from SCOM.
Would someone share with me? Thanks
|
–
|
24 months ago... | |
|
Field Actions
(Not tagged)
Please re-add the abilty to execute actions (i.e. links to external URL/resources) based on fields like we had in 3.x
|
2
|
25 months ago... | |
|
HP-UX Support
(Not tagged)
I'm not sure there's a lot of other demand out there for it, but a port of the app for HP-UX on IA64 would be quite useful.
|
11
|
25 months ago... | |
|
color mapping
(Not tagged)
Can we map the colors of the lines in graphs to a specific values? Sort of a lookup/translation table for colors?
Then all of our graphs might have the same host represented with the same color for a more consistent interface.
|
1
|
25 months ago... | |
|
Date Ranges and Reporting
(Not tagged)
When I select a Date Range, why can't Splunk remember the date range I just picked, so the next time I need a date range, it starts there?
Usually when running a variety of searches to investigate something, I use the same date range multiple times. It is annoying to have to constantly re-enter ...
|
–
|
25 months ago... | |
|
Splunk Binary for zLinux on s390x
(Not tagged)
Is there any chance for a 64bit binary version of Splunk for Linux for IBM Z-Series?
Kernel Info:
Linux ---- 2.6.5-7.244-s390x #1 SMP Mon Dec 12 18:32:25 UTC 2005 s390x s390x s390x GNU/Linux
|
2
|
26 months ago... | |
|
Splunk Integration with SSO
(Not tagged)
We would like to integrate splunk with our SSO solution. In this case Sun's Access Manager. The follow-on is OpenSSO.
Typically, we can do this by setting an http header with the authenticated user account and the group information. the agent in the SSO solution is integrated with an apache web ...
|
7
|
26 months ago... | |
|
Support for WS-Eventing (Pushing Windows Eventlogs over WS Management) - Sell more splunk.
(Not tagged)
Hi - if you want to dramatically improve your product for Windows systems all you need to do is implement a new TCP/XML parser to support WS-Eventing.
Windows Vista/2008/7 supports centralised PUSH Event Log Collection of Windows 2003+ systems via WS-Eventing. WS-Eventing is deployed with WS-Management ...
|
3
|
26 months ago... |