Forums: Posted by araitz
| Topic | Author | Replies | Latest Post |
|---|---|---|---|
|
Include an authenticator to integrate with Google Apps
In: SplunkRequest
(Not tagged)
I think you are looking for scripted auth:
http://www.splunk.com/base/Documentation/latest/Admin/ConfigureSplunktousePAMorRADIUSauthentication
Don't ...
|
bradwhittington
Posts |
3
|
20 days ago... |
|
Splunk stays in loading status forever
In: SplunkAdministration
(Not tagged)
Hmmm, haven't seen this. Can you open a support case with support at splunk dot com?
|
apardo
Posts |
2
|
1 month ago... |
|
Monitor remote unix servers performance
In: SplunkReporting
(Not tagged)
You can install Splunk as a LightWeightForwarder on your remote servers and configure them to run the ...
|
coopermarsh
Posts |
2
|
1 month ago... |
|
Sun T5120/T5220
In: SplunkAdministration
(Not tagged)
To make sure this is clear:
Splunk is a multi-process, multi-threaded application. Indexing, as ...
Rotten, Appreciate your perspective, but you should believe me on this one, I have plenty of first-hand ... Yes, performance with Splunk on UltraSparc is very poor. UltraSparc are not designed for the heavy ... |
erscott00
Posts |
7
|
1 month ago... |
|
hostname extraction for different sourcetype
In: SplunkAdministration
(Not tagged)
If you look in $SPLUNK_HOME/etc/system/**default**/props.conf, you will see that we do a TRANSFORM for ...
|
ccan
Posts |
3
|
1 month ago... |
|
Syslog in Splunk
In: SplunkAdministration
(Not tagged)
What version of Splunk? What operating system? Is there a firewall such as iptables that is blocking ...
|
Halah
Posts |
2
|
1 month ago... |
|
Problem to Index Linux Auditd
In: SplunkAdministration
(Not tagged)
Great to hear!
I'm looking for the inputs.conf that tells the forwarder which files to monitor, but I wouldn't worry ... What does your inputs.conf look like on the forwarder? |
apardo
Posts |
6
|
1 month ago... |
|
Multiple Directories having the same SourceType
In: SplunkAdministration
(Not tagged)
Sure, that will work fine. The point of sourcetypes is to span across multiple sources.
|
anon1m0us
Posts |
2
|
1 month ago... |
|
Incorrect hostnames
In: SplunkAdministration
(Not tagged)
Ah, very good. We could be more clear about how setting the sourcetype affects your data.
What kind of logs show up when you search for host=munin? How about when you search for host=munin.office.quintagroup.com? I ... |
phobos
Posts |
3
|
1 month ago... |
|
REGEX Help
In: SplunkGeneral
(Not tagged)
You can't use two REGEX keys such as this, so you would need to write one regex that looks for both.
|
simonmag
Posts |
1
|
1 month ago... |
|
Windows 2008 Event Descriptions not displayed
In: SplunkAdministration
(Not tagged)
It is a product of the way the Event Log works. Other users have had the same problem:
http://www.splunk.com/support/forum:SplunkAdministration/2932
Here ...
This message usually occurs when the dll containing the event description is missing. |
CerielTjuh
Posts |
7
|
1 month ago... |
|
Install Splunk on custom directory
In: SplunkGeneral
(Not tagged)
Yes of course.
|
csoh
Posts |
1
|
1 month ago... |
|
4.x Forwarders Compatible with 3.4.5 Server?
In: SplunkAdministration
(Not tagged)
The forwarder architecture, specifically the heartbeat, has been changed.
I wouldn't advise it, and in fact I'm pretty sure it won't work. |
nmatatal
Posts |
3
|
1 month ago... |
|
Forwarder Performance
In: SplunkAdministration
(Not tagged)
It depends on the characteristics of the data on the forwarder. That said, in most cases it wouldn't ...
|
baxterp
Posts |
1
|
1 month ago... |
|
Unattended install/configuration
In: SplunkAdministration
(Not tagged)
The MSI installer has options for disabling the Windows Event Logs collection:
http://www.splunk.com/base/Documentation/latest/Installation/InstallonWindowsviathecommandline#Supported_flags
Use ...
|
marcindobija
Posts |
3
|
1 month ago... |
|
Set permissions for roles to access specific indexes during distributed search
In: SplunkAdministration
(Not tagged)
Yes, look in the manual under authorize.conf (you can also do this via Manager > Roles):
http://www.splunk.com/base/Documentation/latest/Admin/Authorizeconf
srchIndexesDefault ...
|
neslog
Posts |
2
|
1 month ago... |
|
Module's
In: SplunkReporting
(Not tagged)
You need to put at least one child module below hidden saved search to render the results of the search. ...
Modules are components of dashboards. I suggest you start by examining the sample_app or reading the ... |
anon1m0us
Posts |
6
|
1 month ago... |
|
Comparing two files
In: SplunkAdministration
(Not tagged)
Sure! Let's assume today's file is export1014.txt and yesterday's file was export1013.txt.
You need ...
Sure! Let's assume today's file is export1014.txt and yesterday's file was export1013.txt. You ... Sure, the unix "diff" command :) Splunk "diff" will only compare two search results, so you should ... I don't think you are using the diff command correctly, as it isn't intended to take a file as an argument. ... |
CerielTjuh
Posts |
6
|
1 month ago... |
|
Merge two fields
In: SplunkReporting
(Not tagged)
As you discovered, all time fields in Splunk are in epoch time, so yes, you would need to convert it ...
<code> | eval Date = _time </code> <code> | strcat Month " " Year MonthYear </code> <code>| strcat Month " " Year MonthYear </code> |
anon1m0us
Posts |
8
|
1 month ago... |
|
Splunk weighted failover (load balancing with priority)
In: SplunkAdministration
(Not tagged)
Please feel free to email support and request this enhancement.
|
hsteam
Posts |
2
|
1 month ago... |