The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Forums: Posted by bloizides
| Topic | Author | Replies | Latest Post |
|---|---|---|---|
|
Deployment Server - can't deploy app
In: SplunkAdministration
(Not tagged)
Hi. I was finally able to get the Splunk deployment server working (yay!). One problem I'm having, however, ...
|
1
|
18 months ago... | |
|
How to monitor .bash_history?
In: SplunkAdministration
(Not tagged)
Slightly different contact but same idea... Here's how I did it:
splunk add monitor /home/rootdir/.sh_history
I ...
|
4
|
18 months ago... | |
|
Listing files/directories monitored by fschange
In: SplunkAdministration
(Not tagged)
Is there a way, CLI or otherwise, to view all files/directories monitored by fschange? I know I could ...
|
–
|
18 months ago... | |
|
Collect syslog from non-plunk AIX machine to AIX splunk machine.
In: SplunkGeneral
(Not tagged)
Ravi,
I installed syslog-ng on my Splunk server, then collected syslogs from other non-Splunk ...
|
1
|
19 months ago... | |
|
Shell script output within a single entry
In: SplunkAdministration
(Not tagged)
Hi. I have a script the runs about twenty commands to take a snapshot of the system (Unix) every 12 ...
|
–
|
22 months ago... | |
|
Checking Splunk logins
In: SplunkAdministration
(Not tagged)
Thanks!
Hi. I'm wondering if there is a way to check Splunk logins. That is, how can I get a report of ... |
4
|
22 months ago... | |
|
Splunk on AIX 6.1
In: SplunkGeneral
(Not tagged)
Hi. We will be upgrading our AIX servers from 5.3 to 6.1 this spring/summer. According to Splunk support, ...
|
–
|
23 months ago... | |
|
Counting hits from IP addresses
In: SplunkReporting
(Not tagged)
Thanks. :)
Hi. I have the following search: sourcetype="*access*" | chart dc(remote_host) by remote_host It ... |
2
|
24 months ago... | |
|
Alert without indexing
In: SplunkSearchAndAlert
(Not tagged)
Hi. Is it possible for Splunk to kick off an alert and only index when that alert condition is met? ...
|
1
|
24 months ago... | |
|
Splitting output for field extraction
In: SplunkReporting
(Not tagged)
Nevermind, figured it out. Thanks!
I'm still having trouble with this (been a while, I know). I don't have this sourcetype defined in props.conf ... Thanks! Hi. I wrote a script that will produce an output like this: 0 fscsi0 NORMAL ACTIVE ... |
4
|
24 months ago... | |
|
Display more than ten results in timechart
In: SplunkReporting
(Not tagged)
Perfect, thank you!
Is there a way to display more than 10 results in a timechart? It seems like this is the default. For ... |
3
|
25 months ago... | |
|
AIX 5.3 /var/adm/ras/errlog file monitoring
In: SplunkGeneral
(Not tagged)
I wrote a Perl script that will output any errors in the error log from the past five minutes. I then ...
|
4
|
25 months ago... | |
|
Splunk -2-Splunk Forward Configured but inactive
In: SplunkAdministration
(Not tagged)
Actually, I take it back... it's no longer forwarding again. It was working for a while (clear text, ...
Thank you, it's now showing up as an active forward. Unfortunately, it's not sending the data over ... I tried configuring it several different ways, including copying one from a post asking a similar question ... Hello again. Unfortunately, I'm still having this problem. Yes, SSL is configured on the receiving side ... I am trying to set-up a SplunkLightForwarder to forward a log to a central Splunk server (both are at ... |
6
|
27 months ago... | |
|
AIX on *Nix
In: SplunkApplications
(Not tagged)
I'm definitely interested. How do I get your mods?
|
9
|
27 months ago... | |
|
Backslash and quotes
In: SplunkSearchAndAlert
(Not tagged)
Ah okay, I worked that part out, thanks for your help.
Unfortunately, changing savedsearches.conf ...
I tried editing savedsearches.conf directly, but the change doesn't seem to "kick in". Is there something ... I did not try that... I will give that a try. Thank you for the tip. I did find a work-around, however. ... That's what's odd... in the Splunk Manager it looks okay. No backslashes. They only appear when I invoke ... I'm trying to create a search query. When I type it in the search bar manually, it works fine. Here's ... |
17
|
28 months ago... |