The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.

Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.

Forums: Posted by gkanapathy

Topics 1–20 of 850

Topic	Author	Replies	Latest Post
reached the maximum license violations for this time period In: SplunkAdministration (Not tagged) http://answers.splunk.com/questions/322/what-happens-when-i-exceed-my-licensed-limit http://www.s...	0l1v1er Posts	1	12 months ago...
Using "eventtype" inside "if" function of "eval" command In: SplunkSearchAndAlert (Not tagged) Please repost to answers.splunk.com. But the main issue probably that your fields are numeric, and eventtypes ...	woodcock Posts	1	16 months ago...
Forwarding to a specific Index In: SplunkGeneral (Not tagged) The one on the Light Forwarders. This may help you understand: http://www.splunk.com/wiki/Where_do_I...	aaronzabell Posts	2	18 months ago...
Upgrading Splunk deleting script files In: SplunkAdministration (Not tagged) Custom scripts should be placed in an app, $SPLUNK_HOME\etc\apps\myappname\bin\scripts, depending	claire.lee Posts	1	19 months ago...
Create new Field and Assign existing field in transforms.conf In: SplunkGeneral (Not tagged) how about ... \| eval User_Name=coalesce(User_Name,Account_Name) \| stats count by User_Name	kholleran Posts	2	19 months ago...
Multiple lookup in a dashboard In: SplunkDev (Not tagged) I've seen weird things wrt to lookup tables and security. First make sure that the lookup table and ...	thomasknowles Posts	3	19 months ago...
Dashboard? View? Am I missing something? In: SplunkGeneral (Not tagged) They are the same thing, just different base templates for layouts. It's also complicated because there ...	klee310 Posts	1	20 months ago...
Search Help In: SplunkGeneral (Not tagged) Actually, you probably want to make it host="HOST" \| stats count, first(_time) as _time by Account_Name so ... host="HOST" \| stats count, first(_time) by Account_Name "first" will give you the first encountered ...	kholleran Posts	2	20 months ago...
Collection Limit for Free Enterprise Version In: SplunkAdministration (Not tagged) It's probably a performance/network limitation on WMI timing out.	cyarworth Posts	1	21 months ago...
Problem with parsing CSV files In: SplunkGeneral (Not tagged) The problem is actually there is a default rule in props.conf for any file whose name ends in ".csv" ...	elspliffo Posts	5	21 months ago...
Parse Windows Event log In: SplunkGeneral (Not tagged) You would configure this on the indexer if using a Light Forwarder: http://www.splunk.com/wiki/Where...	kholleran Posts	6	21 months ago...
Splunk in VM on SAN In: SplunkAdministration (Not tagged) Honestly, at those data volumes, almost anything will work. We usually recommend a certain level of ...	rmarshall Posts	1	21 months ago...
Multi fields with multi value In: SplunkAdministration (Not tagged) Field names can begin with digits, but they can't be all digits. You might try FORMAT = f$1::$2	katalinali Posts	2	21 months ago...
incrementing sourcetype name In: SplunkAdministration (Not tagged) It's because there is a default rule on files named ".csv". To completely override it, add: [source::....csv] sourcetype ...	kevintelford Posts	1	22 months ago...
Help with custom time manipulation in the GUI In: SplunkGeneral (Not tagged) You can click and drag over the flash timeline and use the "zoom in" and "zoom out" links to move the ...	nclarkau Posts	3	22 months ago...
1.866.GET.SPLUNK and Sales contact In: SplunkGeneral (Not tagged) It does and you should be able to leave a message with your contact info and request to be called ba...	thipsz Posts	1	22 months ago...
Global File System (GFS) In: SplunkGeneral (Not tagged) The locktest tests the filesystem to ensure that it has the type of file locking semantics and atomicity ...	baxterp Posts	1	22 months ago...
Checking Splunk logins In: SplunkAdministration (Not tagged) Splunk 4.1.1 comes with a "search activity" set of dashboards that run over this data.	bloizides Posts	4	22 months ago...
polling an http source In: SplunkAdministration (Not tagged) The webping application http://www.splunkbase.com/apps/All/app:Web+Page+Monitor does this.	rotten Posts	2	22 months ago...
Valid time values for minimumTime and maximumTime on splunk charts? In: SplunkPreview (Not tagged) You should set your search range earliest and latest params instead, and the chart will automatically ...	pvrmx Posts	1	22 months ago...

1 2 3 4 5 6 7 8 9 ...43 Next »

Forums: Posted by gkanapathy

Description:

Permalink:

Splunk.com

Product:

Solutions:

Industries:

Partners:

About_us:

Support:

Services:

Videos

Download