Forums: Posted by gkanapathy

Topics 1–20 of 771

Topic	Author	Replies	Latest Post
Grouping/modeling Pix firewall data a certain way? In: SplunkReporting (Not tagged) Probably best to look at the "stats", "top", "chart" and "timechart" commands first to get where you ...	kumba Posts	1	10 hours ago...
removing the flash widget from the search results page In: SplunkPreview (Not tagged) You will have to edit and customize the Advanced XML view, by copying $SPLUNK_HOME/etc/apps/search/default/data/ui/views/flashtimeline.xml ...	sconover Posts	1	2 days ago...
Best way stop "sample_app" logs events from being forwarded to the primary indexer In: SplunkAdministration (Not tagged) If you want to make sure sample_app stays disabled between upgrades, just put this into $SPLUNK/home/etc/sample_app/local/app.conf [install] state ...	lalleman Posts	2	4 days ago...
File Integrity gid=-1, uid=-1 on Windows In: SplunkAdministration (Not tagged) Unfortunately there is no way to fix this. (Even on non-Windows, gid and uid only return the group/owner ...	nmatatal Posts	1	4 days ago...
Filter log content before forwarding In: SplunkAdministration (Not tagged) A light forwarder can not filter events (see http://www.splunk.com/wiki/Where_do_I_configure_my_Splunk_settings%3F ...	JimK Posts	5	4 days ago...
Get the time defined by the user In: SplunkReporting (Not tagged) Yeah, it's basically not possible to get the "earliest" and "latest" time parameters that were passed ...	guilleglobant Posts	4	4 days ago...
How to index only certain events from IIS weblogs? In: SplunkAdministration (Not tagged) Almost certainly the string `sc_status=404` is never actually in your IIS log file. The REGEX must actually ...	przygode Posts	1	5 days ago...
Pushing Windows inputs to a different index? In: SplunkAdministration (Not tagged) etc\apps\search\local Yes. In the inputs.conf file, default is in etc\apps\windows\local\inputs.conf, where you enable the ...	bosburn Posts	3	5 days ago...
Cisco Security (specifically ASA) In: SplunkApplications (Not tagged) Well, you really should have made the config changes in "local", not default, but it should still work ...	yellowman Posts	3	5 days ago...
Error: Unable to find pipeline with name udp.. In: SplunkGeneral (Not tagged) Did you enable Light Forwarder mode, possibly by mistake? You will have to disable Light Forwarder and ...	andreaf832 Posts	4	6 days ago...
Snare Syslog Windows Clients In: SplunkAdministration (Not tagged) The Windows app is written somewhat specifically to pull information from the Splunk WinEventLog:* sourcetypes, ...	mwilliams68 Posts	2	6 days ago...
getting average by adding times In: SplunkAdministration (Not tagged) Yes, you should look at the stats command and the timechart command: http://www.splunk.com/base/Documentation/latest/SearchReference/Stats http://www.splunk.com/base/Documentation/latest/SearchReference/Timechart http://www.splunk.com/base/Documentation/latest/SearchReference/CommonStatsFunctions But ...	rajc Posts	1	6 days ago...
Need help with filter In: SplunkAdministration (Not tagged) We'd probably like to see an example of your events, but the simple way is if there is a keyword that ...	jkanaszka Posts	1	6 days ago...
Best practice for pre-filtering a bunch of msgs? In: SplunkAdministration (Not tagged) There's no other way other than regular expressions to filter messages from Splunk at index time. There ...	Bluecoat93 Posts	2	7 days ago...
Reindex existing data? In: SplunkGeneral (Not tagged) There should be no need to reindex. If you've copied the database (and data) that should be the most ...	mreliga Posts	2	7 days ago...
search for events that only occur within a time range over a larger time period In: SplunkSearchAndAlert (Not tagged) earliest=@w0 ( date_hour >= 19 OR date_hour < 5) login	bnolen Posts	2	7 days ago...
Stats within transactions In: SplunkSearchAndAlert (Not tagged) alternatively: host="web" ( uri_path=/path1/ OR uri_path=/path2/* OR uri_path=/path3/* \| transam ... host="web" ( uri_path=/path1/ OR uri_path=/path2/* OR uri_path=/path3/* \| transam clientip maxspan=60m ...	dcovar Posts	3	7 days ago...
changes which trigger upgrade process In: SplunkAdministration (Not tagged) You can add --answer-yes to bypass any prompt with a yes answer, which includes the upgrade and creation ...	ualbanytech Posts	3	7 days ago...
Help Parsing general message field and counting the result. In: SplunkGeneral (Not tagged) SourceName=Print source=*WinEventLog:System \| rex "pages printed: (?<pgs>\d+) \| stats sum(pgs) [Revised ...	andybgrant Posts	3	9 days ago...
Issues with external lookup fields from static file In: SplunkGeneral (Not tagged) 1. You can surround the field with double quotes, which is the CSV convention for fields with spaces ...	ggomez Posts	1	10 days ago...

1 2 3 4 5 6 7 8 9 ...39 Next »

Forums: Posted by gkanapathy

Description:

Permalink:

Splunk.com

Product:

Solutions:

Industries:

Partners:

Company:

Support: