The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Forums: Posted by glennsinclair
| Topic | Author | Replies | Latest Post |
|---|---|---|---|
|
Problem with line breaking
In: SplunkAdministration
(Not tagged)
That looks good, for some reason I didnt realise you could use an or in that regex. Thanks a lot.
No, that's not what I want. All lines with a timestamp on them are a single event. The multi-line ... Thanks for the answer. I can see how this would work IF all events started with a timestamp. The problem ... One of the log files we are trying to index is a tomcat catalina.out log file. This is particularly ... |
6
|
27 months ago... | |
|
Tryng to reolve Windows event log encoding err
In: SplunkAdministration
(Not tagged)
I have seen this in our environment, it appears that there may be a bug in the EventsViewer module that ...
|
7
|
27 months ago... | |
|
Formatting in advance mode
In: SplunkApplications
(Not tagged)
Ah yes... sorry I had not included my entire xml in my post. I have tried using the splSearchControls-inline ...
Also, the submit button does not seem be linked with the search box interface-wise. When you type something ... Hi, I have a formatting issue when trying to create an "ExtendedFieldSearch" item in advanced xml ... |
4
|
27 months ago... | |
|
Missing Data from Data Input: Files and directories Monitor
In: SplunkAdministration
(Not tagged)
Reading this reminded me of a problem I had with certain logs dropping off being monitored by Splunk ...
|
11
|
28 months ago... | |
|
How to override binary file check for log files
In: SplunkAdministration
(Not tagged)
Thanks. I knew it would be easy!
Hi, We have a number of application log files that contain "special" characters, that is, control ... |
2
|
28 months ago... | |
|
Reduce /opt/splunk/var/log/splunk output
In: SplunkAdministration
(Not tagged)
I think he's wanting to reduce the footprint of logs on the system, rather than anything to do with ...
|
2
|
28 months ago... | |
|
Data Cloning and failover
In: SplunkAdministration
(Not tagged)
I have had this problem also, unfortunately cloning data doesn't actually mean that both indexes will ...
|
2
|
28 months ago... | |
|
Forward certain log files to multiple indexes
In: SplunkAdministration
(Not tagged)
Thanks guys, I just wanted to know what my options were before I went forth.
I will proceed with ...
And it is not possible on the indexer/server side of things, via the props.conf/transforms.conf at all? I'd ... Hi, For audit purposes, we need to store certain information for an extended period of time. Our ... |
5
|
28 months ago... | |
|
Upgrade splunk pkg on Solaris - non-interactive doesn't work
In: SplunkAdministration
(Not tagged)
Solved - generated a response file using pkgask, and specified it using the -r option to pkginstall.
The ...
I am upgrading approximately 250 servers (lightforwarders) to the latest splunk version (4.0.8). A large ... |
2
|
29 months ago... | |
|
Backslash and quotes
In: SplunkSearchAndAlert
(Not tagged)
In case anyone is tracking the forums for bugs, a possibly related problem is listed in http://www.splunk.com/support/forum:SplunkApplications/3645 ...
|
17
|
30 months ago... | |
|
Dispatched searches have added quotes, breaking search
In: SplunkApplications
(Not tagged)
I have logged this issue with Splunk support, call #36521
If anyone is monitoring these forums for ...
Yes, that solved it thanks. I still think this may be a bug, I'll log with support and see what they ... I'm having trouble with what I think is a potential bug in the way that apps handle search. When ... |
3
|
30 months ago... | |
|
Is it possible to store search results for later processing?
In: SplunkSearchAndAlert
(Not tagged)
Yes, that looks very promising thanks. I'll look into it.
I am trying to develop a part of an application that will allow users to analyse transactions that flow ... |
3
|
30 months ago... | |
|
Setting default app based on user role
In: SplunkAdministration
(Not tagged)
Cool, thanks.
Is it possible to set a default app based on user role? I see from http://www.splunk.com/base/Documentation/4.0.6/Developer/DefaultApp ... |
2
|
30 months ago... | |
|
Searching using EU time formats
In: SplunkAdministration
(Not tagged)
I agree.
Thanks... I should have mentioned that I'm aware of this method but its not very nice for my users to ... Does anyone know how can I configure splunk to accept time span search modifiers (starttime/endtime) ... |
4
|
30 months ago... | |
|
Viewing latest logs in Splunk
In: SplunkApplications
(Not tagged)
This should probably be in the SplunkGeneral forum.
Have you checked the logs on the forwarder in ...
|
2
|
31 months ago... | |
|
HTML rendering within a dashboard/panel
In: SplunkApplications
(Not tagged)
Helpful advice thanks. Escaping with < and > works fine (although it makes it a bit unreadable), ...
I am developing an app at the moment with a number of dashboards. The users I am developing for will ... |
3
|
31 months ago... | |
|
When to restart splunkd and/or splunkweb
In: SplunkApplications
(Not tagged)
Thanks guys. Yes my 404 was due to using the main port rather than the mgmt port - braindead. I'll take ...
I would like to get some info on this also if anyone knows. Additionally, if a full splunk restart ... |
4
|
31 months ago... | |
|
LightForwarders newer version than indexers - OK?
In: SplunkAdministration
(Not tagged)
What are the implications of having LightForwarders of a newer version than the Indexers they are forwarding ...
|
1
|
31 months ago... | |
|
outputs.conf maxQueueSize - what happens when queueing?
In: SplunkAdministration
(Not tagged)
Thanks for your response. That's good to know, but it reveals that I do not understand as much about ...
We currently have maxQueueSize set to the default (1000) on our servers. We have a number of servers ... |
3
|
31 months ago... | |
|
Splunk backup - snapshots on ext3 - ext3cow
In: SplunkAdministration
(Not tagged)
I'm trying to set up a reliable backup system for our Splunk implementation, which involves one 3.4.10 ...
|
–
|
31 months ago... |