The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.

Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.

Forums: Posted by jhodges

Topics 1–12 of 12

Topic	Author	Replies	Latest Post
specifying series colors and positions In: SplunkDev (Not tagged) I'm attempting to recreate a legacy report in splunk that labels response times into different buckets ...	jhodges Posts	1	31 months ago...
alert when a host stops logging In: SplunkSearchAndAlert (Not tagged) that's exactly what I needed! thanks! Haven't upgraded to 4 yet though, so just another reason to ... I have a bit of a funky setup wherein a 10s delay in indexing the data will not be unusual, so this ... I'm seeing an interesting issue where one of our java virtual machines will stop logging or processing ...	jhodges Posts	4	34 months ago...
I cant get into splunk!?!?! In: SplunkGeneral (Not tagged) take a look at /opt/splunk/var/log/splunk/splunkd.log - that'll likely shed some light on the issue...	databanq1 Posts	2	37 months ago...
Creating scatter plots of discrete data points In: SplunkGeneral (Not tagged) Here's a related article about getting meaningful data from scatter plots. Reading what he's talking ... I've been looking for a good way to represent response time data in a meaningful way, and have become ...	jhodges Posts	1	37 months ago...
charting change rate of a counter In: SplunkReporting (Not tagged) i have some data that's tracking bytes in a counter form... how can i create a report to only show the ...	jhodges Posts	5	39 months ago...
Monitoring Java garbage collection times In: SplunkGeneral (Not tagged) Even if not, it should be pretty close, so this is very helpful. I'm wondering how ensure that the times are accurate? Since the only thing the jvm reports is elapsed ...	pde23 Posts	3	40 months ago...
Cisco ASA Firewall Alerts In: SplunkSearchAndAlert (Not tagged) Why do you use search instead of where? Aha -- nice. I didn't realize you could rename it right there in the chart function. Thanks for the ... pipe it to chart function, then use where to set your threshold: ip=x.x.x.x port=xx startminutesago=x ...	cbobb Posts	5	41 months ago...
dealing with commas in numeric fields In: SplunkAdministration (Not tagged) I figured out one way to do it: REGEX = (?m)^\s+([\d\.,]+)\s+([\d,]+)\s+[\d,]+\s+([\d]+),([\d]+)$ FORMAT ... I had to adjust your regex a bit to match, but that doesn't work either.. I used this regex: REGEX ... Here's a complete event, but I don't think it's going to help much. the core problem, and all I need ... the last number in the line represents the number of current user sessions hosted by a jvm, charting ... I'm trying to extract data from a multi-line field that contains the following line: 1,924.85 ...	jhodges Posts	8	44 months ago...
ReportCache application not writing to cache In: SplunkApplications (Not tagged) it was disabled in local/inputs.conf, linux OS. figured this out as well.. I had $SPLUNK_HOME/var/spool/splunk defined in 2 different inputs.conf files, ... I found this splunk error that seems to relate: 07-02-2008 12:06:15.330 ERROR UnifiedSearchWrapper ... having trouble getting reportcache application to write to indexes. I've gone through the instructions ...	jhodges Posts	5	47 months ago...
pci index cache searches In: SplunkApplications (Not tagged) Ok, well that was weird.. I discovered that somehow earlier versions of these searches had been written ... That's the issue -- this search doesn't show up in the saved searches list - I cannot see if it has ... I'm having a bit of trouble with the saved searches in the pci application.. some of them are clearly ...	jhodges Posts	3	48 months ago...
Search fields are not recognized In: SplunkGeneral (Not tagged) I'm having the same issue with search fields not working... did you have any luck resolving this?	araitz Posts	12	48 months ago...
Setting up signature=firewall In: SplunkAdministration (Not tagged) that seemed to do it.. thanks! A bit of a newbie here.. I am attempting to configure splunk 3.2.2 using the PCI application... I note ...	jhodges Posts	2	48 months ago...

Forums: Posted by jhodges

Description:

Permalink:

Splunk.com

Product:

Solutions:

Industries:

Partners:

About_us:

Support:

Services:

Resources:

Download