The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.

Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.

Forums: Posted by katalinali

Topics 1–17 of 17

Topic	Author	Replies	Latest Post
Set user default view In: SplunkAdministration (Not tagged) Hi all, I would like to know if Splunk allow to set default user's view instead of the whole apps. ...	katalinali Posts	2	24 months ago...
Multi fields with multi value In: SplunkAdministration (Not tagged) I find field can't begin with 0-9 from: http://www.splunk.com/base/Documentation/4.1.2/Knowledge/Createandmaintainsearch-timefieldextractionsthroughconfigurationfiles Then ... I have some log format like: Timestamp value request \| [3 ] [value1] \| ...	katalinali Posts	2	25 months ago...
*Monitor NIX by distributed search** In: SplunkAdministration (Not tagged) I query two statement to check it: index=* host=hostb* index=* source=top I can't find any script ... I have set up a distributed search to monitor *NIX app in another search peer, but I find I can't search ...	katalinali Posts	2	26 months ago...
Send alert when no log In: SplunkAdministration (Not tagged) Thanks very much Can splunk trigger alert when the log file doesn't have any new log for a period of time. For example, ...	katalinali Posts	2	29 months ago...
Strange thing on the result In: SplunkAdministration (Not tagged) I use the window event log as stimulation and I haven't change timezone for splunk, the last log is ... There is a strange thing when I search my data with timestamp of specific date, for example I search ...	katalinali Posts	2	30 months ago...
Extract fields from irregular format In: SplunkAdministration (Not tagged) Are there any methods to control the field extraction like following format: ================================================================ ...	katalinali Posts	1	31 months ago...
align component inside form search In: SplunkAdministration (Not tagged) Can I align the components inside the form search e.g. control the text field or drop down box to show ...	katalinali Posts	–	31 months ago...
Set rolling base on time In: SplunkAdministration (Not tagged) Can I save the command as a search inside splunk?? I fail to do so. I would like to backup on schedule (e.g every week), so I want splunk can run the script at a period ... I have scheduled to run \| debug cmd=roll index=index_name>, but I find the DB didn't roll and I ... Can anyone answer my question please. Can set the data rolling (hot to warm) base on time in Splunk. I have tried maxHotSpanSecs = 3600 but ...	katalinali Posts	10	33 months ago...
Dispaly fields in order In: SplunkAdministration (Not tagged) I make a alert with format csv or inline plain text. I define the fields in saved search as **xxx \| ...	katalinali Posts	–	34 months ago...
Display as Table form In: SplunkAdministration (Not tagged) I would like to display my result as a table form. Do splunk 4.x have command can do something like ...	katalinali Posts	1	34 months ago...
oldsearch not found In: SplunkAdministration (Not tagged) Thanks very much. I also try it under Unix. The result is same as window 2003. Furthermore, how can I verify hotdb is ... I try splunk search " \| oldsearch index=_internal !++cmd++::roll" -auth admin:changeme and also splunk ...	katalinali Posts	3	34 months ago...
Backup splunk question In: SplunkAdministration (Not tagged) Can splunk backup online with third part backup software?	katalinali Posts	1	34 months ago...
Assign subsearch result to fields In: SplunkAdministration (Not tagged) Can subsearch result assisgn back to the fields. Like: <keyvalue> date_mday=[search sourcetype="XXX" ...	katalinali Posts	–	37 months ago...
Handle control characters In: SplunkAdministration (Not tagged) Our application log format is like: 2009-04-20 12:23:68 (verison 2.2.1 ^A12=1234^A34=987 ..... When ...	katalinali Posts	–	38 months ago...
Change timezone for a sourcetype In: SplunkAdministration (Not tagged) I have tried Asia timezone like TZ=Hongkong, but splunk don't respond with it. I want GMT +08:00 but not -08:00. Can splunk handle Asia timezone? I would like to change timezone for a sourcetype, but splunk didn't take any actions. Can someone give ...	katalinali Posts	5	39 months ago...
splunkd terminate automatically In: SplunkAdministration (Not tagged) I have installed splunk 3.4.6 (x86_64) under Solaris 10 but I find splunkd always terminate automatically ...	katalinali Posts	–	39 months ago...
Call Perl script under window In: SplunkApplications (Not tagged) I added a perl script under inputs.conf like: [script:perl //$SPLUNK_HOME\bin\scripts\pro.pl] interval ...	katalinali Posts	1	40 months ago...

Forums: Posted by katalinali

Description:

Permalink:

Splunk.com

Product:

Solutions:

Industries:

Partners:

About_us:

Support:

Services:

Resources:

Download