The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.

Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.

Forums: Posted by marcelofinki

Topics 1–17 of 17

Topic	Author	Replies	Latest Post
Splunk 4.1 Error - Encountered the following error while trying to update: In handler 'savedsearch': In: SplunkAdministration (Not tagged) Amend: I installed free version 4.0.9 build 74233. on another server, and got the same error. Any ... Hi, While trying to save a very simple search I ran into this: Encountered the following error while ...	marcelofinki Posts	5	23 months ago...
Asking for recommendation: Unix vs Windows In: SplunkGeneral (Not tagged) Hi, I am going to use Splunk to monitor a group of log files currently stored in Windows servers. I ...	marcelofinki Posts	–	23 months ago...
Why Search results are not consistent? In: SplunkSearchAndAlert (Not tagged) Thanks G. (In addition to the above) Y2KX: On these log files there are no dates with two digits only. I ... We have a savedsearch, executed on Saturday at 6:02 AM with enabledSched. This search sent an email ...	marcelofinki Posts	3	24 months ago...
run savedsearch from CLI In: SplunkSearchAndAlert (Not tagged) I am on Windows. Light bulb moment. The answer on Windows is ... {{splunk search "\| savedsearch ... Thanks gkanapathy! I have several searches that have spaces in their names. //e.g.: "Booking not ... I need to run a savedsearch using the CLI (OS=Windows) I have been able to issue this command ... **splunk ...	marcelofinki Posts	4	24 months ago...
CRASH: Faulting application splunkd.exe, version 0.0.0.0, faulting module msvcr80.dll, version 8.0.5 In: SplunkAdministration (Not tagged) Any luck with investigating this? I am running version 4.0.9 now and still experiencing same erro... (@Ledio) Hi Ledio, Thanks for your help. I regret to say that i have not received any news from ... ... and received a confirmation e-mail with subject ... {{CASE [39147] : crash dump file (splunkAdministration/3889) ... Hi Ledio, I have just sent the file attached to an e-mail to @@+++{{support@splunk.com}}@@. Thanks ... Yesterday we experienced the same crash again. Restarting the splunk.exe server was not possible. ... Hi, The "splunk.exe" service went down. Faulting application splunkd.exe, version 0.0.0.0, faulting ...	marcelofinki Posts	8	25 months ago...
What is an evicted transaction ? In: SplunkGeneral (Not tagged) Please clarify the meaning of "outlying transactions" to me. Does this mean "transactions which ... What is an evicted transaction ? Thanks, Marcelo	marcelofinki Posts	3	25 months ago...
What happens when "SavedSplunker - Maximum number (1) of concurrent scheduled searches reached" ? In: SplunkGeneral (Not tagged) Thank you, for the answer and for the tip about latest. : ) Marcelo Thanks GKanapathy, I hope the default will be "queue up". This poses a new question: Let's ... 1.- I am not going to change them. 2.- What happens when i schedule more than "max_searches" at the ... On my splunkd.log i can see lots of lines like the following one. 01-11-2010 14:12:01.206 WARN SavedSplunker ...	marcelofinki Posts	6	25 months ago...
Love the app, hate the documentation In: SplunkRequest (Not tagged) Hi everyone, I have just found this"Wish List" page... http://www.splunk.com/base/Community:Wish_list Would ... My $0.02 wish list * Implement rich-editor for Forum posts. The wiki formatting already in place ... My $0.02 wish list * Implement rich-editor for Forum posts. The wiki formatting already in place ... My $0.02 wish list * Implement rich-editor for Forum posts. The wiki formatting already in place ... My $0.02 wish list * Splunk can leverage the user community. Users can help write docum. Splunk ... My $0.02 wish list ** Splunk can leverage the user community. Users can help write docum. Splunk ...	tgreenlaw Posts	26	27 months ago...
Subsearch problem / How subsearches work ? In: SplunkSearchAndAlert (Not tagged) Right On. fiy, in 5 minutes from now i am deleting that post. it does not add anything valuable to ... Hey, Arturo, I am sorry to nag you. You are aware that by typeing source="app1.csv" you expect ... First of all, //de nada// ;-) I look forward to reading what you have found out. I hope the Support ... // > ...Any ideas ?// Nope, I am sorry. :-( All I can say is, I wrote a very //similar// search ... Hi Arturo, You said: //"... if another field for app1 tells me "this user is active", I need to ...	arturo Posts	24	27 months ago...
CLI search savedsearch permissions In: SplunkSearchAndAlert (Not tagged) Thanks G, i was able to run a CLI search adding the -app //MyAppName//. I was not able to figure ... Hi. I prepared and saved a search named Audit_001. Initially the search was declared as "private". When ...	marcelofinki Posts	3	27 months ago...
Performing a search and emailing alert/results via CLI In: SplunkSearchAndAlert (Not tagged) Hi Billy48, Hope you have seen the answer by jhart to my question. ==> sendresults=true Sorry ...	billy48 Posts	2	27 months ago...
Splunkd service does not start In: SplunkAdministration (Not tagged) Hi gkanapathy, Thanks for your suggestion! I believe i solved it. : ) @@+++For the record@@ ... These are the last lines in my {{splunkd.log}}. They seem to have been logged during last shutdown. â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â��â�� 11-20-2009 ... The error on this file seems to be: ERROR startup:40 - Unable to read in product version information; ... After adding a search in the {{savedsearches.conf}} file, i restarted splunk, but the {{splunkd}} service ...	marcelofinki Posts	4	27 months ago...
Backslash and quotes In: SplunkSearchAndAlert (Not tagged) I ran into an issue that could be somehow related. My search saved and scheduled in {{savedsearches.conf}} ...	bloizides Posts	17	27 months ago...
sendemail not including the results on the email In: SplunkSearchAndAlert (Not tagged) Thanks Jhart! 1) including {{sendresults=true}} worked. 2) I could not find this argument in the ... Splunk 4.0.4 build 67724. When I execute this search: {{ host=//MyServer// earliest=-1day \| head ...	marcelofinki Posts	6	27 months ago...
Search and replace In: SplunkSearchAndAlert (Not tagged) OK, Thanks! Jon, Have you tried using double quotes? {{replace "foo" with "bar" in _raw}} worked for me, ... Jon, Have you tried using double quotes? replace "foo" with "bar" in _raw worked for me, replacing ... Jon, Have you tried using double quotes? {{replace "foo" with "bar"}} worked for me, replacing ...	jhart@edmunds.com Posts	4	27 months ago...
customize email subject In: SplunkSearchAndAlert (Not tagged) My application contains a set of scheduled saved searches which send alert emails to specific individuals. ...	marcelofinki Posts	3	27 months ago...
Customizing emailed reports In: SplunkAdministration (Not tagged) I was not able to read any of the above referred web pages (as of 12-November-2009). Could you please ...	jhart@edmunds.com Posts	7	27 months ago...

Forums: Posted by marcelofinki

Description:

Permalink:

Splunk.com

Product:

Solutions:

Industries:

Partners:

About_us:

Support:

Services:

Videos

Download