The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.

Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.

Forums: Posted by nmatatal

Topics 1–19 of 19

Topic	Author	Replies	Latest Post
Set user default view In: SplunkAdministration (Not tagged) http://answers.splunk.com/questions/624/how-do-i-set-the-default-page-not-just-app What version are ...	katalinali Posts	2	20 months ago...
Splunk FQDN Hostname with Syslog In: SplunkAdministration (Not tagged) I had the same issue. There's 3 possible solutions: 1. Setting the sourcetype to something ...	sterpstra Posts	2	23 months ago...
CSV Header/Field Extraction Not Working In: SplunkAdministration (Not tagged) Thanks. That's unfortunate but not too bad in my case as we only have one sourcetype that will be using ... http://www.splunk.com/base/Documentation/4.1/Admin/Extractfieldsfromfileheadersatindextime The following ...	nmatatal Posts	3	23 months ago...
File Integrity gid=-1, uid=-1 on Windows In: SplunkAdministration (Not tagged) I'm using 4.0.9. Does anyone know how to fix this? File integrity monitoring isn't very useful if ...	nmatatal Posts	1	23 months ago...
_whitelist being ignored, indexing extra files In: SplunkAdministration (Not tagged) Yeah our regexes are pretty much the same, mine is just more verbose. Turns out the problem was a stupid ... inputs.conf: [monitor:///var/log] _whitelist=/var/log/auth$\|/var/log/cron$\|/var/log/kern$\|/var/log/lpr$\|/var/l og/maillog$\|/var/log/user$\|/var/log/local$ Somehow ...	nmatatal Posts	2	24 months ago...
Distributed Search Peering not working on remote splunk restart In: SplunkAdministration (Not tagged) "Not a splunk server" seems to be the generic error message. I'm having issues with the dist search ...	atkinsonj Posts	1	24 months ago...
Splunk is complaining about a missing index...that is there In: SplunkAdministration (Not tagged) 02-16-2010 18:49:17.060 ERROR indexProcessor - Could not find an index with name = "_audit" this event ...	nmatatal Posts	2	24 months ago...
Custom Internal/Private Indexes In: SplunkAdministration (Not tagged) Well with the default installation of Splunk 4.0.9, the following indexes are available: # All non-internal ... I guess this is somewhat of a feature request but maybe there's a workaround... We created an index ...	nmatatal Posts	4	24 months ago...
Best practice for fschange In: SplunkGeneral (Not tagged) Looks like that issue is still open...	belias21 Posts	2	25 months ago...
windows fschange fail? In: SplunkAdministration (Not tagged) Thank you, the poll interval was the issue. Also, the forward slashes worked fine :) Awesome-0 ... Simple question, why isn't my fschange data showing up? It's a windows 2k3 box, splunk 4.0.9 [fschange:C:/WINDOWS/system32] index ...	nmatatal Posts	2	25 months ago...
4.x Forwarders Compatible with 3.4.5 Server? In: SplunkAdministration (Not tagged) We will be upgrading our server this weekend and I had a little free time and was hoping to get a head ...	nmatatal Posts	3	28 months ago...
alert when a host stops logging In: SplunkSearchAndAlert (Not tagged) metadata type=hosts \| eval age = strftime("%s","now") - lastTime \| search age > 10 \| sort age d \| convert ...	jhodges Posts	4	31 months ago...
Old Versions Moved? In: SplunkAdministration (Not tagged) I used to see a link to older versions on the download page. We're still a couple versions behind, ...	nmatatal Posts	2	33 months ago...
Other Metadata Types? In: SplunkSearchAndAlert (Not tagged) Just curious.... From http://www.splunk.com/base/Documentation/3.4.9/User/GenerateData?#metadata It ...	nmatatal Posts	1	33 months ago...
Creating fields via Splunk Web Question In: SplunkGeneral (Not tagged) I tried that, but then I get a message at the top "No rules could be learned. Try providing different ... regarding http://www.splunk.com/base/Documentation/3.4/Admin/CreateFieldsViaSplunkWeb, I am a little ...	nmatatal Posts	3	34 months ago...
Admin>Applications Missing In: SplunkApplications (Not tagged) Sorry but I'm a little confused by your last post. You said "admin users can edit other searches" yet ... I do have full admin rights and we have an enterprise license. But like you say, it's a moot point. ... 3.4.5 Am I looking in the right place? I wanted to try out a few of the SplunkBase apps but I don't have ssh access to the Splunk server. ...	nmatatal Posts	7	34 months ago...
List of hosts which have not sent a message In: SplunkSearchAndAlert (Not tagged) I am using that exact search and have it setup to send alerts once a day. What do you have in the "Alert ...	l33t Posts	3	34 months ago...
Missing Hosts? In: SplunkGeneral (Not tagged) I get a different number of hosts when running two queries that should have the same output * \| stats ...	nmatatal Posts	–	36 months ago...
Health Checks on Every Host In: SplunkSearchAndAlert (Not tagged) Unfortunately, that didn't work. I removed the " -7200" expression which should have returned my list ... Hello All, I'm still very new to using Splunk, so bear with me :) I want to create an alert that ...	nmatatal Posts	2	36 months ago...

Forums: Posted by nmatatal

Description:

Permalink:

Splunk.com

Product:

Solutions:

Industries:

Partners:

About_us:

Support:

Services:

Videos

Download