The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.

Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.

Forums: Posted by rataide

Topics 1–19 of 19

Topic	Author	Replies	Latest Post
fail to set up MySQLdb In: SplunkGeneral (Not tagged) Try {{./splunk cmd python setup.py build}} from http://answers.splunk.com/questions/8/can-i-add-pyt...	dianbo Posts	7	24 months ago...
Splunk for squid In: SplunkApplications (Not tagged) Thank you, Rachel & Alex! Hi, Field extractions are availble with: {{props.conf}} [squid] TIME_FORMAT = %3N MAX_TIMESTAMP_LOOKAHEAD ...	susanto_andi81 Posts	4	24 months ago...
Transforms.conf SOURCE_KEY In: SplunkApplications (Not tagged) Hi Kanga, The purpose is just to rename the auto-extracted fields to a Common Information Model compliant ...	kangwnl Posts	2	35 months ago...
Is there a way to Reverse DNS IP addresses from my FW syslog? In: SplunkAdministration (Not tagged) Hi Matt, There are 2 search scripts in Splunkbase to perform this task - http://www.splunkbase.com/search/?s=dns There's ...	mgraci Posts	2	35 months ago...
What are savedsearches.conf-local for In: SplunkApplications (Not tagged) It's option #4, you need to copy/move it to etc/apps/appname/local/savedsearches.conf and customize ...	rm90495 Posts	2	35 months ago...
Regular expression In: SplunkGeneral (Not tagged) You can try REGEX = User Name: ([^ ]*) This will capture anything but spaces following the "User ...	l33t Posts	2	36 months ago...
Extract each fields from Windows Snare syslog In: SplunkApplications (Not tagged) Have you tried Splunk for Snare - http://www.splunkbase.com/apps/All/Technologies/app:Splunk+for+Snare ...	l33t Posts	2	36 months ago...
Data Rotation and Data files In: SplunkGeneral (Not tagged) Hi, 1. Yes, it does. 2. It's own proprietary data store. 3. No. 4. Yes, it does. Details can be ...	djwellsy Posts	1	37 months ago...
Call Perl script under window In: SplunkApplications (Not tagged) Hi, I don't think [script:perl ....] is an acceptable syntax. You need to revert to [script://$SPLUNK_HOME\bin\scripts\pro.pl] Now, ...	katalinali Posts	1	37 months ago...
Splunk for UNIX Installation Procedure In: SplunkApplications (Not tagged) Hi Dave, By default most Apps will not enable inputs since these are left to the end-user to decide ...	Niborex Posts	2	37 months ago...
Embeded Website In: SplunkDev (Not tagged) Also there's already a PHP SDK available at http://code.google.com/p/splunk-php-sdk/	jrgochan Posts	5	37 months ago...
Sorting and filtering series data In: SplunkReporting (Not tagged) Another option would be: index=sampledata deny \| chart count(src) by src, dst_port \| addtotals \| ...	tycho Posts	3	37 months ago...
Splunk running on CentOS - How do I monitor Windows machines In: SplunkApplications (Not tagged) Hi, Windows event collection is only supported from Windows machines, you can continue to index and ...	edstrasser Posts	1	37 months ago...
How to add a not eventtype clause in a transaction pattern In: SplunkGeneral (Not tagged) Hi wcdtest2, It might be useful if you report your issue to support, please feel free to refer to ... I've created a sample set and did some tests and I now see what you are saying. In both pattern=A, ... Wouldn't "..... \| transaction .... pattern=A, B*, C \| search NOT eventtype=B" solve your issue?	wcdtest2 Posts	6	37 months ago...
extracting a snare field In: SplunkAdministration (Not tagged) Hi Sonicsai, For educational purpose, I'll point out all your issues (I hope) but I should note that ...	sonicsai Posts	1	37 months ago...
SPLUNK for IIS logs In: SplunkAdministration (Not tagged) I don't think WMI will work for the IIS logs, you will need to install a forwarder on your IIS server. ...	bsweeney1977 Posts	3	37 months ago...
Replace IDs in logs from lookup table In: SplunkAdministration (Not tagged) Another option would be to try to extract a new field that only contains the value you need in the search ...	JacobSingh Posts	6	37 months ago...
Splunk Licenses In: SplunkAdministration (Not tagged) That's the one, I would copy it over instead of renaming just to guarantee that you keep a backup copy ...	RobertRi Posts	5	37 months ago...
translating IP to country code from logs In: SplunkGeneral (Not tagged) Yes, that was a typo, my apologies! You can try: source="/my/webserver/access_log" \| status count by clientip \| sort -count \| head 30 ... There's one included by default in Splunk just pipe your search to "iplocation" (e.g. sourcetype=foo ...	jsutch00 Posts	9	37 months ago...

Forums: Posted by rataide

Description:

Permalink:

Splunk.com

Product:

Solutions:

Industries:

Partners:

About_us:

Support:

Services:

Videos

Download