The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.

Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.

Forums: Posted by rmarshall

Topics 1–16 of 16

Topic	Author	Replies	Latest Post
Splunk in VM on SAN In: SplunkAdministration (Not tagged) I am considering migration my Splunk installation to an ESX4 virtual machine with the disk image running ...	rmarshall Posts	1	25 months ago...
Getting started with Python SDK In: SplunkDev (Not tagged) Thank you for the posting. I was also able to have success after running: source $SPLUNK_HOME/bin/setSplunkEnv in ... To be more specific about what my problem is, I can't get past this error: ImportError: No module named ... How do I get started writing some custom scripts using the Python SDK? I can't seem to figure this ...	rmarshall Posts	3	35 months ago...
Alert if counter increments In: SplunkReporting (Not tagged) One more note, I need this to work for multiple result sets. In other words, I get the data from several ... I am trying to figure out how to make an alert that will trigger if a counter fed into splunk once each ...	rmarshall Posts	3	37 months ago...
Create search results in /opt/splunk/var/run/splunk using CLI search In: SplunkAdministration (Not tagged) I am trying to get Splunk to save the search results into /opt/splunk/var/run/splunk using CLI instead ...	rmarshall Posts	1	38 months ago...
Documentation on splunk.dcutils In: SplunkAdministration (Not tagged) Is this not supported? I want to customize my Splunk sendmail.py file so that I can format my emails exactly the way I want ...	rmarshall Posts	2	38 months ago...
Transactions and Summary Indexing In: SplunkAdministration (Not tagged) I am trying to use Summary Indexing to speed up my transaction searches for my reports, and I am running ...	rmarshall Posts	1	38 months ago...
Splunk Alerts - Format of the email In: SplunkAdministration (Not tagged) Hmm... Two days no response. Is this a bad question to ask? Is there a way to format the email alerts from Splunk? In other words, the email alerts are great ...	rmarshall Posts	2	39 months ago...
Extracted Fields only show top 10 - I want more In: SplunkAdministration (Not tagged) This top function provides a report that shows the top 21 items in the list. I am looking for a way ... Is there a way to make it show more than the top ten hosts in the hosts field drop down? For example, ...	rmarshall Posts	3	40 months ago...
HELP!!! - My dashboard reports are wrong... In: SplunkAdministration (Not tagged) The issue was that in Preferences I had my Max Search Results set too low and it was tuncating the data ... My dashboard reports are not reporting the same numbers as individual searches. The search is doing ...	rmarshall Posts	1	43 months ago...
transction search performance In: SplunkAdministration (Not tagged) I use transaction searches heavily to produce report data and it runs very slow. Are there any tuning ...	rmarshall Posts	1	43 months ago...
Splunk missing alerts In: SplunkAdministration (Not tagged) I have some alerts setup and Splunk is only triggering on them intermittently. Is there something I ...	rmarshall Posts	1	44 months ago...
Splunk not accepting updated reverse DNS In: SplunkAdministration (Not tagged) I appreciate the responses. Hyphy, the DNS server is working just fine. As I mentioned, I can get ... Thank you. Would you like me to open my own support incident, or can you just add me to the incident ... I really need to resolve this. I have a number of events coming into Splunk via syslog that are indexing ... I have updated the reverse DNS for some hosts because the host name was incorrect, but now Splunk does ...	rmarshall Posts	7	46 months ago...
transaction pattern match=exact In: SplunkRequest (Not tagged) I noticed that there is only one option for the match option (closest) for the transaction data processing ...	rmarshall Posts	–	46 months ago...
Transaction pattern - using astrisk - any other pattern options? In: SplunkAdministration (Not tagged) Thank you. And are there any plans to enhance the transaction command in the near future? I noticed in one of your doumentation examples for the transactiontypes.conf you specify that an astrisk ...	rmarshall Posts	3	46 months ago...
transaction aliases pattern - What are my options? In: SplunkAdministration (Not tagged) Did I say too much here and now no one want to read it? Perhaps I should just open a support ticket... Sort of. I need the ability to manipulate my pattern matching so I can narrow down my exclusion criteria ... It is a little confusing. Let me see if I can explain. I have a series of transactions I am trying ... I need to know if I can do anything fancy with the transaction alias patterns. I need to match a pattern ...	rmarshall Posts	5	47 months ago...
Transactions not grouping if not same time In: SplunkAdministration (Not tagged) I see. That did the trick. The explanation of the maxpause lead me to believe that it would exclude ... I am trying to group transactions so I can search them and I can't get them to group if they did not ...	rmarshall Posts	2	47 months ago...

Forums: Posted by rmarshall

Description:

Permalink:

Splunk.com

Product:

Solutions:

Industries:

Partners:

About_us:

Support:

Services:

Resources:

Download