The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Forums: Posted by seanng
| Topic | Author | Replies | Latest Post |
|---|---|---|---|
|
F5 asm log
In: SplunkAdministration
(Not tagged)
Hi,
Can someone tell me which version of f5 asm has been used for the 'SPlunk for f5' example?
http://www.splunk.com/base/Apps:Splunk_for_F5?ac=F5_Download
The ...
|
–
|
38 months ago... | |
|
Rest API call for saved search
In: SplunkDev
(Not tagged)
Hi,
How do I call a saved search using the API? What is the syntax to use?
Currently my search ...
|
–
|
39 months ago... | |
|
No export function for forms search?
In: SplunkAdministration
(Not tagged)
We are using form search in our implementation. However, there is no export function in SplunkWeb for ...
|
1
|
40 months ago... | |
|
Restoring archived data crashes splunkd
In: SplunkAdministration
(Not tagged)
Hi,
I was following the following steps to restore archived data:
http://www.splunk.com/base/Documentation/3.3.1/Admin/RestoreArchivedData
cp ...
|
–
|
40 months ago... | |
|
Replace IDs in logs from lookup table
In: SplunkAdministration
(Not tagged)
I am trying to modify your script to lookup URL string, such as https://www.abc.com/aaa/xyz.html
The ...
Hi araitz, I had a look at your script. Do I need to install it as a Splunk application or just copy ... |
6
|
41 months ago... | |
|
Excluding time in date format
In: SplunkAdministration
(Not tagged)
gkanapathy, it works well. Cheers.
Hi, I would like to only have the date YYYYMMDD ONLY in my search result, without the time . I am ... |
3
|
41 months ago... | |
|
Exporting search results in Standard datetime format
In: SplunkGeneral
(Not tagged)
Not sure if anyone has asked this but could not find the answer. The csv/txt output of my search result ...
|
1
|
41 months ago... | |
|
Issues with timezones and TIME_FORMAT
In: SplunkGeneral
(Not tagged)
How did this fix nclarke issue, which Splunk thought that EST in the log was American EST zone but in ...
|
12
|
41 months ago... | |
|
Log rotation
In: SplunkAdministration
(Not tagged)
Thanks. Implemented the blacklist and works fine.
I have a question regarding log rotation. Our web server generates a log file message.log. We have a ... |
2
|
41 months ago... | |
|
Make index=summary searchable by non-admin
In: SplunkAdministration
(Not tagged)
Thanks araitz. What do you suggest as a workaround? I need to have the search filter below defined for ...
You are right. I got the following error. "index specified multiple times, using only index" Searching ... Looks like the issue might be on the line: srchFilter = sourcetype="access.log";sourcetype="agent.log" I ... Hi Araitz, There was no error. It returns 0 result and a message: "Your search was restricted by ... Hi, Can you please let me know which parameter do I need to change in authorise.conf to allow non-admins ... |
9
|
41 months ago... | |
|
Limit on monitored directories or files?
In: SplunkAdministration
(Not tagged)
Hi,
Is there a limit of the files/directories that Splunk will be able to monitor?
I left Splunk ...
|
1
|
42 months ago... | |
|
PDF report
In: SplunkRequest
(Not tagged)
Hi,
I heard in the next major release report can be exported to PDF version?
Thanks.
|
1
|
45 months ago... | |
|
Size of Sourcetypes
In: SplunkAdministration
(Not tagged)
Thanks for the reply.
Hi, How do I check the size (in MB) of a particular sourcetype? For example, I need to know how much ... |
2
|
45 months ago... | |
|
Indexing stopped
In: SplunkAdministration
(Not tagged)
The files does not have the same header but they are in XML format. No specific error message about ...
There are 855484 files in the directory. Total file size is 847M. input.conf: [monitor:///home/prod_logs/host04/audit] disabled = false host = splunk01 sourcetype ... Hi, I have setup Splunk to monitor a directory to log files. But for some reason Splunk stop reading ... |
7
|
46 months ago... | |
|
Lightweight Forwarder and Index server on the same host?
In: SplunkAdministration
(Not tagged)
Hi araitz. There is a note in the link above.
"Note: You must set up this configuration on the FORWARDING ...
Thanks! Just to confirm whatever junk data filtered out before the indexing does not add towards the ... Hi, I am planning for Splunk deployment and we only budgeted for 1 host. I am hoping to use a ... |
6
|
46 months ago... | |
|
Table format report
In: SplunkAdministration
(Not tagged)
Thanks araitz. That's exactly what I was looking for.
Hi, I would like to generate a simple tabular format report, with no chart. timechart is not the ... |
2
|
46 months ago... | |
|
Restricting user access to indexed files and Dashboard
In: SplunkAdministration
(Not tagged)
Thanks it works!
Hi, I am creating a group with minimal access to splunk. The user can only view defined save search ... |
2
|
46 months ago... | |
|
CPU performance tuning
In: SplunkAdministration
(Not tagged)
Splunk is almost unusable now with debug turned on. It hasnt crashed yet but there are lots of SplitCompression ...
Sure, will do. Thanks There are a few crash logs in the directory. This is one of them. [build 38914] Received fatal signal ... Yes it does should like Splunk was still indexing the data. I can see the events growing over time. ... Yes, they are all gzip compressed files > ls -IR /opt/splunk/var/lib/splunk/defaultdb/db CreationTime ... This is on Linux 32bit. Hi, I have 4 CPUs on my splunk server and having a performance issue. Splunk is constantly using ... |
11
|
46 months ago... | |
|
Configure European date format in literals.conf
In: SplunkAdministration
(Not tagged)
Thanks for the prompt reply kbains. It appears to be recognising the date format now after clearing ...
I actually made the configuration changes after I have indexed all my logs. I believe during indexing ... //# ////////////////////////////////////////////////////////////////////////////// //# UI/Appserver ... //# ////////////////////////////////////////////////////////////////////////////// /# UI/Appserver ... Hi, Here is the UI stanza # ////////////////////////////////////////////////////////////////////////////// # ... Hi, I wanted to change the Date format to (DD/MM/YYYY:HH:MM:SS) I have made the following changes ... |
6
|
46 months ago... | |
|
Unexpected SplunkWeb error: 'Extra content at the end of the document'
In: SplunkGeneral
(Not tagged)
- transforms.conf
[ABC_for_sourcetype_request.log-U234_1]
REGEX = (?i)([a-z]+.[a-z]+.[a-z]+.[a-z]+)
FORMAT ...
When I try to extract fields using Splunk Web, this is what I get: Unexpected SplunkWeb error: 'Extra ... |
3
|
47 months ago... |