Questions tagged [splunk]

Splunk is a tool for collecting, monitoring, and analyzing log files from servers, applications, or other sources.

The primary features of Splunk include:

Collecting logs from multiple sources into a single location to allow for use without needing to access individual servers.
Parsing of logs with arbitrary formats, including free-form logs with no defined fields
Advanced querying of logs, including
- combining results from different sources
- filtering based on identified field values and pattern matching
- analyzing records using statistical and mapping functions

The name "Splunk" comes from a rewriting of spelunking, a cave exploring hobby.

Splunk is available as both an enterprise application that runs on your servers (with a free tier) and a host service known as Splunk Storm.

Useful links

73 questions

votes

1 answer

Qmail - replacing multilog with splogger

I currently manage a qmail installation, set up on Centos using the qmailrocks guide (which seems to have vanished from the Internet now). So - daemontools, multilog, vpopmail, qmail. I've been asked to set up a Splunk server for analysing the logs…

asked May 13 '11 at 10:35

om3rta

votes

1 answer

Installing Splunk on Godaddy server

Does anyone know if it is possible to install Splunk on a Godaddy server? I've downloaded the deb file on my server using wget (and obviously I have ssh access) but I'm struggling to install it as apparently -bash: dpkg: command not found I guess…

linux installation godaddy splunk

asked Mar 25 '11 at 16:59

ingh.am

votes

2 answers

Detect port scanning using splunk

i have setup a log server with splunk running on it. i pinged one of the clients using backtrack....Does this also genrate log which is sent the log server?????? I wanted to detect port scanning ...on any clients ..How to do it??? The client is…

syslog splunk

asked Feb 08 '11 at 17:59

Vinod

votes

1 answer

ASA5520 stops sending to splunk syslog

I have an ASA5520 that is set up to send logs to a splunk syslog server. the setup works for a while, usually around 24 hours or so, but then stops until either the logging is reconfigured (twiddling the ports) or the ASA is restarted. what should…

syslog cisco-asa splunk

asked Dec 07 '10 at 14:31

Devnull

votes

2 answers

syslog or splunk forwarding over the internet

I have a web application that is split over a couple of sites in the US and the UK. When we have issues I would like to be able to view the collated error logs from the 2 sites. So I was thinking about doing this 1)setting up a splunk server at each…

linux syslog splunk

asked Aug 20 '10 at 14:33

Tom

11,176
5
41
63

votes

0 answers

Does splunk require K8S clusters to have unique POD IP Ranges

I am setting up a number of kubernetes clusters in my organisation. We are using SPLUNK for monitoring. I have been told that we will need to reserve unique POD and service CDIR's for each cluster because SPLUNK requires it. This seems strange to me…

kubernetes splunk

asked Nov 24 '22 at 08:17

PrestonDocks

votes

0 answers

How to feed IBM MQ logs into Splunk?

Our Java-program talks to IBM MQ using IBM-provided com.ibm.mq.allclient JAR. As documented by IBM, log-messages generated from within the JAR are written out into mqjms.log in the current directory. The above link explains, how the location --…

logging java splunk ibm-mq

asked Nov 17 '21 at 03:45

Mikhail T.

2,338
1
24
55

votes

1 answer

How to configure SSL certificates for Splunk on port 8089?

I want to configure a certificate for Splunk so that I could make API requests to it on port 8089. Currently the following command fails because Splunk's default certificate is used, and the default certificate doesn't work for the hostname…

ssl-certificate splunk

asked Sep 16 '20 at 11:55

user3207874

votes

1 answer

How to non-interactively add a Splunk forwarder?

I wish to create a script for setting up forwarding to a splunk server. Here's what I have so far: ./splunk add forward-server SPLUNK-IP-ADDRESS:SPLUNK-PORT However, it asks for my credentials. How can I non-interactively pass credentials to splunk…

splunk

asked Sep 09 '20 at 07:36

user3207874

votes

1 answer

HAProxy 503 Service Unavailable No servers avalible to handle this request

Hey I seem to have issues with HAProxy but can't seem to find the root of the problem. Setup: 1 Load Balancer 3 Servers (Splunk Search Heads) Both Load Balancer and the 3 servers are only accessible through https and all have different SSL certs.…

ssl haproxy rhel7 splunk

asked Jul 29 '20 at 21:37

HAProxy Help

-1

votes

1 answer

Filtering out strings in Splunk

I have the below query. index=myindex sourcetype="application:access:log" host=myservers* FullURL="*/ABC" It works. However, I'd like the output to show all URLs with ABC within them, I just don't want results with ABCD to show in them. Any idea…

splunk

asked Jan 15 '20 at 05:29

Govno

-1

votes

1 answer

splunk syslogs Forwarder set up not working and paused data flow

I have set up the Universal Forwarder locally in my machine using this guide https://splunk.paloaltonetworks.com/universal-forwarder.html /opt/splunkforwarder/etc/system/local/inputs.conf [monitor:///var/log/udp514.log] sourcetype = pan:log disabled…

linux port port-forwarding syslog splunk

asked Feb 22 '23 at 12:19

asasa178

-2

votes

1 answer

Splunk Universal Forwarder on Windows : how many logs to forward?

Splunk Universal Forwarded Windows Server 2019 When configuring the forwarder, a large variety of logs can be forwarded : Application Logs Security Log System Log Forwarded Events Log Setup Log In addition, Performance Monitor can be logged : CPU…

windows logging splunk

asked Nov 17 '22 at 03:05

BaltoStar

Prev 1 2 3 4