Questions tagged [splunk]

Splunk is a tool for collecting, monitoring, visualizing and analyzing machine data from any source. You may receive faster responses at answers.splunk.com which is actively monitored by Splunk employees

Splunk

You may receive faster responses at community.splunk.com which is actively monitored by Splunk employees

Splunk is a tool for collecting, monitoring, and analyzing log files from servers, applications, or other sources. The primary features of Splunk include:

Collecting logs from multiple sources into a single location to allow for use without needing to access individual servers.
Parsing of logs with arbitrary formats, including free-form logs with no defined fields
Advanced querying of logs, including
- combining results from different sources
- filtering based on identified field values and pattern matching
- analyzing records using statistical and mapping functions
visualizing real-time data
the ability to create dashboards of various visualizations

The name "Splunk" comes from a rewriting of spelunking, a cave exploring hobby.

Splunk is available as both an enterprise application that runs on your servers (with a free tier) and a hosted service known as Splunk Cloud.

Useful links

2246 questions

votes

2 answers

How to search a given time range for every day in Splunk?

I am trying to search for an event that happens in a specific time range in Splunk but I want that search to encompass all of the data I have indexed which covers a wide date range. For example, I want to see if a line in an indexed log file…

splunk

asked Jun 16 '15 at 15:34

Marek

votes

3 answers

How can I efficiently sample a long time span in Splunk?

I would like to run a Splunk query over a long period of time (e.g., months or years), but I am searching enough data that I am only able to search over hours or days of data. However, for the question I want to answer in Splunk, I would be…

performance search time random splunk

asked Apr 03 '14 at 22:28

Arel

1,339
17
22

votes

3 answers

Splunk Database

I understand that Splunk does not need a lot of functionality that a MySQL database would provide, and to index and perform searches on Big Data it might not be a good option to use a relational database. Does Splunk use Lucene as a search engine,…

lucene splunk

asked Jan 07 '14 at 11:28

Sambhav Sharma

5,741
9
53
95

votes

6 answers

Need to extract and re-format with RegEx

I'm using Splunk to parse some logs that have our "hub" and "comp" IDs embedded in them, down in the body of the message. I need to use a field extraction RegEx to pull them out in the form: HHHH-CCCC where the data appears like this: Hub:[HHHH]…

regex splunk

asked Dec 04 '13 at 22:21

Chris Thornton

15,620
5
37
62

votes

4 answers

Monitoring Amazon S3 logs with Splunk?

We have a large extended network of users that we track using badges. The total traffic is in the neighborhood of 60 Million impressions a month. We are currently considering switching from a fairly slow, database-based logging solution…

amazon-s3 amazon-web-services splunk access-log

asked May 03 '12 at 02:41

Wandering Digital

1,788
2
21
27

votes

0 answers

How do I convince Splunk that a backslash inside a CSV field is not an escape character?

I have the following row in a CSV file that I am ingesting into a Splunk index: "field1","field2","field3\","field4" Excel and the default Python CSV reader both correctly parse that as 4 separate fields. Splunk does not. It seems to be treating…

csv splunk

asked Jul 18 '22 at 19:51

chmod_007

votes

1 answer

Reading .evt/.evtx files directly

Hello does anybody know how to read .evt /.evtx which are Windows Event log files to read not using provided api's , I want to read them using FILE I/O apis in C/C++. Or how to convert those files into .txt , I know splunk does this but not sure how…

c++ windows event-log splunk

asked Aug 19 '11 at 06:55

Avinash

12,851
32
116
186

votes

1 answer

splunk admin password

How do I reset splunk admin password? I guess I need access to the file system that Splunk is running on in order to modify the password file. It does not use database so do I need to change a file/ variable?

splunk

asked Aug 17 '11 at 05:06

shantanuo

31,689
78
245
403

votes

3 answers

Regex to pull last 2 segments from FQDN

Working on trying to figure out some regex to pull out the last 2 segments of an FQDN. ^.*\shostname=[\w-]+\.(?P[^\t]+) This RegEx works and takes out the first segment of an FQDN. www.aaa.bbb.someurl.net --> aaa.bbb.someurl.net But… I only…

regex splunk

asked Jul 20 '21 at 20:37

Ben

votes

1 answer

Splunk base search on dashboard and post processing the results

I have a dashboard that is using a base search, along with 4 other panels that reference this and format the results differently depending on the chart I want to use. When I run the base query by itself, it returns the data as expected. Base…

splunk splunk-query splunk-formula

asked Sep 16 '20 at 21:14

SBB

8,560
30
108
223

votes

3 answers

Get Specified element in array of json - SPLUNK

I im newbie in splunk. I have this json: "request": { "headers": [ { "name": "x-real-ip", "value": "10.31.68.186" }, { "name": "x-forwarded-for", "value": "10.31.68.186" …

javascript json analytics splunk

asked May 06 '20 at 21:50

Igor Eulálio

votes

3 answers

Failed to mount Splunk config On Kubernetes - ERROR: Couldn't read "/opt/splunk/etc/splunk-launch.conf

I'm using this Splunk image on Kubernetes (testing locally with minikube). After applying the code below I'm facing the following error: ERROR: Couldn't read "/opt/splunk/etc/splunk-launch.conf" -- maybe $SPLUNK_HOME or $SPLUNK_ETC is set…

docker kubernetes splunk

asked Aug 13 '19 at 21:58

Rot-man

18,045
12
118
124

votes

1 answer

How to use/do where in column of a lookup in Splunk Search Query

I want the search with a field which match with any of the values in look up table. For now, I have used below where in query. But, I still want to query with Look up table instead of manually putting all those values in double quotes using the…

where-clause lookup splunk splunk-query in-operator

asked Jun 17 '19 at 07:41

omkar sirra

votes

0 answers

How to send data from splunk's Heavy Forwarder to kafka?

I'm looking for the best way of sending data from Splunk to Kafka. The only way I found so far, is to set up a "middle" server, which receives data from the HF and acts like a producer for the Kafka. The middle server Requires maintenance, so I'm…

apache-kafka splunk

asked Apr 09 '19 at 21:45

Emily Lipkin

votes

1 answer

How can I log from my python application to splunk, if I use celery as my task scheduler?

I have a python script running on a server, that should get executed once a day by the celery scheduler. I want to send my logs directly from the script to splunk. I am trying to use this splunk_handler library. If I run the splunk_handler without…

python logging celery splunk

asked Jan 11 '19 at 09:59

sidi7

Prev 1 2

…

99 100 Next