Questions tagged [splunk]

Splunk is a tool for collecting, monitoring, visualizing and analyzing machine data from any source. You may receive faster responses at answers.splunk.com which is actively monitored by Splunk employees

Splunk

You may receive faster responses at community.splunk.com which is actively monitored by Splunk employees

Splunk is a tool for collecting, monitoring, and analyzing log files from servers, applications, or other sources. The primary features of Splunk include:

Collecting logs from multiple sources into a single location to allow for use without needing to access individual servers.
Parsing of logs with arbitrary formats, including free-form logs with no defined fields
Advanced querying of logs, including
- combining results from different sources
- filtering based on identified field values and pattern matching
- analyzing records using statistical and mapping functions
visualizing real-time data
the ability to create dashboards of various visualizations

The name "Splunk" comes from a rewriting of spelunking, a cave exploring hobby.

Splunk is available as both an enterprise application that runs on your servers (with a free tier) and a hosted service known as Splunk Cloud.

Useful links

2246 questions

votes

1 answer

How to initialize Splunk HTTP Event Collector via Docker Compose and use it with splunk logging driver

I'm trying to set up a local development environment with Docker Compose that bootstraps a Splunk Enterprise server and uses the splunk logging driver on an app server. Versions: Docker Engine: 18.06.1-ce Compose: 1.22.0 Compose File: 3.7 Splunk…

docker docker-compose splunk

asked Oct 13 '18 at 20:11

Shaun Scovil

3,905
5
39
58

votes

2 answers

Splunk count 2 different fields with two different group by without displaying them

I select orderids for a model in a subsearch and than select the most common materials for each orderid, so I get a list of every Material and the time it was a part of an order. I want to display the most common materials in percentage of all…

count statistics splunk

asked Aug 02 '18 at 15:22

Nils

votes

2 answers

Splunk: Trying to split multiline event at search time

2018-06-20T00:04:35.000+00:00 (980) WAL Autocheckpointing, name=C:\Program Files\PriceService\data\documents.db 2018-06-20T00:07:16.000+00:00 (980) WAL Autocheckpointing, name=C:\Program…

regex splunk splunk-query

asked Jun 20 '18 at 13:41

L-Samuels

2,712
9
34
42

votes

1 answer

How to parse JSON metrics array in Splunk

I receive JSON from API in the following format: [ { "scId": "000DD2", "sensorId": 2, "metrics": [ { "s": 5414, "dateTime": "2018-02-02T13:03:30+01:00" }, { "s": 5526, …

splunk splunk-query splunk-calculation

asked May 23 '18 at 09:14

Max Zhylochkin

votes

1 answer

How To Calculate Exact 99.9th Percentile in Splunk

Does anyone know how to exactly calculate the 99.9th percentile in Splunk? I have tried a variety of methods as below, such as exactperc (but this only takes integer percentiles) and perc (but this approximates the result heavily). base | stats…

splunk percentile splunk-query splunk-calculation

asked Jul 31 '17 at 15:58

user1763328

votes

0 answers

Splunkbase modular inputs customized UI

I've seen number of resources that described how to create customized UI for modular inputs but this customization is limited to configuration of Manager XML file (http://docs.splunk.com/Documentation/Splunk/6.6.1/AdvancedDev/ModInputsCustomizeUI).…

splunk

asked Jun 19 '17 at 18:34

user1459144

4,439
5
28
35

votes

1 answer

Getting CORS Errors with Splunk

I am trying to write data to Splunk with a jQuery script running in a browser. I already have the following in my 'inputs.conf' file: crossOriginSharingPolicy = * However, the error I'm getting is: Cross-Origin Request Blocked: The Same Origin…

javascript jquery cors splunk

asked Mar 03 '17 at 22:38

Westy

votes

1 answer

Splunk throwing HTTP 401 not authorized error when called from Java SDK in NiFi

I have multiple GetSplunk processors running using a Cron driven scheduling strategy. The Cron expression looks like '0 30 13 * * ?'. They all successfully execute the query the first time it's run. But, the next day it errors out with a 401 error…

java splunk http-status-code-401 apache-nifi

asked Jan 13 '17 at 20:58

MoDrags

votes

4 answers

How to log exception stack trace in Json object with out breaking with log4j2

Environment I have implemented log4j in my application successfully. I have used following pattern loayout: {"a":"%X{Id}","b":"%d","message":"%m","priority":"%p","Exception":"%ex"} It is logging as json format with my custom attributes. But while…

java json log4j2 splunk

asked Jan 06 '16 at 14:00

Balaji

votes

2 answers

Multiple Rex Expressions

I'm using the rex expressions below to search for the following fields in my raw data: Address Line 1 Address Line 2 Address Line 3 Address Line 4, and Postcode | rex "Address Line 1=(?[^,]*)" | rex "Address Line 2=(?[^,]*)" …

regex splunk rex

asked Jul 18 '15 at 15:23

IRHM

1,326
11
77
130

votes

1 answer

Negative regex in splunk (not using fields)

Without extracting fields, I want to search for any events that do not contain "country=$", i.e. the event must not end with "country=". I can regex it to "country=(?!$)", but that still requires country to be present in the event, which is not what…

splunk

asked Jun 22 '15 at 09:10

melladh

votes

3 answers

Splunk Query Count of Count

I want to know the count of a count of a query. The query is sourcetype="cargo_dc_shipping_log" OR sourcetype="cargo_dc_deliver_log" | stats count by X_REQUEST_ID | sort - count So you can see there are multiple rows with the value of 3. Thanks…

splunk

asked Jul 11 '14 at 14:57

Miverson

votes

5 answers

Tool for parsing SMTP logs that finds bounces

Our web application sends e-mails. We have lots of users, and we get lots of bounces. For example, user changes company and his company e-mail is no longer valid. To find bounces, I parse SMTP log file with log parser. The logs come from Microsoft…

parsing logging smtp zabbix splunk

asked Oct 15 '08 at 14:24

Željko Filipin

56,372
28
94
125

votes

1 answer

Why would CSS data-URIs be logged as 404 requests?

To reduce the number of requests across our site we are using CSS data-URIs rather than linking to external images. For some reason, these data-URIs are occasionally still being logged as a 404 request against our servers. Why would this be…

css request http-status-code-404 data-uri splunk

asked Jun 24 '13 at 15:48

Buck

2,054
2
16
19

votes

4 answers

Filtering splunk results using results of another splunk query

I want to use a query in splunk, extract a list of fields and then use these result fields to further filter my subsequent splunk query. How do I do this?

splunk

asked Mar 01 '13 at 17:31

seahorse

2,420
4
31
40

Prev 1 2 3

…

99 100 Next