Questions tagged [splunk]

Splunk is a tool for collecting, monitoring, visualizing and analyzing machine data from any source. You may receive faster responses at answers.splunk.com which is actively monitored by Splunk employees

Splunk

You may receive faster responses at community.splunk.com which is actively monitored by Splunk employees

Splunk is a tool for collecting, monitoring, and analyzing log files from servers, applications, or other sources. The primary features of Splunk include:

Collecting logs from multiple sources into a single location to allow for use without needing to access individual servers.
Parsing of logs with arbitrary formats, including free-form logs with no defined fields
Advanced querying of logs, including
- combining results from different sources
- filtering based on identified field values and pattern matching
- analyzing records using statistical and mapping functions
visualizing real-time data
the ability to create dashboards of various visualizations

The name "Splunk" comes from a rewriting of spelunking, a cave exploring hobby.

Splunk is available as both an enterprise application that runs on your servers (with a free tier) and a hosted service known as Splunk Cloud.

Useful links

2246 questions

votes

1 answer

Apache with kerberos + mod_proxy + mod_rewrite recursion

I've configured an Apache server to provide SSO and reverse-proxying for our Splunk installation as per the config below. SSO works as does the reverse-proxy hiding the Splunk instance running on port 8000 behind the /splunk URL. ProxyPass /splunk…

asked Jun 15 '12 at 13:00

Mark S

votes

1 answer

pexpect - run script.sh over ssh

I'm having trouble programmatically running a local script over ssh. I'm unsure if this is a problem with the shell variable substitution on the local host. When manually running, ssh monit@server1 'bash -s' <…

shell ssh pexpect splunk

asked Apr 18 '12 at 10:25

Joao Figueiredo

3,120
3
31
40

votes

2 answers

What do the summary index 'psrsvd' fields stand for?

Summary indexing in Splunk produces a lot of psrsvd_* fields. What do they stand for? I presume they're acronyms or abbreviations. Here are some examples when averaging the number of bytes returned per client IP, as logged by apache (ie sistats…

splunk

asked Nov 29 '11 at 16:05

Simon Chiang

votes

1 answer

Query to loop through data in splunk

I've below lines in my log: ...useremail=abc@fdsf.com id=1234 .... ...useremail=pqr@fdsf.com id=4565 .... ...useremail=xyz@fdsf.com id=5773 .... Capture all those userids for the period from -1d@d to @d For each user, search from beginning of…

splunk

asked Sep 24 '11 at 01:25

Mike

7,606
25
65
82

votes

1 answer

Splunk monthly interval time chart

I'm trying to create a timechart at intervals of one moth however the below code produces the sum of the entire month, I want the value on the 1st of each month,please let me know any solutions to get value as on 2022-10-01 …

sql charts splunk splunk-calculation

asked Oct 10 '22 at 14:27

Ann

votes

1 answer

No fluent-plugin-splunk-hec plugin found while using splunk/fluentd-hec Docker image

I'm looking for a Docker image of Fluentd with fluent-plugin-splunk-hec plugin to send data to Splunk. I found that some time ago Fluentd provided such an image, but it's discontinued for some/no reason. Fluentd official documentation points at the…

docker splunk fluentd splunk-hec fluent-plugin-splunk-hec

asked Aug 08 '22 at 19:22

Serhii Rohoza

4,287
2
16
29

votes

2 answers

Splunk Cloud HEC endpoint address do not resolve

I have just created a Splunk Cloud trial account. I can access perfectly to console with an URL in the form https://prd-p-naaaa.splunkcloud.com where naaaa is a digit and 4 letters. I have configured an HEC token following the instructions here But…

splunk splunk-hec

asked Jul 30 '22 at 09:21

Sourcerer

1,891
1
19
32

votes

0 answers

AWS Organization integration with both Splunk Cloud and Splunk Enterprise On-prem

my customer is migrating part of its on-prem infrastructure to AWS. They need to integrate AWS organization monitoring and alerting with their existing Splunk solution, they have a Splunk Cloud (directly managed by Splunk on AWS) and a Splunk…

amazon-web-services splunk

asked Jul 05 '22 at 12:23

Someone94

votes

1 answer

How to get the number of "unique" request with splunk

We are currently looking for a way to find the number of "unique" request for a given event type with splunk. Like the number of user that hit a 404, but i don't care if a user hit it twice or 10 times, I just want the number of user that had that…

logging splunk

asked Aug 17 '11 at 14:19

Chris

1,080
20
44

votes

2 answers

Splunk : How to figure out replication Factor

If this sound silly to you I apologise in advance, I am new to splunk and did udemy course but can't figure out this. If I check my indexes.conf file in cluster master I get repFator=0 # # By default none of the indexes are replicated. # repFactor =…

splunk splunk-query splunk-dashboard

asked Dec 02 '21 at 08:03

ankit singh

votes

2 answers

Splunk: Return One or True from a search, use that result in another search

In Splunk, I am looking for logs that say "started with profile: [profile name]" and retrieve the profile name from found events. Then I want to use the profile name to look for other events (from a different source) and if one error or more are…

splunk

asked Oct 25 '21 at 11:32

Niek Jonkman

1,014
2
13
31

votes

1 answer

splunk sort events by size column in the log event

Using below query to get the list of all messages having "large partition" keyword. index="*-mycass-db" "large partition" Gets me tons of below events, want to find events in the descending order of the size of the table (100.803MiB in this…

splunk

asked Sep 23 '21 at 03:42

nmakb

1,069
1
17
35

votes

1 answer

Regex - replacing part of a matched group possible?

Is it possible to replace half or x characters of a matched group? I have had a request for a partial email capturing, so something like example123@abcdef.com becomes ***mple123@***def.com I can do this if the characters before and after the @ are 3…

sed splunk

asked Sep 13 '21 at 05:34

banktomato

votes

0 answers

SplunkHttp Appender Error: ERROR Error processing element SplunkHttp ([Appenders: null]): CLASS_NOT_FOUND

Suddenly from 31/May/2021- we are getting this error ERROR Error processing element SplunkHttp ([Appenders: null]): CLASS_NOT_FOUND We are using log4j2 configuration file for sending logs to Splunk. Full file below: Intentionally hiding host,…

java splunk mulesoft appender

asked Jun 10 '21 at 02:22

user3069970

votes

1 answer

AKS log format changed

we recently updated our AKS cluster from 1.17.x to 1.19.x and recognised that the format of our custom application logs in /var/lib/docker/containers changed. Before the update it looked like this: Afterwards it looks like this: I can find some…

azure kubernetes azure-aks splunk

asked Feb 16 '21 at 16:08

sschoebinger

Prev 1 2 3

…

99 100 Next