Stack Overflow
Stack Overflow

Questions tagged [splunk]

Splunk is a tool for collecting, monitoring, visualizing and analyzing machine data from any source. You may receive faster responses at answers.splunk.com which is actively monitored by Splunk employees

Splunk

You may receive faster responses at community.splunk.com which is actively monitored by Splunk employees

Splunk is a tool for collecting, monitoring, and analyzing log files from servers, applications, or other sources. The primary features of Splunk include:

  • Collecting logs from multiple sources into a single location to allow for use without needing to access individual servers.
  • Parsing of logs with arbitrary formats, including free-form logs with no defined fields
  • Advanced querying of logs, including
    • combining results from different sources
    • filtering based on identified field values and pattern matching
    • analyzing records using statistical and mapping functions
  • visualizing real-time data
  • the ability to create dashboards of various visualizations

The name "Splunk" comes from a rewriting of spelunking, a cave exploring hobby.

Splunk is available as both an enterprise application that runs on your servers (with a free tier) and a hosted service known as Splunk Cloud.

Useful links

2246 questions
3
votes
1 answer

Splunk: List indexes and sources to which one has access

Using this search command | eventcount summarize=false | dedup index | fields index I get a list of all indexes I have access to in Splunk. Is it also possible to get another column besides this within which the source for the index is visible…
Tobitor
  • 1,388
  • 1
  • 23
  • 58
3
votes
1 answer

Log messages in Splunk are shown as ASCII numbers

Our Spring Boot applications run inside Docker containers. We log using e.g. log4j2. When I use in my Spring Boot application the Spring log4j2.xml configuration file (see below) then log statements are readable (as plain text) in the Docker logs.…
tm1701
  • 7,307
  • 17
  • 79
  • 168
3
votes
1 answer

How to extract a value from fields when using stats()

Query: index = test | stats values(*) as * by ip_addr, location | where location="USA" | fields timestamp, user, ip, location, message Result: +--------------------------------------------------------------------+ | timestamp | user | ip …
ThomasWest
  • 485
  • 1
  • 7
  • 21
3
votes
1 answer

How to histogram a numeric variable?

I want to produce a simple histogram of a numeric variable X. I'm having trouble finding a clear example. Since it's important that the histogram be meaningful more than beautiful, I would prefer to specify the bin-size rather than letting the tool…
Brent Bradburn
  • 51,587
  • 17
  • 154
  • 173
3
votes
0 answers

Configure log4j' HTTP appender to accept self-signed certificate

I am trying to send logs to Splunk Cloud' HTTP Event Collector using Log4J' HTTP Appender. However, it seems Splunk uses a self-signed certificate on their HTTP Event Collector, thus causing SSL Validation errors when Log4J tries to connect to…
Gauthier
  • 538
  • 6
  • 12
3
votes
2 answers

Use sub-second precision on "earliest" in Splunk query

I have a Splunk search string. If I add earliest=10/05/2020:23:59:58, the search string still works. However, if I changed that to earliest=10/05/2020:23:59:58:01, I got an error message say invalid value "10/05/2020:23:59:58:01" for time term…
Jie
  • 1,107
  • 1
  • 14
  • 18
3
votes
1 answer

Splunk queries: filter by _meta fields

Context I have a bunch of application servers I would like monitor using Splunk. Servers on every environment run the same applications. Looking for a way to tag this information in order to easily disentangle stage servers from prod server in my…
zar3bski
  • 2,773
  • 7
  • 25
  • 58
3
votes
2 answers

Splunk spath vs plain search performance

Assuming that I have json logs formatted like { level: INFO, logger: com.mantkowicz.test.TestLogger, message: Just a simple test log message } what is the difference between such two searches: A) ... | message = "Just a simple test log…
m.antkowicz
  • 13,268
  • 18
  • 37
3
votes
1 answer

Splunk: Unable to get the correct min and max values

I'm a newbie as far as Splunk is concerned with modest regex skills. We have events with the following patterns: fallbackAPIStatus={api1=133:...,…
maverick2701
  • 31
  • 2
3
votes
2 answers

How to read Spring Boot application log files into Splunk?

I am looking to send log data from the application to Splunk. I came to know that there is nothing to do with spring, it's just Splunk needs some configurations to read Application's Logs files. I want to know how we can make Splunk read…
MAHIE
  • 167
  • 1
  • 3
  • 11
3
votes
1 answer

How to download the raw log files from splunk

Where I work they just switched to splunk, but I just need the raw log file so I can work with it in notepad++ for debugging. So my question is can I get the raw log file from splunk, I don't need any of the "features" of splunk I just need the raw…
mpop
  • 499
  • 11
  • 21
3
votes
1 answer

How do I install Splunklib for Python 3.7 on Windows?

Splunklib for Python 3.7 fails to install on my Windows machine. Since pycrypto was not ported to Python 3, I've uninstalled it and installed pycrypodome as replacement. Unfortunately, when trying to install splunklib, pip still tries to install…
Chris Chris
  • 352
  • 3
  • 10
3
votes
2 answers

Assign a value to the variable in Splunk and use that value in the search

I have a use-case where I want to set the value to a variable based on the condition and use that variable in the search command. Example:- I want to check the condition if account_no=818 then var1="vpc-06b" else var1="*" I tried…
YouBee
  • 1,981
  • 1
  • 15
  • 16
3
votes
2 answers

Splunk extracted field in dashboard

I am sending some data to splunk which looks like: "Start|timestamp:1552607877702|type:counter|metricName:cache|count:34488378|End" And then extracting the fields using a regex: search "attrs.name"="service" | regex (Start)(.*)(End) | extract…
CaptainHastings
  • 1,557
  • 1
  • 15
  • 32
3
votes
2 answers

Stats Count Splunk Query

I wonder whether someone can help me please. I'd made the following post about Splunk query I'm trying to write: https://answers.splunk.com/answers/724223/in-a-table-powered-by-a-stats-count-search-can-you.html I received some great help, but…
IRHM
  • 1,326
  • 11
  • 77
  • 130
1 2 3
99 100