Questions tagged [splunk]

Splunk is a tool for collecting, monitoring, visualizing and analyzing machine data from any source. You may receive faster responses at answers.splunk.com which is actively monitored by Splunk employees

Splunk

You may receive faster responses at community.splunk.com which is actively monitored by Splunk employees

Splunk is a tool for collecting, monitoring, and analyzing log files from servers, applications, or other sources. The primary features of Splunk include:

Collecting logs from multiple sources into a single location to allow for use without needing to access individual servers.
Parsing of logs with arbitrary formats, including free-form logs with no defined fields
Advanced querying of logs, including
- combining results from different sources
- filtering based on identified field values and pattern matching
- analyzing records using statistical and mapping functions
visualizing real-time data
the ability to create dashboards of various visualizations

The name "Splunk" comes from a rewriting of spelunking, a cave exploring hobby.

Splunk is available as both an enterprise application that runs on your servers (with a free tier) and a hosted service known as Splunk Cloud.

Useful links

2246 questions

votes

1 answer

Creating Splunk universal forwarder using Alpine base image

I am trying to create a Splunk universal forwarder image using the alpine:3.8 base image. FROM alpine:3.8 ENV SPLUNK_PRODUCT universalforwarder ENV SPLUNK_VERSION 6.3.1 ENV SPLUNK_BUILD f3e41e4b37b2 ENV SPLUNK_FILENAME…

splunk

asked Nov 14 '18 at 19:30

Vikas Rathore

8,242
8
35
54

votes

3 answers

How to forward application logs to Splunk from docker container?

We're interested in forwarding the logs from a node.js server running in a Docker container to Splunk. Some options we've considered include a side-car container running a Splunk forwarder. The side-car would write to a shared volume that the…

asked Nov 13 '18 at 19:07

Allyl Isocyanate

13,306
17
79
130

votes

1 answer

Extracting 5 fields from logfile containing a string in Splunk

Below is a sample log file data: 08/22/2018 02:50:06.380 EDT-0400 2 TCP/IP Controller Plugin.Transmitter pool thread .CybTargetHandlerChannel.call[:695] - Message has been sent: 20180822 02500636+0400 C7STA PLINUX03…

regex splunk regex-group

asked Aug 22 '18 at 13:27

user292033

votes

3 answers

Forwarding logs from kubernetes to splunk

I'm pretty much new to Kubernetes and don't have hands-on experience on it. My team is facing issue regarding the log format pushed by kubernetes to splunk. Application is pushing log to stdout in this format {"logname" : "app-log", "level" :…

kubernetes splunk

asked Jun 01 '18 at 09:01

tomalex

1,233
6
17
40

votes

0 answers

Splunk rest curl query fails to execute on the successive attempts with the session key authorization

First attempt creates the splunk SID, but fails on the successive attempts to create search id. Same issue occurs while polling/consuming the search after SID creation on its successive attempts. Can anybody point out helping the missing part? Curl…

curl splunk splunk-query splunk-sdk

asked Mar 27 '18 at 16:59

sathish

votes

1 answer

How to make Splunk query case sensitive

How do I make my query case sensitive. Say I want my search results for "Case Sensitive" and not "CASE sensitive" or "CASE SENSITIVE" This is what I'm using which isn't helping. index=foo_foo sourcetype=foo "Is my query CASE(Case Sensitive)" I've…

splunk splunk-query

asked Dec 13 '17 at 18:14

RIP SunMicrosystem

votes

1 answer

How do I set up Splunk to receive logging from Serilog/.Net?

I've tried to write a c# program that logs to splunk via serilog logger. I've tried to set up splunk to listen for the logging. All running on my local machine. My guess would be that I have not configured Splunk correctly. Log.Logger =…

splunk serilog

asked Nov 02 '17 at 08:43

Anders Juul

2,407
3
34
56

votes

1 answer

Checking Splunk logs for one string but not others

In Splunk I want to search for any exceptions EXCEPT concurrent timeout exceptions. Concurrent timeout exceptions appear in the logs as either "java.util.concurrent.TimeoutException" OR "concurrent timeout exception". If I perform a query…

splunk splunk-query

asked Oct 30 '17 at 21:40

SuperCow

1,523
7
20
32

votes

1 answer

Date in NLog file name and limit the number of log files

I'd like to achieve the following behaviour with NLog for rolling files: 1. prevent renaming or moving the file when starting a new file, and 2. limit the total number or size of old log files to avoid capacity issues over time The first…

archive nlog splunk

asked Oct 27 '17 at 15:00

Tamás Somogyi

votes

1 answer

Comparing search results from two separate searches

I am a new to using Splunk and wanted to get some help in combining two search results and organizing it so that it displays matching information from the two searches. So what I am doing a search for is something like the following. (I had to edit…

comparison splunk

asked Jul 06 '17 at 03:06

7H3LaughingMan

votes

1 answer

Java Splunk Best Logging Format

I am trying to implement some logging in my application and have been reading online on best practices. Splunk recommends using key value pairs but that can look ugly. Is it better to have logs based on columns or key value pairs? Column based…

java logging splunk

asked May 04 '17 at 15:13

Richard

5,840
36
123
208

votes

0 answers

Send handled exception logs to Google Play Console

In my Android app, I'm handling some exceptions so as not to crash the app on runtime, and to allow the user to have some (limited) functionality of the app. However, I want to be able to view the logs of any handled exceptions on the apps of my…

android google-analytics splunk

asked May 01 '17 at 21:34

Farbod Salamat-Zadeh

19,687
20
75
125

votes

1 answer

Query json data using Splunk

We have compressed data in json format at azure storage (tables and blobs) I want to ETL the data to relational DB in order to have the option to run sql queries on the data I have an utility which decompresses the data to json files, I did it via…

sql-server json excel ssis splunk

asked Mar 19 '17 at 13:17

Yael Rozentaler

votes

1 answer

documentation of splunk "ifnull" function?

We're using the ifnull function in one of our Splunk queries (yes, ifnull not isnull), and I wanted to look up the logic just to be sure, but I can't find it documented anywhere. It is referenced in a few spots: SPL data types and…

splunk

asked Feb 24 '17 at 18:41

mac

2,672
4
31
43

votes

1 answer

Trying to log to Splunk using logback appender

I'm trying to log to splunk directly in my Java application using the logback appender for splunk. Nothing seems to be going to splunk, but when I manually issue a post command in a REST client i'm seeing my data in splunk. I wasn't able to get the…

java logback splunk

asked Nov 22 '16 at 22:24

Catfish

18,876
54
209
353

Prev 1 2 3

…

99 100 Next