Stack Overflow
Stack Overflow

Questions tagged [splunk]

Splunk is a tool for collecting, monitoring, visualizing and analyzing machine data from any source. You may receive faster responses at answers.splunk.com which is actively monitored by Splunk employees

Splunk

You may receive faster responses at community.splunk.com which is actively monitored by Splunk employees

Splunk is a tool for collecting, monitoring, and analyzing log files from servers, applications, or other sources. The primary features of Splunk include:

  • Collecting logs from multiple sources into a single location to allow for use without needing to access individual servers.
  • Parsing of logs with arbitrary formats, including free-form logs with no defined fields
  • Advanced querying of logs, including
    • combining results from different sources
    • filtering based on identified field values and pattern matching
    • analyzing records using statistical and mapping functions
  • visualizing real-time data
  • the ability to create dashboards of various visualizations

The name "Splunk" comes from a rewriting of spelunking, a cave exploring hobby.

Splunk is available as both an enterprise application that runs on your servers (with a free tier) and a hosted service known as Splunk Cloud.

Useful links

2246 questions
3
votes
1 answer

Sending syslog messages from perl

We are sending a lot of syslog messages from our perls script using the facility code of local2. This works really well on Red Hat but on SunOS the messages don't appear to go to local2. For example, here is a minimal script #!/usr/bin/perl use…
MikeKulls
  • 873
  • 1
  • 10
  • 22
3
votes
1 answer

How do I get the full content of a Splunk search result when using the Python SDK?

I can get the results from a one_shot query, but I can't get the full content of the _raw field. import splunklib.client as client import splunklib.results as results def splunk_oneshot(search_string, **CARGS): # Run a oneshot search and…
sophe
  • 151
  • 1
  • 4
  • 11
3
votes
2 answers

How can web and error events be logged to Splunk using node.js?

I've found plenty of documentation on how to perform Splunk searches from within Node.js (thanks in chief to the Splunk javascript SDK documentation). However, that's not what I'm trying to accomplish. I am hoping to use Splunk as my…
Aejay
  • 909
  • 9
  • 19
3
votes
1 answer

regex to change time value past midnight

I've an application log whith timestamps from 01-24 (instead of 00-23), I'm trying to do a search and replace "24" with "00" eg 15.03.2012 24:59:58 - SIRENG INFO com.app.funnction.info 15.03.2012 01:01:02 - SIRENG INFO …
user1351240
  • 33
  • 2
3
votes
4 answers

How can I conditionally create splunk field aliases?

I'm trying to combine info from two different logs into a single query, but I'm not sure how, or if, I can do it. Essentially I want to do this: LOG 1:
caffein
  • 575
  • 8
  • 26
2
votes
2 answers

splunk parsing IIS logfile

I am using Splunk to parse IIS logfiles from a few servers, all the servers have same fields setup in IIS and all servers running same version of windows 2003 server. However splunk tag the sourcetype of those logfile to "iis" or "iis-2" or…
Henry
  • 384
  • 1
  • 9
  • 22
2
votes
0 answers

How to show nested structures in Splunk table

Let's say I have the following kind of event: {"title":"title1","movieStatistics":[{"country":"US","cast":[{"name":"Actor1","age":30,"languages":["English","Spanish"]},{"name":"Actor2","age":48,"languages":["English","Polish","Spanish"]}]}]} With…
Silvos90
  • 21
  • 3
2
votes
1 answer

How to use Python via AWS Lambda to send millions (large quantities of data) of events to Splunk

I am testing a Python script that pulls data from an API and sends the data to Splunk. The script is working fine, but my issue is that I will need to send millions of events daily from the API to Splunk. In my local testing, I am only able to send…
noobuntu
  • 21
  • 3
2
votes
1 answer

Extract http status code from the log result in Splunk

I am using the following Splunk query to get all the response content and their corresponding response status code. index=main env=nonprod sourcetype="*sample-service*" "response" Sample response log from the above Splunk query looks…
schanjr
  • 23
  • 4
2
votes
1 answer

Splunk Dashboard to run all enabled Correlation Searches at once

Can we create a dashboard in Splunk to run all enabled correlation searches in a specified timeframe at once? Due to a license issue no alerts were generated for the enabled correlation searches for a certain timeframe. We want to avoid running…
Naunidh gulati
  • 21
  • 1
2
votes
1 answer

regex all occurences of a string after Symbol =

I try to match all occurences of a string after the specific symbol = and a whitespace the regex i build is: (?<=\=\s).* my Data look like this: $User = h03425 $test = some longer string in here $input = 1243452 What i match with this regex is…
Trippin
  • 73
  • 1
  • 8
2
votes
0 answers

Why does Splunk Search ignore one of the fields in the query? (such log entries are known to exist)

{"level":"error","app":"my-app","component":"my-component","message":"my-message"} I have plenty of log messages like this one above. In order to select such events in Splunk Search, I use the query below (the names have been changed but the idea…
Don Draper
  • 463
  • 7
  • 21
2
votes
0 answers

Not Receiving Logs From Splunk Forwarder or Syslog-ng what could be the issue

I have Splunk setup, and it establishes connection with syslog and splunk universal forwarder from a remote server: I have syslog-ng setup as follows: You can see the connections established This is the inputs.conf for the splunk universal…
tks.tman
  • 414
  • 6
  • 16
2
votes
1 answer

Regex to capture group name on first line, then the corresponding value on the next?

I'm after a regex that will enable me to capture the name of the mailbox within the first line, then the corresponding value as a 'count' group after the carriage return. The below is a sample, there are roughly 14 mail addresses in…
Bart
  • 23
  • 2
2
votes
2 answers

In Splunk, Need to Pull Data from Nested JSON Array in an Array

I have some data that is an array inside an array. If it makes it easier, there will only ever be the one nested array inside of StopData. { "Name": "ExceptionLogs", "Id": "Id1", "StopData": [ [ { "level": "ERROR", …
stricq
  • 798
  • 6
  • 18
1 2 3
99 100