Questions tagged [splunk]

Splunk is a tool for collecting, monitoring, visualizing and analyzing machine data from any source. You may receive faster responses at answers.splunk.com which is actively monitored by Splunk employees

Splunk

You may receive faster responses at community.splunk.com which is actively monitored by Splunk employees

Splunk is a tool for collecting, monitoring, and analyzing log files from servers, applications, or other sources. The primary features of Splunk include:

Collecting logs from multiple sources into a single location to allow for use without needing to access individual servers.
Parsing of logs with arbitrary formats, including free-form logs with no defined fields
Advanced querying of logs, including
- combining results from different sources
- filtering based on identified field values and pattern matching
- analyzing records using statistical and mapping functions
visualizing real-time data
the ability to create dashboards of various visualizations

The name "Splunk" comes from a rewriting of spelunking, a cave exploring hobby.

Splunk is available as both an enterprise application that runs on your servers (with a free tier) and a hosted service known as Splunk Cloud.

Useful links

2246 questions

votes

1 answer

Splunk alert scheduling to stop running script on particular times

I have two splunk scripts one to Run at 30 minutes and another one at 120 minutes between 00.00 to 06.00. Now I would like to hold 30 minutes script not to run between this timeframe. How to do this one from splunk.

asked May 13 '20 at 12:26

Do what you want vikky

votes

1 answer

Regex XML with group name and including tags

I have a XML that looks like this Executing request: POST https://[website]: [data] Id like to regex out everything, including the request open and closing tags and name the group…

regex xml splunk

asked May 13 '20 at 02:28

trever

votes

1 answer

How to trigger spunk alert for every stat that appears on my query

I currently have a query that results in a couple stats being shown, "Statistics (5)" I use this query to get those Stats: index=ms-app environment=prod AND "*" | eval uri=replace(mvindex(split('request.uri', "?"), 0), "\/\d+[-+\w]+", "/:n"),…

triggers splunk alerts splunk-query splunk-sum

asked May 12 '20 at 18:51

monkey123

votes

1 answer

How to Splunk search for transaction types that have a median latency above 3 seconds

I have a table that shows latency data, now i want to write a query for an alert that will alert when requests (method + uri) have a higher median than 3000ms (3s) The query i use for that latency table is: index=ms-app environment=prod AND "*" |…

splunk latency splunk-query splunk-calculation splunk-formula

asked May 11 '20 at 21:52

monkey123

votes

2 answers

Splunk Dashboard Security

I am from splunk Team, we are noticing that people who are not the part of splunk team , they are doing changes in existing dashboard , without notifying us .. how can we fix this? can we do something like get notification once any changes done on…

splunk splunk-query splunk-sdk splunk-calculation splunk-formula

asked May 07 '20 at 13:13

Supriya Sharma

votes

1 answer

How to build Splunk search query?

I am new to Splunk. Hence, i would require some support to build search query. Below is how my log prints: [181] xxxx-xx-xx xx:xx:xx INFO (lots of text)RITM1234::FAILED BECAUSE ROOT CAUSE::Ticket was an Add, but there was no valid account named…

splunk splunk-query

asked May 07 '20 at 12:41

Jagan

votes

1 answer

Search in Splunk in a lookup table with multivalue fields

I have a lookup table that looks like below: So I have a Splunk query that generates a table with IP addresses and I want to automatically populate the relevant DNS names. I use the following but it does not work: Index=servers signature_id=4624 |…

splunk

asked May 06 '20 at 12:45

Vpasch

votes

1 answer

Splunk logs in dashboard

I need to make splunk dashboards with Ubuntu system logs (mainly logging and system modifying). How could I get those logs and what can I convert them into a dashboard?

logging splunk

asked May 05 '20 at 17:41

Char

votes

1 answer

how to send json data to splunk HEC or splunk enterprise

I need to send JSON data from Jenkins pipeline to Splunk. I am able to make JSON data. I am referring How do I send JSON files to Splunk Enterprise from JAVA? this link. I am getting an error when line no. 5 : httppost.setEntity(new…

java groovy splunk

asked May 04 '20 at 15:54

saurabh gangrade

votes

0 answers

Splunk - RSS Scripted Input

I have downloaded RSS Scripted Input app from Splunk and extracted it to Splunk etc apps Can you please help me fixing the "NameError: name 'administrator' is not defined" in Splunkd log? The base_url has been defined, username and password are…

splunk rss-reader

asked May 04 '20 at 15:38

Vasu Parvatham

votes

1 answer

Splunk: search a string, if found only then look for another log with same request-id

I want to find a string (driving factor) and if found, only then look for another string with same x-request-id and extract some details out of it. x-request-id=12345 "InterestingField=7850373" [this one is subset of very specific…

splunk splunk-query

asked May 04 '20 at 08:12

Hari Bisht

votes

1 answer

Production grade methodology for alerts

Background Our code is written with: Unit tests End to end tests Code review Staging process Deployment process On the contrary, our alerts are just written and then modified occasionally manually. No quality process at all. This process is…

alert splunk

asked May 04 '20 at 06:26

Michael

3,206
5
26
44

votes

1 answer

Splunk indexer running in docker container overwrites inputs.conf on docker restart

I am trying to 'upgrade' Splunk from 7.2.5 to 8.0.3. Splunk is running on a RHEL7 VM in a docker container from Splunk. (We not actually upgrading Splunk, we are moving to a new container on a new VM.) Through automation, we had modified our…

splunk

asked Apr 30 '20 at 17:18

John Elion

1,323
1
16
30

votes

1 answer

Splunk Role Validation for dashboard creation

Which capability i should add/delete from any role if i don't want to give access to create dashboard to that role say splunk_user .. Below capability doesn't help Splunk_user => edit_per_panel_filters kindly suggest..

splunk splunk-query

asked Apr 29 '20 at 12:18

Supriya Sharma

votes

1 answer

Adding custom column / field into splunk result

i am new to splunk and i am trying thing out on my own. This might be an elementary question to most of you , but please be patient in trying to help me out. | inputlookup "Wsp.csv" | eval Outage = if(PublisherStatus = "Active", "1","0") | eval…

splunk spl

asked Apr 29 '20 at 09:35

sumanth shetty

1,851
5
24
57

Prev 1 2 3

…

99 100 Next