Questions tagged [splunk]

Splunk is a tool for collecting, monitoring, visualizing and analyzing machine data from any source. You may receive faster responses at answers.splunk.com which is actively monitored by Splunk employees

Splunk

You may receive faster responses at community.splunk.com which is actively monitored by Splunk employees

Splunk is a tool for collecting, monitoring, and analyzing log files from servers, applications, or other sources. The primary features of Splunk include:

Collecting logs from multiple sources into a single location to allow for use without needing to access individual servers.
Parsing of logs with arbitrary formats, including free-form logs with no defined fields
Advanced querying of logs, including
- combining results from different sources
- filtering based on identified field values and pattern matching
- analyzing records using statistical and mapping functions
visualizing real-time data
the ability to create dashboards of various visualizations

The name "Splunk" comes from a rewriting of spelunking, a cave exploring hobby.

Splunk is available as both an enterprise application that runs on your servers (with a free tier) and a hosted service known as Splunk Cloud.

Useful links

2246 questions

votes

2 answers

Can you map values of a token to another value?

I was wondering if it was possible if you could change the value of a token (dropdown menu) in a query. For context: I have a dropdown menu - which has values 1,2,3. I am using these values in a search query. However, I am also using another search…

splunk splunk-query

asked Apr 29 '20 at 04:45

DoubleRainbowZ

votes

3 answers

Splunk query to get all counts including events (_raw) where match does not exist

How do I get a count of all records for a given field including a count of all records where the field does not exist. For example: Given data that generally looks something like this: {"source_host":"host1", "msg":"some message",…

splunk splunk-query

asked Apr 29 '20 at 02:03

John

3,458
4
33
54

votes

2 answers

Public read only Splunk data for testing

Is there a public instance of Splunk that can be used to test queries? I Googled "public splunk test instance" and didn't see anything there.

testing splunk

asked Apr 29 '20 at 01:33

John

3,458
4
33
54

votes

1 answer

How do I send non-cloudwatch JSON events to Splunk from Kinesis Firehose?

I'm trying to send a non-cloudwatch event to Splunk from Kinesis Firehose. I am processing the event with a Lambda and feeding it back into the Firehose in the following format (required for Firehose): { "records": [ { …

json parsing terraform splunk amazon-kinesis-firehose

asked Apr 28 '20 at 19:12

Jaylyn Stoesz

votes

1 answer

Is there a tool for Splunk like Toad that allows for multiple queries in the same editor?

I have the standard Splunk query web interface that allows the user to enter a single query at a time that looks like this: Is there a tool that allows multiple queries in the same editor that can be selected one at a time and queried so that as…

splunk splunk-query

asked Apr 28 '20 at 11:43

John

3,458
4
33
54

votes

3 answers

Splunk: How to enable Splunk SSO

I have splunk and try to enable splunk SSO instead of nornal authentiation. I have configuraitons as follows: In /opt/splunk/etc/system/local/server.conf [general] trustedIP = 192.168.1.208 serverName = Splunk_Core_02 pass4SymmKey =…

splunk

asked Apr 24 '20 at 07:51

user84592

4,750
11
55
91

votes

2 answers

How can we write the Splunk Query to find subField2 is present or not and if present get the counts of all subFiled2

{ index:"myIndex", field1: "myfield1", field2: {"subField1":"mySubField1","subField2":145,"subField3":500}, ... .. . } SPL : index:"myIndex" eval result = if(field.subField2) ..... is the dot operator works in SPL ?

splunk splunk-query

asked Apr 22 '20 at 05:07

Revt A

votes

1 answer

Enable Proxy in Jenkins for Splunk Plugin

I've installed Splunk plugin for Jenkins and I went to Jenkins configuration to update "Splunk for Jenkins Configuration". After saving the changes, I clicked test connection and got "Connection Refused" error. When I ran CURL for splunk URL with…

jenkins jenkins-plugins splunk jenkins-groovy

asked Apr 21 '20 at 21:25

VSMK

votes

1 answer

write data into splunk using Spring Boot

I am new to Splunk and working on connecting to Splunk API through Splunk SDK, Here is the sample connectivity code try { ServiceArgs args = new ServiceArgs(); args.setHost("localhost"); args.setPort(8089); …

spring spring-boot splunk splunk-sdk

asked Apr 21 '20 at 16:41

user10270958

votes

1 answer

Splunk - Convert Categorical Field with High Cardinality into Numbers

Question: I am using the default Splunk UI Search screen in which I have a search containing a field of categorical values (e.g. host names) which I would like to convert to numbers. So far, the only solution I have found is to use the eval-case…

splunk splunk-query

asked Apr 17 '20 at 20:40

user2284452

votes

2 answers

Splunk - Lookup values + static search string = output with count

I want to perform a search where I need to use a static search string + input from a csv file with usernames: Search query- index=someindex host=host*p* "STATIC_SEARCH_STRING" Value from users.csv where the list is like this- Please…

splunk splunk-query

asked Apr 17 '20 at 16:49

messi.torres28

votes

1 answer

Triple backslashes in splunk

I have log4j properties file and when I try to put logs on splunk I see triple backslashes {\\\"v\\\":\\\"1.0\\\",\\\"category\\\":\\\"APP\\\",\\\"level\\\":\\\"INFO\\\",\\\"timeStamp\\\" is that a splunk or can I modify that in log4j properties,…

log4j splunk

asked Apr 16 '20 at 09:27

Bear Bear

votes

1 answer

AWS CLI Ouput formats to SPLUNK

I'm using the AWS CLI to get some Kinesis metrics - part of that I'm able to specify the output format as one of the below: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html#cli-quick-configuration-format Output Format The…

amazon-web-services command-line-interface splunk amazon-kinesis

asked Apr 15 '20 at 20:39

Tony

8,681
7
36
55

votes

2 answers

Send logs to splunk from datapower

I have a log target which send logs to splunk from datapower. In splunk logs I am not able to see the host name from which device that log came. Is there any settings at datapower end which we can correct to display the host name in splunk.

logging splunk ibm-datapower

asked Apr 14 '20 at 14:31

Vidisha

votes

1 answer

Calculate mean deviation with Splunk

I have a list of values in Splunk. I can use this list to calcualte avg(vals) and stdev(vals). How do I calculate the mean deviation. The mean deviation is the average absolute difference between the mean and each value in the list. (Sum_x |mean-x|)…

statistics splunk splunk-calculation

asked Apr 14 '20 at 10:11

Kevin Kraft

Prev 1 2 3

…

99 100 Next