The dojo of Splunk. Learn, share, teach, mentor.

Welcome to
splunkninja

Sign Up
or Sign In

Or sign in with:

Videos

Stuff Splunkers Should Know (1) - PerfMon / WMI Collection in Splunk 4.2

Added by Michael Wilde
Splunk + SCOM - Troubleshooting .NET at Lightspeed!

Added by Michael Wilde

Splunk Ninja - Basic Training: Splunk & LDAP Authentication

Added by Michael Wilde

Latest Activity

Michael Wilde replied to Nikita's discussion Count failures and success via transaction

"How are these transactions linked together... by a field called "ID"? If so.. just build them with the field ID, and then use one of the MV commands to extract a field with success or failure in it. Paste some samples and…"

17 hours ago

Linus Myrefelt updated their profile

Tuesday

Marie updated their profile

Monday

Marie is now a member of splunkninja

Monday

Welcome Them!

Jitter and matthew arguin joined splunkninja

May 18

Matthew Carter and Nikita joined splunkninja

May 17

Nikita posted a discussion

Count failures and success via transaction

Hi,I'm a new in Splunk so sorry for the stupid questions.I want to calculate failures in logs.For example we have request log and response log."request" OR ("fail" OR "response") |transaction startsWith=("request") endsWith=("fail" OR "response") maxpause=5s keepevicted=false maxspan=25s id |eval Failure=if(searchmatch("fail"),1,0)| eval Success=if(searchmatch("response"),1,0) | stats count(Failure) as FailureCount, count(Success) as SuccessCount | table FailureCount SuccessCountThat query…See More

May 17

1 Comment

Andrea Judy is now a member of splunkninja

May 16

Welcome Them!

SplunkLightForwarder + script inputs

Hello, is it possible to configure splunklightforwarder to forward cpu utilisation? I've added the lines from the unix app to the splunklightfowarder and nothing's happening.

Is there anything else that should be done to monitor local resources like cpu, mem, network... through splunklightforwarder?

Thanks.

▶ Reply to This

Replies to This Discussion

Permalink Reply by Michael Wilde on January 27, 2010 at 1:55pm

Put the UNIX app on both the indexer and the forwarder and it should work. Question, is there an "index=os" on your Indexer.. run that search and tell me if there are any events there.

▶ Reply

Permalink Reply by Ziad on January 27, 2010 at 5:31pm

I only enabled the app and it worked! the script checks had the index=os in the beginning. Tried it with both on or off and they didn't work. Right now i'm on a light forwarder with unix enabled. I can get everything on the master splunk server with no probs.

Thanks alot!

▶ Reply

Permalink Reply by Michael Wilde on January 27, 2010 at 7:59pm

Splunk (we) -- disclosure -- I work there -- We need to make that app stuff better and more understandable. "where everything's supposed to go", "more app setups, so you can configure them more". Better management of deployment of apps.

Glad you're good to go!.

Now.. ask me some hard questions ;)

Videos

Stuff Splunkers Should Know (1) - PerfMon / WMI Collection in Splunk 4.2

Splunk + SCOM - Troubleshooting .NET at Lightspeed!

Splunk Ninja - Basic Training: Splunk & LDAP Authentication

Top Content

Count failures and success via transaction

Latest Activity

Count failures and success via transaction

SplunkLightForwarder + script inputs

Replies to This Discussion