Videos

  • Add Videos
  • View All

Top Content 

1 Count failures and success via transaction

Count failures and success via transaction

Latest Activity

Profile IconWilliam S and Please... Dee Esssss :-) joined splunkninja
1 hour ago
Amine Recoba is now a member of splunkninja
yesterday
Welcome Them!
Michael Wilde replied to Nikita's discussion Count failures and success via transaction
"How are these transactions linked together... by a field called "ID"?  If so.. just build them with the field ID, and then use one of the MV commands to extract a field with success or failure in it.   Paste some samples and…"
Friday
Linus Myrefelt updated their profile
May 22
Marie updated their profile
May 21
Marie is now a member of splunkninja
May 21
Welcome Them!
Profile IconJitter and matthew arguin joined splunkninja
May 18
Profile IconMatthew Carter and Nikita joined splunkninja
May 17
Andi Susanto
  • Jakarta
  • Indonesia
Share on Facebook Share on Facebook Share Twitter

Andi Susanto's Discussions

Correlation between different source that have different value key
1 Reply

Hi,I have difficulties on using search to correlate these two events from two different sourcetype.For example (this is not a real production events, but I will use to describe my minds)First event…Continue

Tags: correlation

Started this discussion. Last reply by Michael Wilde Nov 2, 2011.

Splunk read the Domino NSF file log
1 Reply

Hi,Can someone share about how to integrate Splunk with Domino?I need Splunk to reach the message log in domino format ( .NSF ) in realtime method; i mean, no manual activity, like manually…Continue

Started this discussion. Last reply by Michael Wilde Feb 10, 2010.

Splunk as NMS

Hi all,Do you have Splunk app that modified as NMS? User can monitor network activity by Splunk. For Monitoring network trafic, like ManageEngine OpManager or Net-flowThanks for sharingContinue

Started Feb 9, 2010

Splunk for Squid

Hi All,Do you have :Splunk for Squid ; for monitoring all proxy activity (top user, top website, etc)Please be kind to share with me :) ThanksContinue

Started Feb 9, 2010

 

Andi Susanto's Page

Gifts Received

Gift

Andi Susanto has not received any gifts yet

Give Andi Susanto a Gift

Latest Activity

Michael Wilde replied to Andi Susanto's discussion Correlation between different source that have different value key
"Andi..    How do you know user 00001 is in fact, "joe".. do you have a list somewhere.  If you do, you can use a lookup to map userid to a username.  You might create a "users.csv" file and upload it in…"
Nov 2, 2011
Andi Susanto posted a discussion

Correlation between different source that have different value key

Hi,I have difficulties on using search to correlate these two events from two different sourcetype.For example (this is not a real production events, but I will use to describe my minds)First event get from ssl vpn log:Sourcetype=vpn user_id=00001 action=allow login_time=10-10-2011 11:22:05 logout_time=12-10-2011 src_ip=222.232.10.11Second event get from data center access door log:Sourcetype=door user=joe action=allow access_time=10-oct-2011 11:23:00 logout_time=10-oct-2011 14:55:20 For this…See More
Oct 25, 2011
1 Comment
Andi Susanto replied to Agus Budi Harto's discussion Splunk Monitoring not Working
"I have same problem too.... maybe about time problem. anybody can help?"
Jul 9, 2010
Andi Susanto replied to Andi Susanto's discussion Splunk with SCOM
"I use SCOM R2. I think about using script to mining data from SCOM database (MSSQL Server) and get the specific table that SCOM use to record the log or data about servers it manage, but not to sure if this can done, since i don't know exactly…"
Mar 3, 2010
Kung FuSchnickens replied to Andi Susanto's discussion Splunk with SCOM
"I don't know customers who are pulling SCOM alert data into Splunk specifically, but I am familiar with other customers writing a file as an output which is then ingested by SCOM as one way. This won't persist alert data however. A second…"
Mar 3, 2010
Michael Wilde replied to Andi Susanto's discussion HDD full issue for indexing
"Mirroring the database while its being written to wouldn't make sense, however you can have events cloned to backup Splunk server at index time. That has worked for three years."
Feb 10, 2010
Michael Wilde replied to Andi Susanto's discussion Splunk read the Domino NSF file log
"Andi.. Since an NSF file is a binary database, what you might consider doing is taking the console log and sending it to a text file: Enable the Console Log via notes.ini (CONSOLE_LOG_ENABLED=1) or from the server console (start consolelog). You…"
Feb 10, 2010
Andi Susanto posted discussions
Feb 10, 2010
Andi Susanto replied to Andi Susanto's discussion HDD full issue for indexing
"Oh, i see...it clear now...but i think mirroring will be a good feature too in Splunk :) thanks."
Feb 8, 2010
Michael Wilde replied to Andi Susanto's discussion HDD full issue for indexing
"No. In that case, you might want to consider using a forwarder using splunk's AutoLB (auto load balancing), to send to randomly available Splunk servers and use distributed search (a Licensed feature)"
Feb 8, 2010
Andi Susanto replied to Andi Susanto's discussion Splunk with SCOM
"Any answer for this topic?"
Feb 8, 2010
Andi Susanto replied to Andi Susanto's discussion HDD full issue for indexing
"Hi, thanks for responses for number 1 question, can Splunk set to "automatically" index data to another place when the default storage full? example, in normal condition, Splunk sets to index at C:\Program Files\Splunk\Database\mydb ;…"
Feb 8, 2010
Michael Wilde replied to Andi Susanto's discussion HDD full issue for indexing
"1. A single Splunk index sits in a directory path. If you wanted to move Splunk's entire data store (All indexes), to a different Hard drive. Stop Splunk. Move the $SPLUNK_HOME/var/lib/splunk directory to another location. Edit the…"
Feb 7, 2010
Andi Susanto replied to Andi Susanto's discussion HDD full issue for indexing
"Thanks for your explanation... but i have one more question :) 1. when the HDD full, Splunk will stop indexing; How to tell Splunk to index data to another place (for example, to other PC in network or maybe to another HDD partition) ?. 2. if i…"
Feb 7, 2010
Michael Wilde replied to Andi Susanto's discussion HDD full issue for indexing
"Retention Policy in splunk can be set on a per index basis, determined by the age of the data, or the size of the index (or i believe a combination of both). Most users store their data in the default index, known as "main" To change the…"
Feb 7, 2010
Andi Susanto posted a discussion

HDD full issue for indexing

Hi,I wanna ask about indexing.For Example, if I have 10 GB HDD, and have Splunk 500 MB license; I set the max free space for Splunk to stop indexing when the free space of HDD is 2 GB (2000 MB) -- set from Manager - System Settings.  If one day, the free HDD space is 2GB, Splunk will pause to index.For my scenario,Let say the administrator never monitor the space for unknown reasons... :)How about the new data? they may not indexed by Splunk and return to device, and because the device has…See More
Feb 4, 2010
7 Comments

Profile Information

Are you an existing splunk user?
Free
What do you do for your day job?
System Engineer

Comment Wall

  • No comments yet!

You need to be a member of splunkninja to add comments!

Join splunkninja

 
 
 

© 2012   Created by Michael Wilde.

Badges  |  Report an Issue  |  Terms of Service