(1)
Your rating: Now say why...
- Download Now
58.4 MB -
Visit Developer's Site
Splunk
Splunk Server indexes logs from ANY source (apache, OS X, sendmail, routers). No need to configure it for specific formats, write regular expressions or change your logging output.
Search mountains of data by time, keywords, type of event, source, host or relationships to other events. Note: Splunk is server software. You configure and use the software via a web browser.
Search mountains of data by time, keywords, type of event, source, host or relationships to other events. Note: Splunk is server software. You configure and use the software via a web browser.
What's New
Version 4.2.3:
Resolved security issues
Splunk version 4.2.3 addresses two vulnerabilities:
- Splunkd Remote Denial of Service Vulnerability (SPL-40645)
- SplunkWeb Reflected Cross-Site Scripting Vulnerability (SPL-40804)
For additional details, refer to this page in the Splunk Security Portal.
Resolved issues- Error message "Search results might be incomplete!" when using distributed search and searching against peers running major versions (4.1, 4.2, etc) . (SPL-41819)
- End-of-stream error for distributed real-time search that includes a summary index residing on the search head only. (SPL-41438)
- When searching in real-time, events backfilled in the event viewer are in the wrong order. (SPL-40724)
- The file system change monitor (fschange) hash does not work on binary files. All binary files have hash="YvZ8N4q5I5IBpf2sX4GLULPN48YUu9rPH998/FmA/wI=". (SPL-40706)
- SingleValue module text dissapears after several minutes when the modules are driven by a real-time saved search. (SPL-40424)
- Lowering the value of
homePath.maxDataSizeMBin indexes.conf will usually freeze more buckets than is correct. (SPL-40220) - Splunk Web running on an HP-UX system can be slow or time out. (SPL-40167,SPL-40167)
- If a search contains tags that don't exist and is piped to another search, Splunk acts as though you searched for *. (SPL-40024)
- Sporadic error message "Reading error while waiting for peer WMA-PC. Search results might be incomplete" when using distributed search. (SPL-36872, SPL-39991)
- To introduce a new Mako layout template, you must place it in
$SPLUNK_HOME/share/splunk/search_mrsparkle/templates/view/, which makes it very difficult or impossible to package templates with apps. (SPL-34615) (Starting in 4.2.3, an app renders templates out of/appserver/templates.) - Crash on shutdown in indexerPipe thread on SunOS. (SPL-41384)
- High memory footprint for universal forwarder on HPUX. (SPL-39100, SPL-41113)
- When an app using an auto-refreshed HiddenSavedSearch module that runs a real-time search resides on a search head in one timezone but Splunk Web is in use in a significantly different timezone, the last refreshed time seems to go backwards in time. (SPL-41089)
- Saved search or email alert embedded link for viewing search results, return 403: Authorization Failed for non admin users despite the user's permissions to manually run the saved search or view the results (SPL-41061, SPL-40451, SPL-39002)
- The misc_text source type should be removed from the inputs page in Splunk Web (but is still available if specified explicitly). (SPL-40881)
- Sometimes when a search returns no events, it erroneously displays the "Waiting for data..." message instead of the "No matching events found" message. (SPL-40778)
- Memory leak resulting in a crash when lookup content being replicated is too large. (SPL-40757, SPL-40647)
- Hosts that are not part of any server class (by use of whitelist) are incorrectly displayed up in the server class status in Manager. (SPL-40731)
- Show source search process can use up to 99% of CPU and keep it for long periods of time, (SPL-40426)
- An archived file cannot be re-indexed even if you clean the index first. (SPL-40264)
- Dynamic lookup tables are generated as gzipped csv files when the output was requested as plain csv, resulting in errors because the path to the file that Splunk uses assumes a plain csv file. (SPL-40222)
- Error messages about "end-of-stream" and DistributedBundleReplicationManager on Windows instances. (SPL-40210)
- Scheduled search crashing with fatal signal 11 in dispatch thread. (SPL-40672, SPL-40036)
- Slow indexing performance for syslog data containing a large number (100K+) of different hostname values. (SPL-40006)
- Search crash with fatal signal 6 in dispatch thread. (SPL-39924)
- Upgrade of the *Nix app from 4.1.x fails with permission errors. (SPL-39876)
- The
SoftWrapmodule does not work with theShowSourcemodule - The link from the saved searches and reports to the alert manager page takes you to an empty page. (SPL-39804, SPL-38023, SPL-39523)
- When installing a universal forwarder on a Windows machine, the expected attributes for the WinEventLog stanza(s), as defined in the Windows app, are missing from inputs.conf. This can cause confusion as to whether or not the universal forwarder is properly monitoring event logs. (SPL-39592).
- Splunk Web fails to start after upgrade when you are using self-signed certificates. (SPL-38027)
- When using Splunk Web to add (or edit) a scripted input with an interval of 0 or -1, the following error is received in the message bar reads: " Encountered the following error while trying to save: In handler 'script': Parameter interval: Must be a positive integer." (SPL-37569)
- Running
splunk clean eventdataorsplunk clean alldoesn't remove the fsck check token, which results in mislearing error messages on startup about needing recovery. (SPL-37472) - Need update on Win32, AIX, HPUX for Russian DST rule change in 2012. (SPL-37324)
- ja_bridge.js error when loading dashboard pages via Internet Explorer. (SPL-36977)
- Specifying the number of events to show in a simple xml dashboard does not work. (SPL-32968)
- Results using the
perc*andmedianfunctions for stats/chart/timechart are off by 1 rank. For any dataset larger than a few hundred values, the error is negliable or non-existent (because the value at rank N and at rank N+1 are very likely to be the same or very close to being the same) (SPL-40331).
Requirements
PPC / Intel, Mac OS X 10.5 or later
PPC / Intel, Mac OS X 10.5 or later
Be the first to recommend a similar software title.
Splunk User Discussion (Write a Review)
Overall:
(2)
(2)
-
-
-
Splunk Server indexes logs from ANY source (apache, OS X, sendmail, routers). No need to configure it for specific formats, write regular expressions or change your logging output.
Search mountains of data by time, keywords, type of event, source, host or relationships to other events. Note: Splunk is server software. You configure and use the software via a web browser.
Search mountains of data by time, keywords, type of event, source, host or relationships to other events. Note: Splunk is server software. You configure and use the software via a web browser.
Copyright © 2012 MacUpdate LLC
- -
+2
+40
+17
Lylehm reviewed on 06 Jul 2010
A couple of points here based on previous reviews:
- Every report and graph I've generated so far, I've done in Safari 4 through 5 with no problems at all. Even so, if Splunk is what you need, you'll use whatever browser works.
- Uninstall instructions were located by clicking the 'help' link at the upper right of the Splunk web interface. A search of the online docs produced this:
http://www.splunk.com/base/Documentation/4.1.3/Installation/InstallonMacOS#Uninstall_Splunk
Installation was very simple. Within minutes, the syslog data from my Firewall was streaming into the Splunk server. I wanted to use the default syslog port. Splunk's documentation provided the necessary extra steps to allow use of the lower port numbers (launch splunk with sudo).
Anyone with a database mindset can easily craft a report and quickly locate and graph the desired log data. The interface offers several clues along the way as you work - very intuitive.
Anyone can install Splunk for free and try it out. After a period of time, you lose some of the enterprise features and Splunk switches to the free version which you can use indefinitely.
Bottom line, if you have syslog data to manage, you should try Splunk. There's nothing to lose, and so very much to gain. There's even an excellent online community that doesn't exclude free version users.
-2
+38
Macmend reviewed on 27 Apr 2009
Python based by the look of it and really for the geek user. I have spent a long time demythologising IT, I hate geek style stuff, packed with geek speak and terminal stuff when a simple gui would do.
It only works in firefox
If only spiceworks worked on mac
+16
+1
+406
-7
-25
Safari sucks. There are no plugins for it and you have no control over it.
FireFox can do just about anything.
It's a plus that it doesn't work with Safari!
Maybe it will help new users that don't know any better to discover FireFox.
+6
+406
+1
-28
You know you can use both...right?
/Mikael
+28
+1
+20
-3
-28
Splunk's mac customers is probably less than %1. Look at what they do and there reference customers. How many of those do you think run Mac OS X server...I would say very very few....
/Mikael
+20
-1
+20
-2
-28
/Mikael
+20
-1
-28
The browser and the web apps is nothing but the "emperors new clothes" for an old block mode terminal. Only in the last couple years have AJAX technology spiced it up a bit but the principles are still the same. Text strings back and forth over a stateless transport protocol (http).
/Mikael
+20
-1
-28
Now, go get yourself a job....
/Mikael
+20
+3
+28
I think what you are missing is that if Splunk were written in a standards-compliant way, it would work with Safari. I don't know of any deficiencies of Safari that would keep it from working with the kind of behavior we are looking for from Splunk. As I mentioned, I tend to use a lot of different browsers, and I use the one that I think will work best for a particular purpose. I do tend to use FireFox for web development because of the plugins that expand capabilities in that regard, but Safari is a fine browser, and many people will feel that it is the only one they need. If Splunk will not run with Safari, it is a valid comment to say that it is therefore a non-starter. Splunk may run fine on Linux and Windows, and on the Mac with FireFox, but this is MacUpdate, and the Mac users here have a legitimate concern if it doesn't function with the default Mac browser - the one with which, presumably, they are downloading Splunk. Telling people that they are silly for their software choices is a uniquely unhelpful means of persuasion.
+1
+406
-3
-28
I didn't say anyone was silly because of what software they were using. Then I would be silly too since Safari is my default browser...did you READ my comment? I thought the line of arguments was silly...
Why Splunk doesn't work with Safari is probably because it's heavy usage of AJAX technology and frankly, there aren't enough demand. It's simple, no development org have unlimited resources so you prioritize and if there isn't a business case...why waste resources? If/when enough of Splunks customers complain and they lose deals...there will be Safari support, I'm sure.
/Mikael
+1
+35