Deployment Architecture

Discussions

Thread Info

splunk won't restart, causes exception.windowserror

I am trying to use splunk to pull event logs from computers on the domain and archive them. I installed it on one mac...

by Explorer in

What is the best way to retrieve data from a remote site Splunk index?

I will have two Splunk Servers, one called Central and the other Remote. Remote will have a 1 week retention and be u...

by Explorer in

Can splunk delete remote event logs?

I am using splunk to pull the event log data off several machines on a domain and archive them on a single server. Is...

by Explorer in

random() function not working

I'm trying to pull a random item from a set of splunk data, so to test I have set up this simple search: index="_i...

by Motivator in

switching ext3 for xfs

All other things being equal, would we see any performance gains with Splunk if we switch our file system from ext3 t...

by Communicator in

Light Forwarder Data Loss Recovery

Hi, In our environment we have configured the Splunk Light Forwarder to monitor a log file and forward raw data fo...

by New Member in

Set sourcetype by source with props.conf not working

I'm using a lightweight forwarder installed on Ubuntu to forward snort alerts to my main splunk server. On the mai...

by Explorer in

What does "Failed to create result provider for remote peer " mean?

I've got a distributed search setup (standalone search head and an indexer) that has been working like a champ for aw...

by Splunk Employee in

Create new buckets at a defined interval

I would like to know if there is a way to create new buckets at a defined interval, say a 5 minutes interval? I ha...

by Splunk Employee in

DNS Name and not IP for TCPOUT in outputs.conf

Can I use an DNS name and not the ip address of the server in the TCPOUT stanza in outputs.conf? Exaple: [tcpou...

by Builder in

Extract timestamp from CSV in UNIX time

Greetings! I'm still super new to splunk, so please be gentle  I am trying to extract a timestamp from CSV records. ...

by Builder in

Search Head Summary Page Missing Data

We recently deployed a dedicated search head (as it is not indexing any data) in our environment with a single index ...

by Path Finder in

"not a splunk server" status for (previously) functioning splunk server

2 Splunk 4.1.3 indexers, 1 4.1.3 search head. The search head is connected to the 2 indexers over a T1 that can get b...

by Influencer in

How to enable UDP input for splunk LWF?

Apparently enabling LWF turns off udp input. What are the step steps to enable it?

by Path Finder in

commandline method to test Splunk over UDP?

There must be an easy way to fire a single message over UDP to a splunk forwarder/server. "logger" nearly does it. I ...

by Communicator in

metrics.log filling up filesystem on LWF

We have a LWF on Linux that is forwarding to our indexer. We're a little tight on space, but in my experience the LWF...

by Builder in

Is it possible to migrate data from 3.3.4 Sparc to 4.1.4 Linux?

I would like to migrate my indexed data from Splunk 3.3.4 on a Sparc Solaris 10 platform to Splunk 4.1.4 on a Linux (...

by Communicator in

Splunk on AWS EC2

Hi, We're working with Splunk on Amazon's EC2 service (Ubuntu). At the moment we're working off a standard inst...

by Explorer in

expected behavior of lsof for *nix

I recently made a stab at porting the lsof *nix app to AIX. I realize this is an unsupported configuration, but we AI...

by Builder in

Splunk Search Head and Fields

I have a configuration on a splunk indexer including search time fields extractions (using a DELIMS/FIELDS config in ...

by Path Finder in

Get Updates on the Splunk Community!

Deployment Architecture

Discussions

splunk won't restart, causes exception.windowserror

What is the best way to retrieve data from a remote site Splunk index?

Can splunk delete remote event logs?

random() function not working

switching ext3 for xfs

Light Forwarder Data Loss Recovery

Set sourcetype by source with props.conf not working

What does "Failed to create result provider for remote peer " mean?

Create new buckets at a defined interval

DNS Name and not IP for TCPOUT in outputs.conf

Extract timestamp from CSV in UNIX time

Search Head Summary Page Missing Data

"not a splunk server" status for (previously) functioning splunk server

How to enable UDP input for splunk LWF?

commandline method to test Splunk over UDP?

metrics.log filling up filesystem on LWF

Is it possible to migrate data from 3.3.4 Sparc to 4.1.4 Linux?

Splunk on AWS EC2

expected behavior of lsof for *nix

Splunk Search Head and Fields

Observability Highlights | January 2023 Newsletter

Security Highlights | January 2023 Newsletter

Platform Highlights | January 2023 Newsletter

Why is SHC apply bundle failing?

Error while applying shcluster-bundle on deployer?

Is it possible with ITSI to establish uni-directio...

On-Prem and Cloud Hybrid Architecture

Why is Symlink app not working?