| | I've seen quite a few apps and they structure their file in different ways. Is there a best practice? For example sho... 2 3 | 2 | 3 | |
| | If the script to roll the hotDB to the warmDB is "| debug cmd=roll index=main", would there be one for rolling the wa... 4 2 | 4 | 2 | |
| | can I view an entire raw log file from within Splunk? For example, if I'm monitoring an apache log4j file (server.lo... 1 3 | 1 | 3 | |
| | Are there are any critical changes to be aware of when migrating a complex distributed scripted auth setup on 3.4.x t... 1 3 | 1 | 3 | |
| | After upgrading to Splunk 4.1 from 4.0.10 today, we find that we can no longer run searches. splunkd.log shows: 04-... 4 1 | 4 | 1 | |
| | If I have a bunch of saved searches I run hourly, what should I consider before switching any or all of them to real ... 2 2 | 2 | 2 | |
| | In my office we have a script on our log servers that monitors the hosts sending logs and alerts us if a machine star... 0 4 | 0 | 4 | |
| | I'm in the process of migrating to new hardware for my indexers. The easiest way to do this would be: Setup new ind... 2 3 | 2 | 3 | |
| | I just upgraded from 4.0 to 4.1 and am seeing messages that the indexprocessor was not initialized on startup. How c... 2 1 | 2 | 1 | |
| | How many tags can be created before Splunk's performance is adversely affected? And what specifcally is adversely af... 3 4 | 3 | 4 | |
| | I'm using Splunk 4.0.10. I've been working on doing field extractions (transforms.conf) on a DB2 log file. I've man... 0 1 | 0 | 1 | |
| | Question: What pipeline module does the sed pre-indexing code run in. I have the following props.conf in my app an... 1 1 | 1 | 1 | |
| | All of my events show up with gid=-1,uid=-1. Is this a bug or am I doing something wrong? 1 3 | 1 | 3 | |
| | I have a lot of saved searches that populate my summary index and I do not want them to be viewable in the saved sear... 5 3 | 5 | 3 | |
| | I'm trying to set up LDAP authentication and need some assistance. Where do I go for assistance? 2 1 | 2 | 1 | |
| | Any idea how to create a search that finds hosts that are sending BOTH syslog and splunkd traffic? We'd like to turn... 1 2 | 1 | 2 | |
| | When uninstalling an app, the following errors are preventing splunkd for restarting: 03-30-2010 22:28:12.157 WARN ... 1 2 | 1 | 2 | |
| | How do you force the creation of the merged_lexicon.lex for a bucket that was manually restored? (And is this possib... 0 4 | 0 | 4 | |
| | UPDATE: This appears to be a bug specifically related to 4.0.10. The following is a work around in system/local/inp... 1 3 | 1 | 3 | |
| | I need some help with figuring out some potential blocked queues. What searches can be run to help me figure this ou... 0 2 | 0 | 2 | |
| | My filesystem is full and splunk wont start. How do i make some last minute filesystem space and start splunk? What a... 3 2 | 3 | 2 | |
| | Saw this error in splunklogger.log. What does it mean? 1 1 | 1 | 1 | |
| | We are indexing a lot of Cisco syslog messages. I notice that the host field is extracted correctly, but src/dst IP a... 3 3 | 3 | 3 | |
| | I have a script that populates the previous day's data early in the following morning. How do I set a time range such... 2 3 | 2 | 3 | |
| | I've got a field extraction defined in my props.conf, but now I want to be able to select it in a search without usin... 1 5 | 1 | 5 | |
