Getting Data In

How to resolve "error getting attributes of path "C:\pagefile.sys"" after pushing configurations to servers?


I have pushed configurations to at least 15 servers. 12 servers out of these 15 are returning with these errors, whereas the remaining 3 servers are sending us logs.

The "Pagefile.sys" is not even being monitored neither none of the files from the C:/ Drive are being monitored.

Splunk Forwarder Version 6.5.0 is being used in all the hosts.

Can anyone please guide me on what could be the issue behind these error messages ?

11-04-2016 02:52:41.855 -0400 WARN  FilesystemChangeWatcher - error getting attributes of path "C:\pagefile.sys": The process cannot access the file because it is being used by another process.
11-02-2016 18:31:09.033 -0400 WARN  FilesystemChangeWatcher - error getting attributes of path "C:\pagefile.sys": The process cannot access the file because it is being used by another process.
11-02-2016 18:26:53.852 -0400 WARN  FilesystemChangeWatcher - error getting attributes of path "C:\pagefile.sys": The process cannot access the file because it is being used by another process.
11-02-2016 18:22:20.253 -0400 WARN  FilesystemChangeWatcher - error getting attributes of path "C:\pagefile.sys": The process cannot access the file because it is being used by another process.
0 Karma
1 Solution


Found the culprit.

The servers not sending the data had another outputs.conf that was conflicting with the configurations. I had to delete the configuration file and re-deploy the apps to the host.

And a forwarder restart fixed the issue once the configurations are updated and running.

View solution in original post

0 Karma


Found the culprit.

The servers not sending the data had another outputs.conf that was conflicting with the configurations. I had to delete the configuration file and re-deploy the apps to the host.

And a forwarder restart fixed the issue once the configurations are updated and running.

0 Karma

Splunk Employee
Splunk Employee

On one of the servers that is failing, use btool to get a consolidated list of what Splunk is trying to monitor.

splunk.exe cmd btool inputs list
0 Karma


Hello @jconger

This is the output of the command.

Part 1

_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = default
interval =
_rcvbuf = 1572864
allowSslRenegotiation = true
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = default
interval =
sslQuietShutdown = false
sslVersions = ,-ssl2
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = default
interval =
_rcvbuf = 1572864
baseline = 0
checkpointInterval = 5
current_only = 0
disabled = 0
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = wineventlog
interval =
renderXml = false
start_from = oldest
_rcvbuf = 1572864
baseline = 0
blacklist1 = EventCode="4662" Message="Object Type:\s+(?!groupPolicyContainer)"
blacklist2 = EventCode="566" Message="Object Type:\s+(?!groupPolicyContainer)"
blacklist3 = EventCode="5156"
blacklist4 = EventCode="5447"
checkpointInterval = 5
current_only = 0
disabled = 0
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 1
host = ABC
index = wineventlog
interval =
renderXml = false
start_from = oldest
_rcvbuf = 1572864
baseline = 0
checkpointInterval = 5
current_only = 0
disabled = 0
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = wineventlog
interval =
renderXml = false
start_from = oldest
_rcvbuf = 1572864
baseline = 0
checkpointInterval = 5
current_only = 0
disabled = 0
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = wineventlog
interval =
renderXml = false
start_from = oldest
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = windows
interval = 600
type = Application
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = windows
interval = 600
type = Computer
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = windows
interval = 600
type = Disk
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = windows
interval = 600
type = Driver
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = windows
interval = 600
type = NetworkAdapter
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = windows
interval = 600
type = OperatingSystem
_rcvbuf = 1572864
baseline = 0
disabled = 0
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = windows
interval = 600
type = Process
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = windows
interval = 600
type = Processor
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = windows
interval = 600
type = Roles
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = windows
interval = 600
type = Service
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = default
interval =
_rcvbuf = 1572864
baseline = 0
direction = inbound
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = windows
interval =
_rcvbuf = 1572864
baseline = 0
direction = outbound
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = windows
interval =
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = default
interval =
_rcvbuf = 1572864
baseline = 1
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = windows
interval = 600
type = driver
_rcvbuf = 1572864
baseline = 1
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = windows
interval = 600
type = port
_rcvbuf = 1572864
baseline = 1
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = windows
interval = 600
type = printer
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = default
interval =
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
hive = .

host = ABC
index = windows
interval =
proc = .*
type = rename|set|delete|create
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
hive = \REGISTRY\USER\.\Software\Microsoft\Windows\CurrentVersion\Run\.
host = ABC
index = windows
interval =
proc = .*
type = set|create|delete|rename
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
hive = \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\.*
host = ABC
index = windows
interval =
proc = .*
type = set|create|delete|rename
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = default
interval =
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = default
interval =
monitorSubtree = 1
[batch://D:\Program Files\SplunkUniversalForwarder\var\spool\splunk]
_rcvbuf = 1572864
baseline = 0
crcSalt =
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = default
interval =
move_policy = sinkhole
[batch://D:\Program Files\SplunkUniversalForwarder\var\spool\splunk...stash_new]
_rcvbuf = 1572864
baseline = 0
crcSalt =
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = default
interval =
move_policy = sinkhole
queue = stashparsing
sourcetype = stash_new
[blacklist:D:\Program Files\SplunkUniversalForwarder\etc\auth]
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = default
interval =
_rcvbuf = 1572864
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = default
[fschange:D:\Program Files\SplunkUniversalForwarder\etc]
_rcvbuf = 1572864
baseline = 0
delayInMills = 100
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
filesPerDelay = 10
followLinks = false
fullEvent = false
hashMaxSize = -1
host = ABC
index = default
interval =
pollPeriod = 600
recurse = true
sendEventMaxSize = -1
signedaudit = true
_rcvbuf = 1572864
allowSslCompression = true
allowSslRenegotiation = true
baseline = 0
dedicatedIoThreads = 2
disabled = 1
enableSSL = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = default
interval =
maxSockets = 0
maxThreads = 0
port = 8088
sslVersions = ,-ssl2
useDeploymentServer = 0
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = main
interval =
source = generic-syslog
sourcetype = syslog
_rcvbuf = 1572864
baseline = 0
disabled = false
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = sharepoint
interval =
queue = parsingQueue
sourcetype = sharepoint
_rcvbuf = 1572864
baseline = 0
crcSalt =
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = windows
interval =
sourcetype = DhcpSrvLog
whitelist = DhcpSrvLog

_rcvbuf = 1572864
baseline = 0
disabled = 0
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = windows
interval =
sourcetype = WindowsUpdateLog
_rcvbuf = 1572864
baseline = 0
disabled = false
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = sharepoint
interval =
queue = parsingQueue
sourcetype = MSWindows:2008R2:IIS
_rcvbuf = 1572864
baseline = 0
disabled = false
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = iis
interval =
queue = parsingQueue

0 Karma


Part 2

_rcvbuf = 1572864
baseline = 0
disabled = false
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = sharepoint
interval =
sourcetype = sharepoint
_rcvbuf = 1572864
baseline = 0
crcSalt =
disabled = false
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = main
interval =
sourcetype = ebiz
[monitor://D:\Program Files\SplunkUniversalForwarder\etc\splunk.version]
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = _internal
interval =
sourcetype = splunk_version
[monitor://D:\Program Files\SplunkUniversalForwarder\var\log\splunk]
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = _internal
interval =
[monitor://D:\Program Files\SplunkUniversalForwarder\var\log\splunk\license_usage_summary.log]
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = _telemetry
interval =
[monitor://D:\Program Files\SplunkUniversalForwarder\var\log\splunk\metrics.log]
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = _internal
interval =
[monitor://D:\Program Files\SplunkUniversalForwarder\var\log\splunk\splunk*.log]
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = _internal
interval =
[monitor://D:\Program Files\SplunkUniversalForwarder\var\log\splunk\splunkd.log]
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = _internal
interval =
_rcvbuf = 1572864
baseline = 0
disabled = false
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = sharepoint
interval =
sourcetype = sharepoint
_rcvbuf = 1572864
baseline = 0
disabled = false
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = sharepoint
interval =
sourcetype = sharepoint
_rcvbuf = 1572864
baseline = 0
disabled = false
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = iis
interval =
queue = parsingQueue
sourcetype = iis
_rcvbuf = 1572864
baseline = 0
disabled = false
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = iis
interval =
queue = parsingQueue
sourcetype = iis
_rcvbuf = 1572864
baseline = 0
crcSalt =
disabled = false
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = main
interval =
sourcetype = ebiz
_rcvbuf = 1572864
baseline = 0
disabled = false
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = sharepoint
interval =
queue = parsingQueue
sourcetype = iis
_rcvbuf = 1572864
baseline = 0
disabled = false
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = sharepoint
interval =
queue = parsingQueue
sourcetype = sharepoint
_rcvbuf = 1572864
baseline = 0
disabled = false
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = main
interval =
sourcetype = irp
_rcvbuf = 1572864
baseline = 0
disabled = false
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = main
interval =
sourcetype = irp
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = default
interval = 300
_rcvbuf = 1572864
baseline = 0
counters = % Processor Time; % User Time; % Privileged Time; Interrupts/sec; % DPC Time; % Interrupt Time; DPCs Queued/sec; DPC Rate; % Idle Time; % C1 Time; % C2 Time; % C3 Time; C1 Transitions/sec; C2 Transitions/sec; C3 Transitions/sec
disabled = 0
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = perfmon
instances = *
interval = 7200
object = Processor
useEnglishOnly = true
_rcvbuf = 1572864
baseline = 0
counters = % Free Space; Free Megabytes; Current Disk Queue Length; % Disk Time; Avg. Disk Queue Length; % Disk Read Time; Avg. Disk Read Queue Length; % Disk Write Time; Avg. Disk Write Queue Length; Avg. Disk sec/Transfer; Avg. Disk sec/Read; Avg. Disk sec/Write; Disk Transfers/sec; Disk Reads/sec; Disk Writes/sec; Disk Bytes/sec; Disk Read Bytes/sec; Disk Write Bytes/sec; Avg. Disk Bytes/Transfer; Avg. Disk Bytes/Read; Avg. Disk Bytes/Write; % Idle Time; Split IO/Sec
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = perfmon
instances = *
interval = 10
object = LogicalDisk
useEnglishOnly = true
_rcvbuf = 1572864
baseline = 0
counters = Page Faults/sec; Available Bytes; Committed Bytes; Commit Limit; Write Copies/sec; Transition Faults/sec; Cache Faults/sec; Demand Zero Faults/sec; Pages/sec; Pages Input/sec; Page Reads/sec; Pages Output/sec; Pool Paged Bytes; Pool Nonpaged Bytes; Page Writes/sec; Pool Paged Allocs; Pool Nonpaged Allocs; Free System Page Table Entries; Cache Bytes; Cache Bytes Peak; Pool Paged Resident Bytes; System Code Total Bytes; System Code Resident Bytes; System Driver Total Bytes; System Driver Resident Bytes; System Cache Resident Bytes; % Committed Bytes In Use; Available KBytes; Available MBytes; Transition Pages RePurposed/sec; Free & Zero Page List Bytes; Modified Page List Bytes; Standby Cache Reserve Bytes; Standby Cache Normal Priority Bytes; Standby Cache Core Bytes; Long-Term Average Standby Cache Lifetime (s)
disabled = 0
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = perfmon
interval = 7200
object = Memory
useEnglishOnly = true
_rcvbuf = 1572864
baseline = 0
counters = Bytes Total/sec; Packets/sec; Packets Received/sec; Packets Sent/sec; Current Bandwidth; Bytes Received/sec; Packets Received Unicast/sec; Packets Received Non-Unicast/sec; Packets Received Discarded; Packets Received Errors; Packets Received Unknown; Bytes Sent/sec; Packets Sent Unicast/sec; Packets Sent Non-Unicast/sec; Packets Outbound Discarded; Packets Outbound Errors; Output Queue Length; Offloaded Connections; TCP Active RSC Connections; TCP RSC Coalesced Packets/sec; TCP RSC Exceptions/sec; TCP RSC Average Packet Size
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = perfmon
instances = *
interval = 10
object = Network Interface
useEnglishOnly = true
_rcvbuf = 1572864
baseline = 0
counters = Current Disk Queue Length; % Disk Time; Avg. Disk Queue Length; % Disk Read Time; Avg. Disk Read Queue Length; % Disk Write Time; Avg. Disk Write Queue Length; Avg. Disk sec/Transfer; Avg. Disk sec/Read; Avg. Disk sec/Write; Disk Transfers/sec; Disk Reads/sec; Disk Writes/sec; Disk Bytes/sec; Disk Read Bytes/sec; Disk Write Bytes/sec; Avg. Disk Bytes/Transfer; Avg. Disk Bytes/Read; Avg. Disk Bytes/Write; % Idle Time; Split IO/Sec
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = perfmon
instances = *
interval = 10
object = PhysicalDisk
useEnglishOnly = true
_rcvbuf = 1572864
baseline = 0
counters = % Processor Time; % User Time; % Privileged Time; Virtual Bytes Peak; Virtual Bytes; Page Faults/sec; Working Set Peak; Working Set; Page File Bytes Peak; Page File Bytes; Private Bytes; Thread Count; Priority Base; Elapsed Time; ID Process; Creating Process ID; Pool Paged Bytes; Pool Nonpaged Bytes; Handle Count; IO Read Operations/sec; IO Write Operations/sec; IO Data Operations/sec; IO Other Operations/sec; IO Read Bytes/sec; IO Write Bytes/sec; IO Data Bytes/sec; IO Other Bytes/sec; Working Set - Private
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = perfmon
instances = *
interval = 10
object = Process
useEnglishOnly = true
_rcvbuf = 1572864
baseline = 0
counters = File Read Operations/sec; File Write Operations/sec; File Control Operations/sec; File Read Bytes/sec; File Write Bytes/sec; File Control Bytes/sec; Context Switches/sec; System Calls/sec; File Data Operations/sec; System Up Time; Processor Queue Length; Processes; Threads; Alignment Fixups/sec; Exception Dispatches/sec; Floating Emulations/sec; % Registry Quota In Use
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = perfmon
instances = *
interval = 10
object = System
useEnglishOnly = true
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = default
interval =
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = default
interval =
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = default
interval = 60.0
start_by_shell = false
[script://D:\Program Files\SplunkUniversalForwarder\bin\scripts\splunk-wmi.path]
_rcvbuf = 1572864
baseline = 0
disabled = 0
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = default
interval = 10000000
persistentQueueSize = 200MB
queue = winparsing
source = wmi
sourcetype = wmi
[script://D:\Program Files\SplunkUniversalForwarder\etc/apps/app_rmwindow_TA/bin/delsplunkta.bat]
_rcvbuf = 1572864
baseline = 0
disabled = false
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = main
interval = 7200
sourcetype = rmsplunkta

0 Karma


Part 3

[script://D:\Program Files\SplunkUniversalForwarder\etc\apps\wbg_Splunk_TA_windows\bin\win_installed_apps.bat]
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = windows
interval = 86400
sourcetype = Script:InstalledApps
[script://D:\Program Files\SplunkUniversalForwarder\etc\apps\wbg_Splunk_TA_windows\bin\win_listening_ports.bat]
_rcvbuf = 1572864
baseline = 0
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = windows
interval = 3600
sourcetype = Script:ListeningPorts
_rcvbuf = 1572864
acceptFrom = *
baseline = 0
connection_host = ip
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = default
interval =
route = has_key:tautology:parsingQueue;absent_key:tautology:parsingQueue
_rcvbuf = 1572864
acceptFrom = *
baseline = 0
connection_host = dns
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = default
interval =
_rcvbuf = 1572864
baseline = 0
connection_host = ip
disabled = 1
evt_dc_name =
evt_dns_name =
evt_resolve_ad_obj = 0
host = ABC
index = default
interval =

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...