Monitoring Splunk

Community Activity

Any concern to use Splunk directly on the servers where the critical applications are running? Hiya Thinking of using Splunk but worry Splunk takes too much PC resources if use it directly on the servers where t... by xiaotao New Member in Monitoring Splunk 01-14-2011 0 1	0	1
How to search usage of "view"? I know I can monitor the usage of saved search by saved_search_name from _audit index. However, I can't find equivale... by hochit Path Finder in Monitoring Splunk 12-30-2010 1 1	1	1
ERROR DatabaseDirectoryManager::Bucket 11-09-2010 00:00:57.985 INFO WatchedFile - File too small to check seekcrc, probably truncated. Will re-read entire... by vadud3 Path Finder in Monitoring Splunk 12-24-2010 1 1	1	1
How to embed google analytics code to all splunk pages? Hi, I want to use google analytics to get user trace. In which template should I put the google analytics code so th... by melonman Motivator in Monitoring Splunk 12-16-2010 0 1	0	1
How to minimize splunk's memory usage Is it possible to explicitly define how much memory splunk (splunkd and splunkweb) is allowed to use? Thanks by domengph Engager in Monitoring Splunk 12-10-2010 1 4	1	4
rotate input data Hello, It looks like I'm running out of space on my splunk server. Here is the error that I received when running a... by spowell New Member in Monitoring Splunk 12-08-2010 0 1	0	1
Performance difference between using SEDCMD and older REGEX/TRANSFORMS method Is there a performance difference between using the SEDCMD syntax in just props.conf versus using the older method wh... by DrewO Splunk Employee in Monitoring Splunk 12-02-2010 3 3	3	3
Sizing a Splunk installation- and a license question too. We're considering moving our Splunk environment from AIX to a Linux x86 box for performance reasons. My particular de... by Branden Builder in Monitoring Splunk 12-01-2010 0 3	0	3
A FusionIO ioDrive card with splunk? Has anyone used an ioDrive for their splunk? I'm really curious if anyone can speak to the crazy high IOPS & throughp... by gfriedmann Communicator in Monitoring Splunk 11-26-2010 3 2	3	2
Does fschange use inotify / ReadDirectoryChangesW or similar? Does Splunk make full use of operating system specific features when monitoring for changed files? In particular, I'... by southeringtonp Motivator in Monitoring Splunk 11-11-2010 1 1	1	1
With coldToFrozenScript, what is responsible for deleting the bucket? When you specify a coldToFrozenScript in indexes.conf, what is responsible for deleting the cold bucket from the inde... by dwaddle SplunkTrust in Monitoring Splunk 11-10-2010 2 1	2	1
Migrating colddb buckets to new storage. Hi, In an attempt to increase the available storage for indexes, I am looking at moving the colddb indexes to an add... by mgherman Explorer in Monitoring Splunk 11-08-2010 3 2	3	2
monitor latest file only I write a script to blacklist the oldest file but splunk don't reload inputs.conf until someone restart the services ... by katalinali Path Finder in Monitoring Splunk 11-08-2010 0 3	0	3
Looking for "high performance Splunk" A client is looking for advice on tuning splunk for what they call "high performance" - defined as minimizing cpu, ne... by Jason Motivator in Monitoring Splunk 11-05-2010 0 2	0	2
Monitoring Logfiles with random number as part of the name Our logfiles are named in the format Log.Activity.prod.###.txt where ### is random number. Also we want to leave out ... by rvbalaji Explorer in Monitoring Splunk 11-04-2010 0 7	0	7
Delay of monitoring thousands of file I monitored several thousands of file in splunk but I find it indexes the new events for more than 30 minutes. I have... by katalinali Path Finder in Monitoring Splunk 11-03-2010 2 1	2	1
Splunk helpers.. what is it? Hi, 'Splunk Helpers' what is this process & what does it do? Can it be stopped/started via cmdline. Obviously if cr... by standias Explorer in Monitoring Splunk 10-26-2010 0 3	0	3
How could events from two hosts be in the same _internal index? What configuration needs to be in place in order for internal events from one splunk instance to be in the _internal ... by muebel SplunkTrust in Monitoring Splunk 10-22-2010 0 1	0	1
Splunk & Ossec intergration Splunk seems like an all around tool. What is the advantage of incorporating the Ossec system into or with Splunk? by monitor New Member in Monitoring Splunk 10-20-2010 0 3	0	3
OSSEC and SPLUNK... just stopped ? I've had both services running on the save Ubuntu 10.04 server for about a week. OSSEC is cooking along gathering in... by jhuebner Explorer in Monitoring Splunk 10-20-2010 0 1	0	1
How do I get the most out of a 16 core server? I have a 16 core server (HP DL580) with 32GB MEM and 2TB SAS Drives (RAID 10) capable of 800 IO/sec. I'm indexing abo... by Dan Splunk Employee in Monitoring Splunk 10-19-2010 1 6	1	6
terminate called after throwing an instance of 'PollableDescriptorException' I keep getting the following error in crash logs on splunk-3.4.12-69236 64 bit. Anyone has any idea what is causing i... by Marcin Explorer in Monitoring Splunk 10-08-2010 0 1	0	1
Need Help Troubleshooting Poor SplunkWeb Performance Hi Folks, I could use some pointers troubleshooting some Splunk Web performance issues. Over the last few weeks, ou... by gmor Explorer in Monitoring Splunk 09-23-2010 1 3	1	3
Clarification on why our license is tripping we have a license for our QA environment for 500MB. We wanted to have the same functions (deployment, alerts, securit... by atulmistry Engager in Monitoring Splunk 09-20-2010 4 2	4	2
ERROR :: 'homePath' - what does this mean? When I try to start Splunk it gives the following output - Splunk> CSI: Logfiles. Checking prerequisites... Chec... by mctester Communicator in Monitoring Splunk 09-17-2010 4 4	4	4