Monitoring Splunk

Community Activity

Looking for "high performance Splunk" A client is looking for advice on tuning splunk for what they call "high performance" - defined as minimizing cpu, ne... by Jason Motivator in Monitoring Splunk 11-05-2010 0 2	0	2
Monitoring Logfiles with random number as part of the name Our logfiles are named in the format Log.Activity.prod.###.txt where ### is random number. Also we want to leave out ... by rvbalaji Explorer in Monitoring Splunk 11-04-2010 0 7	0	7
Delay of monitoring thousands of file I monitored several thousands of file in splunk but I find it indexes the new events for more than 30 minutes. I have... by katalinali Path Finder in Monitoring Splunk 11-03-2010 2 1	2	1
Splunk helpers.. what is it? Hi, 'Splunk Helpers' what is this process & what does it do? Can it be stopped/started via cmdline. Obviously if cr... by standias Explorer in Monitoring Splunk 10-26-2010 0 3	0	3
How could events from two hosts be in the same _internal index? What configuration needs to be in place in order for internal events from one splunk instance to be in the _internal ... by muebel SplunkTrust in Monitoring Splunk 10-22-2010 0 1	0	1
Splunk & Ossec intergration Splunk seems like an all around tool. What is the advantage of incorporating the Ossec system into or with Splunk? by monitor New Member in Monitoring Splunk 10-20-2010 0 3	0	3
OSSEC and SPLUNK... just stopped ? I've had both services running on the save Ubuntu 10.04 server for about a week. OSSEC is cooking along gathering in... by jhuebner Explorer in Monitoring Splunk 10-20-2010 0 1	0	1
How do I get the most out of a 16 core server? I have a 16 core server (HP DL580) with 32GB MEM and 2TB SAS Drives (RAID 10) capable of 800 IO/sec. I'm indexing abo... by Dan Splunk Employee in Monitoring Splunk 10-19-2010 1 6	1	6
terminate called after throwing an instance of 'PollableDescriptorException' I keep getting the following error in crash logs on splunk-3.4.12-69236 64 bit. Anyone has any idea what is causing i... by Marcin Explorer in Monitoring Splunk 10-08-2010 0 1	0	1
Need Help Troubleshooting Poor SplunkWeb Performance Hi Folks, I could use some pointers troubleshooting some Splunk Web performance issues. Over the last few weeks, ou... by gmor Explorer in Monitoring Splunk 09-23-2010 1 3	1	3
Clarification on why our license is tripping we have a license for our QA environment for 500MB. We wanted to have the same functions (deployment, alerts, securit... by atulmistry Engager in Monitoring Splunk 09-20-2010 4 2	4	2
ERROR :: 'homePath' - what does this mean? When I try to start Splunk it gives the following output - Splunk> CSI: Logfiles. Checking prerequisites... Chec... by mctester Communicator in Monitoring Splunk 09-17-2010 4 4	4	4
how to force splunk to monitor a directory. How do I force splunk to index new files in the directory that is being monitored immediately? sometimes it takes rea... by sfmandmdev Path Finder in Monitoring Splunk 09-13-2010 1 1	1	1
maxfiles in limits.conf I can see the maxfiles parameter in $SPLUNK_HOME/etc/system/default/limits.conf for Splunk 4.1.4 , but it is not desc... by mzorzi Splunk Employee in Monitoring Splunk 09-10-2010 2 1	2	1
Set reduce_freq for a saved search? Is there a way to explicitly set the reduce_freq for a given saved search? I don't see a dispatch.* option for this ... by Lowell Super Champion in Monitoring Splunk 09-07-2010 1 1	1	1
Slow Splunk - splunkd and auditd over 100% CPU - conflict? I'm working on a box right now that seems to be unnecessarily slow at both searching as well as indexing from a batch... by Jason Motivator in Monitoring Splunk 09-07-2010 0 5	0	5
How is my indexed data stored/compressed on disk? We created a new index called "foo"; its size is about 6.6GB on disk. Our main index "main" is 66GB. Our daily index... by mctester Communicator in Monitoring Splunk 09-01-2010 0 1	0	1
Is there any way to speed up searches? I have a search that is taking a few days to run. Here is the search string: sourcetype="bcoat_proxysg" \| stats dc(... by tier2ops Explorer in Monitoring Splunk 08-25-2010 0 3	0	3
Splunk generating tons of fcntl Solaris audit records I have a Solaris 10 SPARC server that is running Splunk 4.1. It's configured to generate audit logs to syslog, creat... by dcarlo New Member in Monitoring Splunk 08-22-2010 0 1	0	1
Interpreting metrics log values What is the significance of cumulative_hits below? Search match hits? number of events returned from a search? 07-09... by rroberts Splunk Employee in Monitoring Splunk 08-17-2010 1 3	1	3
ERROR WordPositionData - couldn't parse hash code (SPL-31080) Crash results in corrupt metadata preventing Splunk from starting up again. Look for following line before crash in s... by roguerr Engager in Monitoring Splunk 08-09-2010 1 2	1	2
New Splunk install to Monitor WebSphere 7.0 Hi, I am having problems getting Splunk to monitor WebSphere V7. I have enabled PMI on WebSphere and installed Splu... by MJTrigwell Engager in Monitoring Splunk 08-03-2010 2 4	2	4
Benchmarking search: indexer vs search head. I've just setup a search head that will search across 2 load balanced indexers. I'd like to compare the execution ti... by Michael_Wilde Splunk Employee in Monitoring Splunk 07-21-2010 1 1	1	1
Multiple indexes + disk space usage So if I follow the data space and retirement process correctly, it works in a circular manner with old data being del... by skippylou Communicator in Monitoring Splunk 07-20-2010 1 2	1	2
"Cannot parse into key-value pair" error after upgrading to 4.1.4 I just upgraded one of my splunk forwarders to version 4.1.4 and now I'm seeing the following error message in my int... by Lowell Super Champion in Monitoring Splunk 07-20-2010 2 1	2	1