Monitoring Splunk

Community Activity

ERROR :: 'homePath' - what does this mean? When I try to start Splunk it gives the following output - Splunk> CSI: Logfiles. Checking prerequisites... Chec... by mctester Communicator in Monitoring Splunk 09-17-2010 4 4	4	4
how to force splunk to monitor a directory. How do I force splunk to index new files in the directory that is being monitored immediately? sometimes it takes rea... by sfmandmdev Path Finder in Monitoring Splunk 09-13-2010 1 1	1	1
maxfiles in limits.conf I can see the maxfiles parameter in $SPLUNK_HOME/etc/system/default/limits.conf for Splunk 4.1.4 , but it is not desc... by mzorzi Splunk Employee in Monitoring Splunk 09-10-2010 2 1	2	1
Set reduce_freq for a saved search? Is there a way to explicitly set the reduce_freq for a given saved search? I don't see a dispatch.* option for this ... by Lowell Super Champion in Monitoring Splunk 09-07-2010 1 1	1	1
Slow Splunk - splunkd and auditd over 100% CPU - conflict? I'm working on a box right now that seems to be unnecessarily slow at both searching as well as indexing from a batch... by Jason Motivator in Monitoring Splunk 09-07-2010 0 5	0	5
How is my indexed data stored/compressed on disk? We created a new index called "foo"; its size is about 6.6GB on disk. Our main index "main" is 66GB. Our daily index... by mctester Communicator in Monitoring Splunk 09-01-2010 0 1	0	1
Is there any way to speed up searches? I have a search that is taking a few days to run. Here is the search string: sourcetype="bcoat_proxysg" \| stats dc(... by tier2ops Explorer in Monitoring Splunk 08-25-2010 0 3	0	3
Splunk generating tons of fcntl Solaris audit records I have a Solaris 10 SPARC server that is running Splunk 4.1. It's configured to generate audit logs to syslog, creat... by dcarlo New Member in Monitoring Splunk 08-22-2010 0 1	0	1
Interpreting metrics log values What is the significance of cumulative_hits below? Search match hits? number of events returned from a search? 07-09... by rroberts Splunk Employee in Monitoring Splunk 08-17-2010 1 3	1	3
ERROR WordPositionData - couldn't parse hash code (SPL-31080) Crash results in corrupt metadata preventing Splunk from starting up again. Look for following line before crash in s... by roguerr Engager in Monitoring Splunk 08-09-2010 1 2	1	2
New Splunk install to Monitor WebSphere 7.0 Hi, I am having problems getting Splunk to monitor WebSphere V7. I have enabled PMI on WebSphere and installed Splu... by MJTrigwell Engager in Monitoring Splunk 08-03-2010 2 4	2	4
Benchmarking search: indexer vs search head. I've just setup a search head that will search across 2 load balanced indexers. I'd like to compare the execution ti... by Michael_Wilde Splunk Employee in Monitoring Splunk 07-21-2010 1 1	1	1
Multiple indexes + disk space usage So if I follow the data space and retirement process correctly, it works in a circular manner with old data being del... by skippylou Communicator in Monitoring Splunk 07-20-2010 1 2	1	2
"Cannot parse into key-value pair" error after upgrading to 4.1.4 I just upgraded one of my splunk forwarders to version 4.1.4 and now I'm seeing the following error message in my int... by Lowell Super Champion in Monitoring Splunk 07-20-2010 2 1	2	1
I'm getting GetDriverHandle: Unable to install driver. Errors... "Hi support I am receiving a lot of these messages in my light forwarder's splunkd.log 06-29-2010 14:27:05.615 ERROR ... by Genti Splunk Employee in Monitoring Splunk 07-02-2010 2 1	2	1
Error adding SSHFS mount as a data input on a mac os x server, I am trying to add a directory as input. I encounter the following error when trying to save th... by frank_h New Member in Monitoring Splunk 07-01-2010 0 1	0	1
Memory use in HP-Ux Does someone know how much memory and CPU the Splunk agent uses when installed under HP-Ux? And how does the Splunk A... by omlojoha Engager in Monitoring Splunk 06-29-2010 0 3	0	3
Decomposition is not trusted I have noticed that Splunkd.log is recording the following error: web_service.log:2010-06-27 12:21:18,769 ERROR Tr... by olopez77 Explorer in Monitoring Splunk 06-28-2010 2 1	2	1
Splunk performance problems We've got Splunk running on a Windows 2003 R2 x64 server with 8 GB of memory, and two dual-core 3.0 GHz processors. ... by jambajuice Communicator in Monitoring Splunk 06-25-2010 1 3	1	3
Performance improvement by having multiple indexes? A client asks: is there any performance improvement by having multiple indexes? I'm guessing that there would be, if... by Jason Motivator in Monitoring Splunk 06-22-2010 1 2	1	2
Does splunk capture information for configuration changes is there a way to track configuration changes to splunk - either via splunkweb or command line? The idea is: Lets say... by Genti Splunk Employee in Monitoring Splunk 06-07-2010 0 5	0	5
How to get Splunk aware of the changes in inputs.conf of an app without restarting Splunk? Hi all, I've been searching high and low to understand how to get Splunk aware of the changes in inputs.conf of an a... by Nicholas_Key Splunk Employee in Monitoring Splunk 06-03-2010 2 3	2	3
Trying to understand "Average Execution lag" on the scheduler_status view I'm looking on the "Overview" (scheduler_status) view in the Splunk 4.1 Search app and I'm trying to understand what ... by Lowell Super Champion in Monitoring Splunk 05-28-2010 1 3	1	3
Is there a way for Splunk to understand app-specific variables so that the variables usable in input.conf? I'm currently working with inputs.conf and would like to have the stanzas recognize the values that are assigned to t... by Nicholas_Key Splunk Employee in Monitoring Splunk 05-27-2010 3 5	3	5
Output of 'splunk list monitor' Is the output of 'splunk list monitor' clipped at all? I have a directory with (approx) 50 log files, but the outp... by dwaddle SplunkTrust in Monitoring Splunk 05-26-2010 3 4	3	4