Monitoring Splunk

Discussions

Thread Info

How to determine what is filling the srtemp folder?

Lately our searchheads will run into issues where the srtemp folder baloons to 80+GB and fills the local hard drive. ...

by Contributor in

Splunk 9.4.0 - hostname, issues with license manager reports after hostname change

Hi, I have recently changed the OS hostname, followed by Splunk hostname change on a single node deployment. ...

by Observer in

KVStore error

We get these messages. For exmaple dbconnect doesn't work anymore... how could i solve this?03-11-2025 12:09:07.792 +...

by Engager in

'System health and performance' and 'UEBA' in Splunk

How can I leverage Splunk Cloud to: Monitor System Health & Performance – Track uptime, downtime, and resource util...

by Path Finder in

Query to check the indexer is down, up or in unknown state

Is there is any Query to check whether the indexers status is down, up or in unknown state . I can check in monito...

by Communicator in

How to find out the high memory usage searches on the Splunk search heads?

by Explorer in

How to identify user or process responsible for stopping the Splunk UF agent

I am trying to identify the user or process responsible for stopping the Splunk UF agent. What log source do I requir...

by Engager in

SHC deployer, not deleting TA's (troubleshooting Or 9.4.0 bug?)

IHAC with an SVA C3 (On-Prem) setup running 9.4.0 on the MN, SHC, Deployer but 9.3.2 on the peers (upgrade in the wor...

by Path Finder in

In splunk how CMDB fields mapped.

In splunk how we create these CMDB fields mapped to any sourcetype when new host added as asset.. like the below fi...

by New Member in

Splunk UF version 9.4.1 install issue

When I try to run "./splunk start" it says "cannot execute binary file: Exec format error". Im in the bin directory r...

by Explorer in

The external search command 'chatgpt' did not return events in descending time order, as expected.

Hi guys! I think this screenshot describes my problem pretty well. I just tried to play around with chatgpt and sp...

by Explorer in

hosts reporting stats

I see there is a forwarder management dashboard in the monitoring console where you can check if the host is reporti...

by Engager in

DBX Error Issue

Hi, We encountered a "DBX Server Error: Cannot communicate with the task server." To resolve this, I changed the Ta...

by New Member in

Splunk searches delayed

Hello,I faced the below ERROR: The percentage of non high priority searches delayed (27%) over the last 24 hours is...

by Path Finder in

The TCP output processor has paused the data flow

We recently installed Splunk Universal forwarder 9.3.2 on Windows 2019 server. After starting the forwarder I see bel...

by Engager in

How to repair Data input index to normal state

How I can repair Data input index to normal state.I created Data input as per my Technical Add on , for some reason I...

by Loves-to-Learn in

How to use the different inputlookup csv files based on the drilldown value ?

HI Team Can you please let me know if it is possible to display the different CSV files based on the drilldown value ...

by Path Finder in

Do we have trellis view available in Dashboard Studio for Pie Chart

Hi folks I am looking to create a trellis view for pie chart in dashboard but unable to create and ending up below e...

by New Member in

A lot of error messages : user=“nobody” had no roles after upgrade

Since I migrated splunk to version 9.2.4, I've been getting a lot of error messages from all Splunk servers :WARN Use...

by Path Finder in

export serverclass hostname

How can I export the host values in excel for the particular serverclass Is there is any query for that that will be ...

by Communicator in

Silent Log Source

Good day everyone. I am trying to monitor the environment hosts whether if any stopped sending logs. The challeng...

by Loves-to-Learn Lots in

KVSTORE FAILED TO START ISSUE

KV Store changed status to failed. KVStore process terminated.. 10/2/2025, 12:23:23 am Failed to start KV Sto...

by Loves-to-Learn in

How to combine the output of 2 events into a single event ?

Hi Team Can you please help me to create a statistic table based on the below requirement: current output : ...

by Path Finder in

ERROR UserManagerPro user=“nobody” had no roles

I'm seeing hundreds of these errors in the internal splunkd logs01-16-2025 12:05:00.584 -0600 ERROR UserManagerPro [7...

by Explorer in

need to check where is ulimit value

How can i find ulimit value/status for all server in monitoring console.

by Communicator in

Get Updates on the Splunk Community!

Monitoring Splunk

Discussions

How to determine what is filling the srtemp folder?

Splunk 9.4.0 - hostname, issues with license manager reports after hostname change

KVStore error

'System health and performance' and 'UEBA' in Splunk

Query to check the indexer is down, up or in unknown state

How to find out the high memory usage searches on the Splunk search heads?

How to identify user or process responsible for stopping the Splunk UF agent

SHC deployer, not deleting TA's (troubleshooting Or 9.4.0 bug?)

In splunk how CMDB fields mapped.

Splunk UF version 9.4.1 install issue

The external search command 'chatgpt' did not return events in descending time order, as expected.

hosts reporting stats

DBX Error Issue

Splunk searches delayed

The TCP output processor has paused the data flow

How to repair Data input index to normal state

How to use the different inputlookup csv files based on the drilldown value ?

Do we have trellis view available in Dashboard Studio for Pie Chart

A lot of error messages : user=“nobody” had no roles after upgrade

export serverclass hostname

Silent Log Source

KVSTORE FAILED TO START ISSUE

How to combine the output of 2 events into a single event ?

ERROR UserManagerPro user=“nobody” had no roles

need to check where is ulimit value

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Announcing the General Availability of Splunk Enterprise Security 8.1!

Developer Spotlight with William Searle

MSSP reporting

Splunk UBA

Talos Cisco IoCs Splunk ES

Problems with SA-Hydra

How to pause and resume the Splunk RUM agent

Monitoring Splunk

Are you a member of the Splunk Community?

Discussions