Monitoring Splunk

Community Activity

What are the fields in _audit that specify the interval for each search? We would like to produce statistics about the usage of Splunk and we would like to categorize the searches by ranges,... by danielbb Motivator in Monitoring Splunk 06-26-2025 0 3	0	3
Splunk shc member abnormal I use metadata to monitor the activity status of member nodes in my cluster, but recently I discovered an exception. ... by meng New Member in Monitoring Splunk 06-25-2025 0 2	0	2
Help me understand the error logs. I am newbie to this env and I'm trying to understand some logs regrading a linux server troubleshoot. A server stoppe... by KishoreSrini Explorer in Monitoring Splunk 06-19-2025 0 4	0	4
How do I tell Splunk to use more CPU cores? I have Splunk 6 Enterprise installed on a system with 2x 10-core 3GHz Xeons, 128GB RAM and a 6x SSD RAID-10. When I ... by kamermans Path Finder in Monitoring Splunk 06-09-2025 2 14	2	14
Detecting Unused Index and Reducing Splunk Log Size Is there a way to detect unused indexes in Splunk via a query? Also, how can we control the growth of log sizes effec... by megha_04 New Member in Monitoring Splunk 06-05-2025 0 3	0	3
How to fetch the date passed in the input token to the search. Hi Team Can you please let me know why i am not able fetch the base_date in the dashoard using the below logic. Pleas... by Real_captain Path Finder in Monitoring Splunk 06-05-2025 0 3	0	3
Monitor for delete attempts Hello,Our company has gone through an audit and one of the auditors has asked us to monitor attempts to delete record... by BB2 Explorer in Monitoring Splunk 05-29-2025 0 11	0	11
How do i create diag file on Splunk edge processor Need assistance to create diag file on splunk edge processor by Mahendra_Penuma New Member in Monitoring Splunk 05-20-2025 0 2	0	2
KVStorageProvider max_size_per_result_mb limit Hello Splunkers,Good Day! I'm getting this error consistent. Out of confusion, those this mean it's the estimated KVS... by whitefang1726 Path Finder in Monitoring Splunk 05-20-2025 0 2	0	2
Does Linux universal forwarder use kernel hook technology? Such as eBPF? Does Linux universal forwarder use kernel hook technology? Such as eBPF?The forwarder version is 8.2.1. by xiyangyang Path Finder in Monitoring Splunk 05-19-2025 0 4	0	4
MSSP reporting Hi all,I’ve recently encountered several challenges since migrating to Splunk Mission Control (MS) and would apprecia... by 666Meow Explorer in Monitoring Splunk 05-15-2025 0 0	0	0
Splunk SOAR dashboard for monitoring Hey Everyone,I would like to build a dashboard or use any pre-defined one in order to collect all the details of the ... by spluser1 Loves-to-Learn in Monitoring Splunk 05-11-2025 0 2	0	2
How parsing log increase size of raw log? Is the size of log after being stored in buckets compared to its raw size a metric I should monitor?This question cam... by Na_Kang_Lim Path Finder in Monitoring Splunk 05-09-2025 0 1	0	1
Is there a way to dynamically control the severity of an alert? We would like to dynamically populate the severity field, is it possible? by danielbb Motivator in Monitoring Splunk 04-29-2025 0 3	0	3
How to avoid sending an empty report? Is there a way to avoid sending an empty report? I'm thinking about converting the report to an alert but the custome... by danielbb Motivator in Monitoring Splunk 04-29-2025 0 2	0	2
Late indexed Hello Splunkers!!Issue DescriptionWe are experiencing a significant delay in data ingestion (>10 hours) for one index... by uagraw01 Motivator in Monitoring Splunk 04-24-2025 0 8	0	8
windows events id's gap We have noticed that some Windows Domain Controller server event logs are not appearing in the Splunk search.For exam... by mshakeb Loves-to-Learn Everything in Monitoring Splunk 04-14-2025 0 2	0	2
How can we find the missing events in splunk Hi,Splunk hasn't captured the 4743 events, indicating computer account deletions that occurred yesterday at 2 pm. Whe... by AL3Z Builder in Monitoring Splunk 04-14-2025 0 11	0	11
Splunk supported S2S protocols and enableOldS2SProtocol (oldest protocol) explained Are you recommending enableOldS2SProtocol=true?Are you implementing enableOldS2SProtocol=true?If yes, read below.Spl... by hrawat Splunk Employee in Monitoring Splunk 04-11-2025 4 3	4	3
Any idea what is causing high memory usage in indexers? We have distributed environment with 4 Splunk Indexers which are consuming high memory . It reaches to 100% and remai... by Ashwini008 Builder in Monitoring Splunk 04-10-2025 0 6	0	6
How to fetch the events with the time greater than the time of the 1st event in the dashboard ? Hi Team Can you please let me know how it is possible to fetch the events with the time greater than the time of the ... by Real_captain Path Finder in Monitoring Splunk 04-07-2025 0 14	0	14
Optimizing the expensive saved searches Hi,I am seeking recommendations on optimizing the most resource-intensive saved searches in my Splunk Cloud instance ... by tech_g706 Path Finder in Monitoring Splunk 04-04-2025 0 4	0	4
Restrict users to see their logs (with config IDs) only We have security logs coming to Splunk using data input configuration in Splunk.. The logs have a field called securi... by splunklearner Communicator in Monitoring Splunk 04-03-2025 0 17	0	17
How to fetch the status of an application having multiple jobs ? HI Team Can someone please help me to find how we can fetch the status of the application A1 having 5 jobs (Job1 , Jo... by Real_captain Path Finder in Monitoring Splunk 04-03-2025 0 12	0	12
Get License limit Hello,I'm building a search to get alerted when we go over the license. I have a search that is working well to get t... by lux209 Explorer in Monitoring Splunk 04-03-2025 0 9	0	9