Monitoring Splunk

Discussions

Thread Info

export serverclass hostname

How can I export the host values in excel for the particular serverclass Is there is any query for that that will be ...

by Communicator in

Silent Log Source

Good day everyone. I am trying to monitor the environment hosts whether if any stopped sending logs. The challeng...

by Loves-to-Learn Lots in

KVSTORE FAILED TO START ISSUE

KV Store changed status to failed. KVStore process terminated.. 10/2/2025, 12:23:23 am Failed to start KV Sto...

by Loves-to-Learn in

How to combine the output of 2 events into a single event ?

Hi Team Can you please help me to create a statistic table based on the below requirement: current output : ...

by Path Finder in

ERROR UserManagerPro user=“nobody” had no roles

I'm seeing hundreds of these errors in the internal splunkd logs01-16-2025 12:05:00.584 -0600 ERROR UserManagerPro [7...

by Explorer in

need to check where is ulimit value

How can i find ulimit value/status for all server in monitoring console.

by Communicator in

forwarder monitoring

The Monitoring Console uses metrics data provided by servers with a splunk forwarder installed. The metrics data appe...

by Explorer in

Kv store issue

failed to start kv store process. see mongod.log and splunkd.log for details.@Splunk

by Loves-to-Learn Lots in

Monitoring IBM Z Mainframe

Hi, we are a splunk partner previously Appdynamics partner. In Appdynamics we had a solution to monitor IBM Z, howev...

by Engager in

How come _introspection reports only about root?

Introspection seems to give me the data.mount_point only for "/" and not for the other file systems that I can see vi...

by Motivator in

Troubleshooting high Search Head CPU

Hi. I have been struggling with getting to the root of some performance problems on our pool of search heads...which ...

by Path Finder in

indexer cluster to SH cluster replication issue.

we have a SH cluster with 3 SH which is collecting data with indexer cluster having 3 indexers. Now the problem is da...

by Explorer in

How to run a script only on one search head in a SH cluster, preferably the captain?

i have a script that is currently executing on all search heads. Is there a way to execute on only the current capta...

by Explorer in

splunk

Hello Everyone this is how iam getting error massage , while forwarding data from universal forwarder to indexer , ...

by Loves-to-Learn in

No activity in Splunkd Threads on indexer

Hi, Looking at the activity of the Splunkd threads on the indexers, I've seen in the monitoring console that someti...

by Explorer in

Search Head GUI

Search Head GUI is not working. Found error in the splunk.d logs, not sure if it pertains to why gui is down. Anyone ...

by Explorer in

I recently installed the Universal forwarder in the local Machine, but I cannot see the windows logs sent to the indexes

01-09-2025 17:01:37.725 -0500 WARN TcpOutputProc [4940 parsing] - The TCP output processor has paused the data flow....

by Loves-to-Learn in

How can I fix the issue related to More than 70% of forwarding destinations have failed

01-09-2025 17:30:30.169 -0500 INFO PeriodicHealthReporter - feature="TCPOutAutoLB-0" color=red indicator="s2s_connec...

by Loves-to-Learn in

Distributed Search Configuration - sendRcvTimeout

Hi all, Do any of you all run into issues where the bundle replication keeps timing out and splunkd.log references ...

by Communicator in

Discarding Certain Events

Hello All! I am trying to discard a certain event before the Indexers Ingest it using keyword envoy. Below is an ...

by Observer in

Trying to understand compression - given % compression of X volume data, how much on disk is required?

I'm trying to understand the compression numbers provided by Splunk. Given a compression of, say, 40%, on a volume of...

by Champion in

Is timestamp extraction of milliseconds wrong?

FYI, it's possible if you have HF => third party s2s => indexer.

by Splunk Employee in

Cisco equipement in Splunk

Hello Splunkers  Have any of you worked with log files of Cisco equipment: - AP 9130 - WiFi Controller...

by Explorer in

The current production environment has encountered incomplete data returned by using the query map function.

1.Problem description The current production environment has encountered incomplete data returned by using the quer...

by Path Finder in

Use of persistent queue in UF

In which situation the persistent queue would be used in UF, only if indexer is slow in writing or is down for a lon...

by Communicator in

Get Updates on the Splunk Community!

Monitoring Splunk

Discussions

export serverclass hostname

Silent Log Source

KVSTORE FAILED TO START ISSUE

How to combine the output of 2 events into a single event ?

ERROR UserManagerPro user=“nobody” had no roles

need to check where is ulimit value

forwarder monitoring

Kv store issue

Monitoring IBM Z Mainframe

How come _introspection reports only about root?

Troubleshooting high Search Head CPU

indexer cluster to SH cluster replication issue.

How to run a script only on one search head in a SH cluster, preferably the captain?

splunk

No activity in Splunkd Threads on indexer

Search Head GUI

I recently installed the Universal forwarder in the local Machine, but I cannot see the windows logs sent to the indexes

How can I fix the issue related to More than 70% of forwarding destinations have failed

Distributed Search Configuration - sendRcvTimeout

Discarding Certain Events

Trying to understand compression - given % compression of X volume data, how much on disk is required?

Is timestamp extraction of milliseconds wrong?

Cisco equipement in Splunk

The current production environment has encountered incomplete data returned by using the query map function.

Use of persistent queue in UF

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

MSSP reporting

Splunk UBA

Talos Cisco IoCs Splunk ES

Problems with SA-Hydra

How to pause and resume the Splunk RUM agent

Monitoring Splunk

Are you a member of the Splunk Community?

Discussions