Monitoring Splunk

Discussions

Thread Info

collect data from a folder, but it is a disk

I need to collect data from a folder on a Windows machine, the problem is that this folder is mounted as a disk and t...

by Loves-to-Learn Lots in

How to index json files that or monitor json files

this is inputs.conf [monitor://D:\temp\zkstats*.json] crcSalt = <SOURCE> disabled = false followTail = 0 index...

by Loves-to-Learn Everything in

datamodel

i am facing error while running datamodel below The search job has failed due to err='Error in 'SearchParser': The ...

by Explorer in

Is it possible to change the color of the output in a single value visualization format (42) ?

Hi Team Can you please help me to find a way to change the color of the output value in a single value visualizat...

by Path Finder in

NAS logs integrating to Splunk

we need a NAS logs integration to splunk but i dont know how to integrate .We have SC4s container. can anyone help on...

by Explorer in

How does Cluster Manager populate dmc_forwarder_assets input lookup csv table?

Does anyone know how does Cluster Manager populate dmc_forwarder_assets input lookup csv table? I have an issue whe...

by Explorer in

How to monitor a file inside docker container

We have multiple docker containers and there are some logs (created by our application, same log gets updated) inside...

by Path Finder in

How to find the count of events between the 2 Events in a day ?

Hi Can you please help me to find out how we can find the count of events between the 2 events in SPLUNK. Exa...

by Path Finder in

How to create a diag file on Splunk cloud?

Hello Guys, Can you please share the steps on how to create diag file for **Splunk Cloud**?I found some posts sayin...

by Path Finder in

failed to read splunkforwader status after installation in linux machine what is permission command

by Explorer in

Forwarder version in dmc_forwarder_assets lookup is updated in un unreliable way

Hi Lookup table doesn't contain the current version of the forwarder. Instead, the highest ever seen version is st...

by Explorer in

disk space error

The diskspace remaining=6235 has breached the yellow threshold for filesystems=['C:\Program Files\Splunk\var\lib\splu...

by Loves-to-Learn Lots in

hosts not reporting

I have following search. how can I add indexes information in the results: |tstats max(_time) as _time, where index...

by Engager in

How to find the details from the csv file in a new field for further processing using lookup ?

Hi Can someone tell me how we can use a csv file using a lookup and extract the details from a file in a field whi...

by Path Finder in

Windows Server 2016 removed as of Universal Forward 9.3

Why was Windows Server 2016 removed from Splunk Universal Forwarder as of v9.3 (7/30/2024), when Windows Server 2016 ...

by Engager in

Number of appserver.py processes increasing, causing OOM

Search Head appears to have a rogue python process ( appserver.py) that slowly eats away all memory on the system, t...

by Splunk Employee in

Data Durability issue

I have a problem with data it's self and i have 2RF 2SF and they are works fine i tried to roll buckets multipl...

by Explorer in

I am not sure where to find performance data or which on default index it is stored in

Hello,I installed the forwarder on a Windows machine, and during the installation, I selected the Windows performance...

by Path Finder in

Splunk HF parallel pipelines utilization

Hi, We have high-volume syslog input configured on a HF with Splunk v.7.2.5 and we started noticing TailReader-0 p...

by Path Finder in

DNS Request

Hey,I would love to get helpI want to build a query to be a rule that will monitor DNS requestsI work with two INDEXE...

by New Member in

Use _indextime for data retention policy?

Is it possible to reconfigure Splunk to use _indextime instead of _time for data retention policy?

by Explorer in

How to pause and resume the Splunk RUM agent

While monitoring Real User Monitoring, should the performance of the web application deteriorate for any reason, we w...

by New Member in

Connect HEC token to Monitoring Console

We get data in using HEC tokens, and the data is flowing just fine. But when we try to view the HTTP Event Collector ...

by Explorer in

HOW TO CALCULATE LOG SAVE ON INDEXER

Hi guys, My boss check on Splunk Master and see that, he want to know index, source, sourcetype, capacity of log/d...

by Path Finder in

Skipped Search

Hi Team, An alert is scheduled to run for every 2 hours It is getting skippedper day the alert will run - 12 times...

by Builder in

Get Updates on the Splunk Community!

Monitoring Splunk

Discussions

collect data from a folder, but it is a disk

How to index json files that or monitor json files

datamodel

Is it possible to change the color of the output in a single value visualization format (42) ?

NAS logs integrating to Splunk

How does Cluster Manager populate dmc_forwarder_assets input lookup csv table?

How to monitor a file inside docker container

How to find the count of events between the 2 Events in a day ?

How to create a diag file on Splunk cloud?

failed to read splunkforwader status after installation in linux machine what is permission command

Forwarder version in dmc_forwarder_assets lookup is updated in un unreliable way

disk space error

hosts not reporting

How to find the details from the csv file in a new field for further processing using lookup ?

Windows Server 2016 removed as of Universal Forward 9.3

Number of appserver.py processes increasing, causing OOM

Data Durability issue

I am not sure where to find performance data or which on default index it is stored in

Splunk HF parallel pipelines utilization

DNS Request

Use _indextime for data retention policy?

How to pause and resume the Splunk RUM agent

Connect HEC token to Monitoring Console

HOW TO CALCULATE LOG SAVE ON INDEXER

Skipped Search

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Splunk UBA

Talos Cisco IoCs Splunk ES

Problems with SA-Hydra

How to pause and resume the Splunk RUM agent

Logging of Restart Trigger