Monitoring Splunk

Thread Info

Would like to build basic dashboards showing graphs based on the contents of monitored logs on macOS

However, so far, I can't derive anything meaningful for building the dashboards. I would like to set Splunk to moni...

by Explorer in

Count Field values based on different criteria

Hello Guys! Thank you in advance for your help , My data: Events that contain a field named SEGT which may be empty...

by Communicator in

How to search for broken Splunk forwarders or Indexers without using a .conf file

by Builder in

Monitoring Console shows all SHC members with the same instance name

Hello All I added our ES SHC to our monitoring console and the instance(host) name is all the same for all 3 se...

by Contributor in

What do you consider Splunk Enterprise & Splunk ES' Heart beats that one should check daily?

by Builder in

Steps for checking replication working between Indexers. Please help with a SPL

I need to check making sure Replication is taking place between my indexers & if any one is not calling in to Splunk ...

by Builder in

Finding a list of hosts that have not reported in, in a week

How to find a list of hosts that have not reported in, in a week. I tried the following but not producing any results...

by Builder in

How do I find the disk utilization on all my indexes

How do I find the disk utilization on all my indexes. How do I write an alert for each going over a certain amount?

by Builder in

How to setup / migrate a few Web server logs into Splunk

How to setup / migrate a few Web server logs into Splunk. I need to set Splunk to ingest some web server logs into Sp...

by Builder in

How do I find a missing forwarder Monitoring console reports & fixing the issue?

How do I find a missing forwarder Monitoring console reports & fixing the issue? I select the item in monitoring cons...

by Builder in

How do I put Splunk Cluster Master in a maintenance mode? Is via CLI the only way?

How do I put Cluster Master in a maintenance mode? Can it be done via GUI ? Or have to be done via CLI cli only?

by Builder in

A few critical checks on Splunk Enterprise & ES daily, making sure they are healthy

What are a few critical daily checks early in the day making sure the Splunk Enterprise & ES are healthy & functionin...

by Builder in

poor performance for metrics index

Hi everybody we are seeing bad performances in metrics indexes searches, in particular when a "group by" clause is ...

by Observer in

Need Rest and Soap reponse time from HA proxy logs

Mar 8 05:53:40 localhost haproxy[1668]: IP:port[08/Mar/2021:05:53:39.081] abc soap_services/soap-hostname-5000 0/0/0/...

by Explorer in

Rex for https status code, response time and url list

I have below HTTP events where in I am trying to extract status code, response time and URL. I am using the following...

by Explorer in

Statistics table does not show results for valid search

I set up a flexible Splunk dashboard that responds to 4 custom input fields: 1. clientType (text) 2. region (text...

by Explorer in

How do I check to see if all my Indexers are healthy & universal & heavy forwarders are healthy & reporting in?

by Builder in

Checkpoint value is changing from rising column to some different column

Hi, Initially I was using rising column as datetime but there was some data loss.. i.e. not every data was dumping ...

by Explorer in

Unix / Linux Addon

Hello, in many linux versions the comman netstat is now deprecated. Now you have the problem to use the sourcetype ...

by Engager in

Query to get average memory usage in linux

Hi, I need help in finding the average memory usage of 100+ linux server. we dont have permon in splunk so i cant u...

by Engager in

Why is scheduled searches info on DMC incorrect if the saved search are sharing in App?

Hi All, I have two saved search ; report1, which is shared in app and report3, which is private. Owner of two saved...

by Path Finder in

Distributed Management Console Topology Screen: Why does it say my instances are unreachable? They really are up and being searched.

The two indexers are functioning normally according to everything I see, so I don't understand what the DMC thinks is...

by Motivator in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Monitoring Splunk

Discussions

Would like to build basic dashboards showing graphs based on the contents of monitored logs on macOS

Count Field values based on different criteria

How to search for broken Splunk forwarders or Indexers without using a .conf file

Monitoring Console shows all SHC members with the same instance name

What do you consider Splunk Enterprise & Splunk ES' Heart beats that one should check daily?

Steps for checking replication working between Indexers. Please help with a SPL

Finding a list of hosts that have not reported in, in a week

How do I find the disk utilization on all my indexes

How to setup / migrate a few Web server logs into Splunk

How do I find a missing forwarder Monitoring console reports & fixing the issue?

How do I put Splunk Cluster Master in a maintenance mode? Is via CLI the only way?

A few critical checks on Splunk Enterprise & ES daily, making sure they are healthy

poor performance for metrics index

Need Rest and Soap reponse time from HA proxy logs

Rex for https status code, response time and url list

Statistics table does not show results for valid search

How do I check to see if all my Indexers are healthy & universal & heavy forwarders are healthy & reporting in?

Checkpoint value is changing from rising column to some different column

Unix / Linux Addon

Query to get average memory usage in linux

Why is scheduled searches info on DMC incorrect if the saved search are sharing in App?

Distributed Management Console Topology Screen: Why does it say my instances are unreachable? They really are up and being searched.

Dashboard

License Usage for the last 30 days

Getting "DMC Alert - Near Critical Disk Usage"

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

MSSP reporting

Splunk UBA

Talos Cisco IoCs Splunk ES

Problems with SA-Hydra

How to pause and resume the Splunk RUM agent

Monitoring Splunk

Are you a member of the Splunk Community?

Discussions