Monitoring Splunk

Ask a Question

Discussions

Thread Info

what is connection between forwarder and DS

We noticed that a host "1234" is not longer connecting with the DS. What does this mean? What would be the imp...

by Path Finder in

Storage issues on indexer

Is it normal to have colddb > db? 4.0K thaweddb20M summary4.2G datamodel_summary9.8G db59G col...

by Path Finder in

Universal Forwarder audit logs not going to Splunk Cloud

Hi, I'm having an issue where my Splunk audit.log from the UF is not being forwarded to my Splunk Cloud instance. My ...

by Explorer in

フォワーダー管理のクライアントの追加方法について

お世話になります。標題について質問させてください。デプロイサーバ(Splunk Enterprize7.3.3 windows64bit)からデプロイクライアント(Universal Forwarder7.3.3 wind...

by New Member in

Can we be alerted when a field extraction fails because of depth_limit ?

Hello everyone, We have configured some automatic field extractions using regular expressions on some logs that can...

by Path Finder in

Splunk server crush

We had our Splunk server stopping by itself two days in a row. I am trying to find the reason but I cannot find any...

by Path Finder in

F5 analytics not in splunk

Hi All, I have setup F5 iApp to push analytics data to Splunk and could see splunk accepting data from tcp dumps on...

by New Member in

KVStore Process Terminated

Splunk installed on windows server, getting the following errors in web UI: KV Store process terminated abnorm...

by New Member in

How to free space on /opt/splunkcolddata ?

Hi, Please suggest me, Methods for freeing some space on /opt/splunkcolddata on indexer. how to reduce the retent...

by Path Finder in

How to make my computer (with splunk) receive data from another computer on the same network in real time?

I'm trying to receive all the behaviour from a computer in real time, and receive the data in my other computer that ...

by Explorer in

Add sourcetype to DNS and Netflow License

We have a license for only DNS and Netflow data sources. Is their a way to edit the license to allow additional sourc...

by New Member in

AWS Missing feeds

Hi All, I am in the process of creating an app for AWS sources and one of the objectives is to alert when an accoun...

by Explorer in

How to setup DMC through CLI?

Is it possible to setup the DMC to distrubuted mode through the CLI? How could this be achieved?

by Explorer in

How to resolve error when Splunkd intermittently crashes while streaming telemetry data on Universal Forwarder: "ProcessRunner: No such file or directory"?

Hello! I’m working on streaming telemetry data to Splunk. I use Splunk Universal Forwarder v7 x86_64 to capture an...

by Engager in

Authentication error when trying to configure Splunk with Azure AD for SAML: "Your network connection may have been lost or Splunk may be down.”

Hi Team, We are trying to integrate Splunk with Azure AD for SAML authentication. However, whenever we try to u...

by Communicator in

how can we get Splunk license % usage data over long period of time? (>60 days)

how can we get Splunk license % usage data over long period of time? The following query only gives us last 2 months ...

by Splunk Employee in

Has anyone seen this Error message: Monotonic time source didn't increase; is it stuck?

Since we've upgraded to 7.0 we're seeing this particular error show up in the logs: 10-17-2017 11:30:30.772 -0600 ...

by Explorer in

UF restarts due to TcpOutputProc issue

Hi - having issues with a Windows UF we are having to restart circa weekly to clear the issue below which happens at ...

by New Member in

Splunk Crashing with ExceptionCode: c0000005 (Access violation)

I'm seeing Splunk Enterprise Version 8.0.2 Build a7f645ddaf91 running Windows Server 2019, build 17763.1217.Individua...

by New Member in

How to expand disk space on indexer in Azure

Hi guys , I want to expand disk space for indexer hosted on Azure as VM and its an indexer cluster which completel...

by Loves-to-Learn Lots in

How to get to know peer down time with SPL?

Hi Guru! (I edited) I have indexer cluster and one search head. I do not use monitoring console. One of peer nodes...

by Path Finder in

Is AutoCAD device can be monitored via Splunk ?

Hi All, Today I had a question from my customer, that he wants to monitor the bunch of software running in his env...

by Motivator in

How can I generate a search which uses lots of memory?

We are about to enable the enable_memory_tracker feature. We'll use - enable_memory_tracker = true search_proc...

by Motivator in

tstats command consumes a lot of IO and runs for 20 minutes

I'm running this query to get average event counts per day by index. When I run this, each site does an aggregate 2.5...

by Explorer in

Incorrect Path to Script, but Path doesn't exist

I'm trying to bring in new data to my Splunk standalone and getting this error in the _internal logs Incorrect path t...

by Path Finder in

Get Updates on the Splunk Community!

Monitoring Splunk

Discussions

what is connection between forwarder and DS

Storage issues on indexer

Universal Forwarder audit logs not going to Splunk Cloud

フォワーダー管理のクライアントの追加方法について

Can we be alerted when a field extraction fails because of depth_limit ?

Splunk server crush

F5 analytics not in splunk

KVStore Process Terminated

How to free space on /opt/splunkcolddata ?

How to make my computer (with splunk) receive data from another computer on the same network in real time?

Add sourcetype to DNS and Netflow License

AWS Missing feeds

How to setup DMC through CLI?

How to resolve error when Splunkd intermittently crashes while streaming telemetry data on Universal Forwarder: "ProcessRunner: No such file or directory"?

Authentication error when trying to configure Splunk with Azure AD for SAML: "Your network connection may have been lost or Splunk may be down.”

how can we get Splunk license % usage data over long period of time? (>60 days)

Has anyone seen this Error message: Monotonic time source didn't increase; is it stuck?

UF restarts due to TcpOutputProc issue

Splunk Crashing with ExceptionCode: c0000005 (Access violation)

How to expand disk space on indexer in Azure

How to get to know peer down time with SPL?

Is AutoCAD device can be monitored via Splunk ?

How can I generate a search which uses lots of memory?

tstats command consumes a lot of IO and runs for 20 minutes

Incorrect Path to Script, but Path doesn't exist

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

Splunk UBA

Talos Cisco IoCs Splunk ES

Problems with SA-Hydra

How to pause and resume the Splunk RUM agent

Logging of Restart Trigger