Monitoring Splunk

Community Activity

High swap space observed in HF ? We are getting alert from our LInux team stating high swap space observed for splunkd process on the Heavy forwarder ... by narisree1 Loves-to-Learn Everything in Monitoring Splunk 10-21-2020 0 2	0	2
HHow to restore the corrupted buckets I have a issue with one index in which the bucket is corrupted and I lost logs from this index for a period of time.... by msplunk33 Path Finder in Monitoring Splunk 10-18-2020 0 5	0	5
splunk: Invalid key in stanza Hi guys, when I restart my splunkd on the HF I see this error in the logs message: splunk: Invalid key in stanza [duo... by franciscof Explorer in Monitoring Splunk 10-16-2020 0 1	0	1
mgmt port is not working Hi, when I try to access the mgmt port on the browser it's not accessible. I have enabled SSL , so i removed SSL... by ajaykumar_s_123 Observer in Monitoring Splunk 10-15-2020 0 0	0	0
Splunk Disk Reporting Incorrect Hi all,I am running a Splunk 7.3.0 distributed / clustered environment and I have noticed that the DMC is reporting t... by trevor_dunstan8 Explorer in Monitoring Splunk 10-14-2020 0 3	0	3
Splunk index server CPU exceeds 97 %. How can I toubleshoot My indexer server CPU usage going more than 97%. How can I troubleshoot using Splunk query. by msplunk33 Path Finder in Monitoring Splunk 10-11-2020 0 2	0	2
The index processor has paused data flow After a hardware failure was resolved, I attempted to start splunk again...but I am now getting this error"The index ... by rgarcia Engager in Monitoring Splunk 10-08-2020 0 2	0	2
How to restrict user so that they will not be able to search with "All time" Time filter and real time searches Hi Team,We are experiencing frequent high CPU usage on Indexers and it seems like the huge factor of it are from sear... by jaracan Communicator in Monitoring Splunk 10-07-2020 0 3	0	3
Smartstore S3 data retention period Hello fellow Splunkers,I have 2 questions regarding Splunk Smartstore's cachemanager:1. How do I make sure that my ca... by mufthmu Path Finder in Monitoring Splunk 10-07-2020 0 1	0	1
How can I analyse splunk diag file unix UF I am new to splunk. I received a splunk diag file for a UF. How can I open and analysis the splunk diag file. Do I n... by msplunk33 Path Finder in Monitoring Splunk 10-05-2020 1 1	1	1
Splunk Active Directory Logs Hi Splunkers,With the Splunk Active Directory logs, Splunk parses the event as though there's no difference between ... by revanthammineni Path Finder in Monitoring Splunk 10-05-2020 0 1	0	1
Splunk AD logs Hello Dear Splunkers,Hope you're doing good! My organization has over 20k servers including Windows and Linux. We hav... by revanthammineni Path Finder in Monitoring Splunk 10-05-2020 0 1	0	1
Log keeps sending to index=main Hello, I been trying to figure this out for the past 2 days now and I cannot seem to find which config file is making... by splunktrainingu Communicator in Monitoring Splunk 10-02-2020 1 3	1	3
License Usage of previously indexed data Hi, I am trying to calculate the license used by one of my index which is not in use now (meaning we stopped sending... by Navanitha Path Finder in Monitoring Splunk 10-01-2020 0 3	0	3
Estimating Cost By Sourcetype All, Just trying to get a swag of cost by sourcetype. I wrote this search, but seems to me there is a more cost effe... by daniel333 Builder in Monitoring Splunk 09-30-2020 1 2	1	2
I just setup a search head deployer in docker and i am getting the below error on all three search heads. 10-17-2018 03:54:47.137 +0000 WARN ConfReplication - downloadDeployableApps: Got zero-size baseline configuration 10-... by enmanu New Member in Monitoring Splunk 09-30-2020 0 5	0	5
Is it possible to retrieve and monitor hardware status using Cisco? I'm new to Splunk and would like to know if it's possible to retrieve and monitor hardware status. When I search the ... by FinnHatlen Engager in Monitoring Splunk 09-30-2020 0 0	0	0
List correlation searches which did not trigger a notable in past X days Hi,I have a list of all notable events which triggered in X days using this SPL: index=notable search_name="*Rule" or... by fedejko Explorer in Monitoring Splunk 09-30-2020 0 2	0	2
In Metrics.log group=searchscheduler what is the meaning of the "eligible" metric? In Splunk Enterprise when looking at the metrics.log with the searchscheduler group there is a metric for "eligible" ... by fwump38 New Member in Monitoring Splunk 09-29-2020 0 1	0	1
Splunk UF monitoring Hello Splunkers,Is there any way to identify from which source the logs are not getting forwarded??For example: if we... by jonwick Path Finder in Monitoring Splunk 09-29-2020 0 7	0	7
Health Check for UF As a part of Health Check of UF, which information I need check as a part of scheduled search, apart from to verify w... by jonwick Path Finder in Monitoring Splunk 09-28-2020 0 1	0	1
Internal logs Suffice Deployment Monitor Console ? Hi Splunkers,I'm fetching only internal logs for UF in my single box of Splunk Enterprise which acts as search head ... by jonwick Path Finder in Monitoring Splunk 09-28-2020 0 1	0	1
Dropping events possible reasons? Can anyone enlist possible reasons when UF may drop events?There may be many situations, but some known reasons came ... by hectorvp Communicator in Monitoring Splunk 09-28-2020 0 3	0	3
Collect jemalloc heap data to troubleshoot high memory growth contributed by search process Splunk search process is consuming high memory causing splunkd to crash. How to collect jemalloc heap data for Splunk... by keio_splunk Splunk Employee in Monitoring Splunk 09-28-2020 0 1	0	1
UF queues when Indexer down. Incase indexer is down or has slow speed for writing events in a disk,I guess in these cases UFs parsing queue and ou... by hectorvp Communicator in Monitoring Splunk 09-28-2020 0 1	0	1

Get Updates on the Splunk Community!

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...

Monitoring Splunk

High swap space observed in HF ?

HHow to restore the corrupted buckets

splunk: Invalid key in stanza

mgmt port is not working

Splunk Disk Reporting Incorrect

Splunk index server CPU exceeds 97 %. How can I toubleshoot

The index processor has paused data flow

How to restrict user so that they will not be able to search with "All time" Time filter and real time searches

Smartstore S3 data retention period

How can I analyse splunk diag file unix UF

Splunk Active Directory Logs

Splunk AD logs

Log keeps sending to index=main

License Usage of previously indexed data

Estimating Cost By Sourcetype

I just setup a search head deployer in docker and i am getting the below error on all three search heads.

Is it possible to retrieve and monitor hardware status using Cisco?

List correlation searches which did not trigger a notable in past X days

In Metrics.log group=searchscheduler what is the meaning of the "eligible" metric?

Splunk UF monitoring

Health Check for UF

Internal logs Suffice Deployment Monitor Console ?

Dropping events possible reasons?

Collect jemalloc heap data to troubleshoot high memory growth contributed by search process

UF queues when Indexer down.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

how to find hiding host in Splunk o11y Infra monit...

alert action email with empty attachment

MSSP reporting

Splunk UBA

Talos Cisco IoCs Splunk ES

Monitoring Splunk

Join the Conversation