Monitoring Splunk

Community Activity

Which file type consumes the most data? I'm curious, which file type within an index bucket is largest? I'm getting conflicting responses. Some say the .ts... by itsmevic Communicator in Monitoring Splunk 11-01-2019 0 1	0	1
Log sent to port 514 not appearing I configured my application to log to Splunk, I see the package arriving in wirehark but it does not appear in wiresh... by toledotiago Explorer in Monitoring Splunk 10-30-2019 0 1	0	1
How do I get started monitoring system health on Splunk Cloud? We just got Splunk Cloud up and running, and I'd like some tips on how to tell if it's healthy and to troubleshoot pr... by jmulcaster_splu Splunk Employee in Monitoring Splunk 10-22-2019 0 3	0	3
Way to monitor splunkforwarder How would I monitor splunkforwarder traffic output to indexers from the splunkforwarder? Have the target indexer lis... by virginiatech199 Explorer in Monitoring Splunk 10-22-2019 0 3	0	3
Setting up Multisite Cluster, why can't Cluster Peers (indexers) start? Obviously, this is a complex task, please only respond if you have high confidence in the nature of the error I'm rec... by adamsmith47 Communicator in Monitoring Splunk 10-21-2019 1 4	1	4
How do I get started monitoring system health on Splunk Enterprise? We just got Splunk Enterprise up and running, and I'd like some tips on how to tell if it's healthy. Can you get me s... by jmulcaster_splu Splunk Employee in Monitoring Splunk 10-21-2019 1 8	1	8
License Usage per sourcetype i use the below search to calculate the license usage per sourcetype : index=_internal source="/opt/splunk/var/log/s... by m87 New Member in Monitoring Splunk 10-18-2019 0 2	0	2
JSON extracting multiple times? I have HeavyForwarder monitoring jason data. i am getting JSON extraction normal on HF. But if i search for same dat... by vinayakwagh Explorer in Monitoring Splunk 10-17-2019 0 10	0	10
Solarwinds Orion and Splunk Is there any kind of integration for Solarwinds and Splunk? I want Splunk to monitor Solarwinds. by tmontney Builder in Monitoring Splunk 10-16-2019 1 10	1	10
Splunk Memory Crash Hi Team, A crash is reported to Splunk from NSFileHandleOperationException Class and in SSMemoryInfo inactiveMemory: ... by srajavel New Member in Monitoring Splunk 10-16-2019 0 1	0	1
How to ignore writing a repeat message to splunkd.log Is there a method to ignore/exclude logging in splunkd.log for a particular event (similar to the nullQueue redirect ... by jsmithn Path Finder in Monitoring Splunk 10-15-2019 0 0	0	0
F5 Load balancer - Pool member health monitor Hi Team we're planning to use F5 in front of Splunk search cluster. and cluster has 5 search heads. Now F5 team has ... by maniu1609 Path Finder in Monitoring Splunk 10-13-2019 0 3	0	3
What are the possible causes for the marked sign? I am logged in an indexer and getting red marked sign along with Administrator tab at web panel(port:8000). What are... by vinitnitdgp Engager in Monitoring Splunk 10-10-2019 0 2	0	2
What is the splunk query to display disk space utilized by each app in splunk I tried to use this query - index=_internal metrics kb group=per_sourcetype_thruput \| eval sizeMB = round(kb/1024,2)\|... by monyathomas New Member in Monitoring Splunk 10-04-2019 0 1	0	1
How to monitor only new data from logfiles We are trying to monitor a logfile which behaves like a rolling logfile (?). Except, it doesn't create new file but i... by roelscholte New Member in Monitoring Splunk 10-04-2019 0 2	0	2
high usage of physical memory on indexers Hello, We are having high usage of memory usage on all of our indexers and most of it is cached memory. can we clear ... by sathwikr076 Communicator in Monitoring Splunk 10-03-2019 0 6	0	6
ERROR Archiver - Unable to write due to: No space left on device I am trying to troubleshoot an issue with a clustered search head restarting itself and came across an error message ... by michaelbang1 New Member in Monitoring Splunk 10-01-2019 0 7	0	7
Is there a better way to improve performance using tstats when I need two aggregations and first aggregation returns ~10 million events at high cardinality. We have a data model which has following fields - Source IpAddress FileName FileVersion Flag _timeS1 IP1 File1 FileVe... by ranurag Engager in Monitoring Splunk 09-30-2019 0 0	0	0
In Splunk Enterprise 7.2, Can you help me clear the Splunkd Health Report feature? I love this feature in 7.2. The icon up front helped me find and fix a serious ingest issue I was otherwise blissfull... by AzJimbo Path Finder in Monitoring Splunk 09-30-2019 2 4	2	4
How to detect webshell via splunk Hi, I would like to know how I can detect a webshell via Splunk. I hope there is a doc that can help me to write a... by ad761 New Member in Monitoring Splunk 09-29-2019 0 1	0	1
Splunk Indexers Physicial memory usage high Hi , I am currently experiencing high memory usage on my indexers when i saw the memory usage , i saw a high amount o... by ram254481493 Explorer in Monitoring Splunk 09-27-2019 0 1	0	1
Monitor the count of columns generated by solutionType=* \| splunk reports I would like to track count of the all the below splunk search query columns. if any "solutionType" is appended or de... by harkirat9712 Explorer in Monitoring Splunk 09-23-2019 0 1	0	1
Search killing _audit Our _audit file keeps growing and growing. We have identified what is filling it up but cannot figure out what is ca... by tsheets13 Communicator in Monitoring Splunk 09-18-2019 0 6	0	6
Problem running Splunk as service from Docker stack or compose file We are preparing a Docker-based Monitoring Stack and would like to include Splunk as the optional feature: https://ag... by aradosz79 New Member in Monitoring Splunk 09-17-2019 0 2	0	2
Ingesting data from a Riverbed stealhead WAN optimizer device for network monitoring Hi , I have a requirement to monitor the network slowness by monitoring the riverbed Stealhead WAN optimizer device.... by ashrafk Explorer in Monitoring Splunk 09-13-2019 0 0	0	0