Monitoring Splunk

Discussions

Thread Info

Why receiving resource usage errors in splunkd.log "Failure getting value for disk reads"

Every minute log this message. I want to know cause of error message and know workaround. 02-27-2017 17:55:04.455 ...

by Engager in

What is the best way to measure current license usage?

While trying to root cause a huge influx of logs into my instance I noticed that querying my current license usage th...

by Explorer in

_audit index assistance

Does anyone know how to setup a stats table for the _audit with all data in that index? Mainly listing all the data i...

by Engager in

help on coalesce command with bad performances

Hi I use the function coalesce but she has very bad performances because I have to query a huge number of host (50...

by Motivator in

Monitoring a text file Issue

I am trying to extract some information from a text file. This is how my inputs.conf looks like, [monitor://C:\Tem...

by New Member in

Using python external lookup An error occurs when requesting an HTTPS website

I have a simple external lookup python script that implements a simple post request and returns the result to the spl...

by Contributor in

Getting "top 3" (Windows) processes, sorted by CPU usage, when CPU usage goes over xx%

Hello everyone, Pretty new to Splunk and, to be honest, I'm going under in work so I don't have time to work mysel...

by New Member in

O365 Audit log Data Store sizing

I am looking for a sizing calculator for dumping O365 audit logs into Splunk Siem. Such as average log size per email...

by New Member in

Configuration to achieve better performance of Splunk

I want to carry out performance monitoring of Splunk. I came across this benchmark while browsing https://docs.splunk...

by Explorer in

monitoring log truncated

We have a service where logs are truncated. Example, we have hola.log that fridays copy all content to new file hola2...

by Path Finder in

How can we measure two removed monitored files?

A customer asked to remove two monitored files, which I did today. They asked - -- Is there a way we can get th...

by Ultra Champion in

Change splunkd management port on Universal forwarder

I would like to change the splunk management port from 8089 to some higher port say 9089. What is the best way to do ...

by Path Finder in

How to Produce a Log for "Splunk Forwarder Removal"

Hello Splunkers, I would like to keep track of my machines that contain a Splunk forwarder by producing a log of t...

by Path Finder in

In Splunk, why am I getting the following error: "contains invalid UTF-8 encoding".

In the Splunk search head, while checking the Splunk status in the search head, I found the following messages contin...

by Splunk Employee in

Splunk stops randomly

I have been having issues with my splunk where the splunk service stops randomly. here are some logs from splunkd.log...

by Engager in

How do I start Splunk after it stopped responding with ERROR ProcessRunner?

I received the below error. Now, none of the Splunk start or stop commands are responding. Please let us know how we ...

by New Member in

Monitoring infraestructure

Hello splunkers, could you help me how monitoring infraestructure (machine, cpu, ram, disk usage, etc) from Hp Non St...

by Path Finder in

Is there a keep alive check for Splunkd in a load balancer environment?

Hey, How can we configure a load balancer to check that splunkd is running on a server before the load balancer fo...

by Motivator in

Which is more efficient - filldown or streamstats

... | sort _time | filldown l_lat l_lon by UID | table _time UID w_tbys w_tbyr l_lat l_lon or ... | sort _tim...

by Contributor in

Why UF consuming so much swap

Hello Trying to figure out why my UF is consuming 37GB of swap space Ran some commands and here are the results...

by Communicator in

How much disk space is included with the standard Splunk Cloud license?

We are currently considering migration to Splunk Cloud. The retention period for some of our indexes are up to 14 mon...

by Communicator in

how to get total hit count value for traffic passing through ANY ANY rule on firewall:

I have a firewall which have a rule with any as source destination and ports, I need to monitor this traffic and chec...

by Engager in

We need to give only DMC access to users from L1 team.

We need to give only DMC access to users from L1 team. We dont need the team to have admin or power role access can s...

by Path Finder in

Is it possible to devolve access to DMC to users other than admin role users?

Hi - I've been trying to test to see if it is possible to provide access to the DMC to a role outside of a Splunk Adm...

by Engager in

What could cause this type of MongoDB error

Hello, We have a splunk instance that was running fine for a month or two, after which it suddenly had a MongoDB i...

by Explorer in

Get Updates on the Splunk Community!

Monitoring Splunk

Discussions

Why receiving resource usage errors in splunkd.log "Failure getting value for disk reads"

What is the best way to measure current license usage?

_audit index assistance

help on coalesce command with bad performances

Monitoring a text file Issue

Using python external lookup An error occurs when requesting an HTTPS website

Getting "top 3" (Windows) processes, sorted by CPU usage, when CPU usage goes over xx%

O365 Audit log Data Store sizing

Configuration to achieve better performance of Splunk

monitoring log truncated

How can we measure two removed monitored files?

Change splunkd management port on Universal forwarder

How to Produce a Log for "Splunk Forwarder Removal"

In Splunk, why am I getting the following error: "contains invalid UTF-8 encoding".

Splunk stops randomly

How do I start Splunk after it stopped responding with ERROR ProcessRunner?

Monitoring infraestructure

Is there a keep alive check for Splunkd in a load balancer environment?

Which is more efficient - filldown or streamstats

Why UF consuming so much swap

How much disk space is included with the standard Splunk Cloud license?

how to get total hit count value for traffic passing through ANY ANY rule on firewall:

We need to give only DMC access to users from L1 team.

Is it possible to devolve access to DMC to users other than admin role users?

What could cause this type of MongoDB error

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

alert action email with empty attachment

MSSP reporting

Splunk UBA

Talos Cisco IoCs Splunk ES

Problems with SA-Hydra

Monitoring Splunk

Are you a member of the Splunk Community?

Discussions