Monitoring Splunk

Discussions

Thread Info

Splunk search 'plan'

Is there anyway to run an sql like 'plan' on a splunk search to determine efficiency?

by Communicator in

Why is my search taking so long to run?

When I queried a new Summary Index with only 100k of events and 16MB of size, the response time of the a simple query...

by Splunk Employee in

Disable monitoring of sub directories

Hello How can I monitor the files within a directory but ignore its subdirectories? e.g. I want to monitor all ...

by Path Finder in

How can I resolve the error - "The minimum free disk space (2048MB) reached for /opt/splunk/var/run/splunk/dispatch" ?

I just upgraded to version 4.1 and I'm seeing this message in the UI. My minimum free disk space is 1GB and I haven't...

by Splunk Employee in

How many tags is too many tags?

How many tags can be created before Splunk's performance is adversely affected? And what specifcally is adversely aff...

by Contributor in

What are some searches I can run to check out the current situation with my queues?

I need some help with figuring out some potential blocked queues. What searches can be run to help me figure this out...

by Champion in

How can I control the size and number of Splunk's internal logs?

Some of our servers are running low on Disk capacity and we are concerned with splunk log files generated and stored ...

by Splunk Employee in

Put Data in Separate Index Based on Timestamp

We have Splunk as part of our default vm image but we're having some bucket issues. Initially, the time isn't set and...

by Communicator in

When should I use a FIFO for an input?

I notice there is support for fifo's as inputs. Are there any benefits to using a fifo or is it just support for thos...

by Splunk Employee in

How do I set the default PAGE, instead of just the default app?

I've followed the instructions on http://www.splunk.com/base/Documentation/4.0.9/Developer/DefaultApp to set the defa...

by Communicator in

Timestamp logic/config on forwarder or indexer?

I looked at the report for timestamping errors and found a fair amount of errors. I’ve been following the Splunk blog...

by Communicator in

ERROR SavedSplunker - No record for that user

Seeing this error in splunkd.log on a splunk indexer when running a saved search. What does it mean?

by Splunk Employee in

performance characteristics of dedup command

I'm thinking about using the DEDUP commend to solve the following problem: I have an event with an ID field and I'd l...

by Contributor in

What sort of hardware should I use for my splunk install?

I will have 100GB coming in per day, with an expectation of 20 concurrent users at any given time, with probably arou...

by Splunk Employee in

Monitoring Splunk

Discussions

Splunk search 'plan'

Why is my search taking so long to run?

Disable monitoring of sub directories

How can I resolve the error - "The minimum free disk space (2048MB) reached for /opt/splunk/var/run/splunk/dispatch" ?

How many tags is too many tags?

What are some searches I can run to check out the current situation with my queues?

How can I control the size and number of Splunk's internal logs?

Put Data in Separate Index Based on Timestamp

When should I use a FIFO for an input?

How do I set the default PAGE, instead of just the default app?

Timestamp logic/config on forwarder or indexer?

ERROR SavedSplunker - No record for that user

performance characteristics of dedup command

What sort of hardware should I use for my splunk install?

Count Field values based on different criteria

Why is scheduled searches info on DMC incorrect if...

Unix / Linux Addon

SAML error or info

Checkpoint value is changing from rising column to...