Monitoring Splunk

Thread Info

How can I calculate the average duration between changes of two fields / events?

Hi  My base search looks like this: I used | dedup RobotSubState for this screenshot. In reality, every 1 se...

by Path Finder in

Should our two multisite clusters have distinct site numbers?

We have our original multisite cluster with site1 and site2. It will be decommissioned in 6 months when all of its in...

by Motivator in

Can you help me with the following error that showed up after restarting the server: "Could not create path D:\Splunk\cisco\db appearing in indexes.conf: 3"

I restarted my server, and the Splunk web GUI didn't load up. My other servers and search heads load up, just not thi...

by Communicator in

Login Attempts And Lockout Status

Hello Community, I'm new to splunk and couldn't seem to find an answer to my question. I'm currently running a Sp...

by Engager in

Is it normal for Splunkd to attempt to terminate the McAfee Processes?

Hello, I'm using McAfee VirusScan Enterprise and Host Intrusion Prevention (HIPS), and HIPS is reporting that Splu...

by Explorer in

How to restrict time range picker to specific period for search?

Hello Team, Here, I want some way to restrict events to search more than a specific period. eg. user can only sel...

by SplunkTrust in

Splunk - JSON Parsing error

Hi All, I'm a newbie to the Splunk world! I'm monitoring a path which point to a JSON file, the inputs.conf has...

by Path Finder in

How to pull logs from Symantec Protection Engine?

Can we pull the logs from Splunk end instead of sending them from Symantec Protection Engine using a third party tool...

by Engager in

While running the rebalance command on an indexer cluster, it is possible to improve performance?

We recently resized our indexer cluster from a 3 node to a 4 node. We've ran the "rebalance" command from the master ...

by Communicator in

Can we improve on a standard index=index_name sourcetype=*prod | stats query?

We have this standard query - index=<index name> sourcetype=*prod clientID=*aaa OR clientID=bbbb OR clientID=*ccc ...

by Ultra Champion in

Errors when monitoring core log in symlink

we are using 6.5.2 Enterprise> On new search heads, the core logs have been moved to a symlink: ls -l /opt/splunk/var...

by Communicator in

Can you help me with the time series data and axis behavior on a chart?

I have a chart that shows a time series, for example, let's say it's the # of donuts sold by noon every day for a mon...

by Path Finder in

Displaying real-time values with an auto-fresh rate of 0.1sec.

Is it possible to display real-time values with an auto-refresh rate of 0.1sec on a timechart/single-value display? ...

by Explorer in

How to Calculate Splunk Organic Growth

Regards, I am making a plan for organic splunk growth for the next year. The main question is: How to calculate...

by Path Finder in

Can you help me with my subsearch?

Hello I tried to combine the first query (before | append) with the subsearch ( [ search index=.........) but it d...

by Motivator in

Local data added in splunk server getting deleted

Hi, I have uploaded 15 csv files in splunk from local by Add data option and view in the search. After some da...

by Path Finder in

How to get ASCII log file to ingest as plain text from windows 2016 server

We are trying to ingest Peregrine logs for Asset Manager and we can open the log file up on the windows server and it...

by New Member in

How come the CPU utilization of one indexer is always higher than those of our other indexers?

Hello, We have a non-clustered indexer environment. We have one indexer (blue line) that is always well above the ...

by Path Finder in

Join time from a CSV file, and an index summary

How do I join the time field with a different field name from a CSV lookup file, with the time field specified in an ...

by Engager in

Could receiver automaticlly make prediction when the data is uploading from forwarder?

Hi All, I have used Splunk Machine Learning Toolkit. I have a learned model, and I could use it to predict with ne...

by Explorer in

For the Indexer Capacity Planning phase of upgrading our Splunk instance, where can I find what impact running searches will have on indexer performance?

Indexer Capacity Planning - linking indexing and search performance: how does one effect the office? I'm attemptin...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Monitoring Splunk

Discussions

How can I calculate the average duration between changes of two fields / events?

Should our two multisite clusters have distinct site numbers?

Can you help me with the following error that showed up after restarting the server: "Could not create path D:\Splunk\cisco\db appearing in indexes.conf: 3"

Login Attempts And Lockout Status

Is it normal for Splunkd to attempt to terminate the McAfee Processes?

How to restrict time range picker to specific period for search?

Splunk - JSON Parsing error

How to pull logs from Symantec Protection Engine?

While running the rebalance command on an indexer cluster, it is possible to improve performance?

Can we improve on a standard index=index_name sourcetype=*prod | stats query?

Errors when monitoring core log in symlink

Can you help me with the time series data and axis behavior on a chart?

Displaying real-time values with an auto-fresh rate of 0.1sec.

How to Calculate Splunk Organic Growth

Can you help me with my subsearch?

Local data added in splunk server getting deleted

How to get ASCII log file to ingest as plain text from windows 2016 server

How come the CPU utilization of one indexer is always higher than those of our other indexers?

Join time from a CSV file, and an index summary

Could receiver automaticlly make prediction when the data is uploading from forwarder?

For the Indexer Capacity Planning phase of upgrading our Splunk instance, where can I find what impact running searches will have on indexer performance?

How come Splunkd is crashing whenever I try to install an app using the Splunk user interface?

Website Monitoring App - No Data After Changing URLs

Windows Print Monitoring on a clustered print server not working

How can I view the monitoring console if I've been given the .pem file and the jumpbox ip address?

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I

MSSP reporting

Splunk UBA

Talos Cisco IoCs Splunk ES

Problems with SA-Hydra

How to pause and resume the Splunk RUM agent

Monitoring Splunk

Are you a member of the Splunk Community?

Discussions