Monitoring Splunk

Discussions

Thread Info

Feature request: fsck repair indexes performance

Hi, I think more than me experience repairing corrupted indexes take long time. At least in my environment with a ...

by Explorer in

monitored drafted mail

We are using Zimbra as our private mail server. We are monitoring the logs of this server. How can I see if someone h...

by Explorer in

Unable to get the perfmon logs from Windows Universal Forwarder

I am using universal forwarder and unable to get the metrics to the Splunk dashboard. we need some help in fixing...

by Splunk Employee in

What could be the reason for a spike in CPU Usage in some indexers in a clustered environment?

Hi, I have a clustered environment and it runs smoothly, but sometimes, I see a spike in CPU Usage in some of the ...

by Builder in

Can you help us with a Splunk Root user Issue?

Hi Splunkers, Last week, one of our search head went down and we tried to restart the server. We have done some t...

by Path Finder in

How do you parse the following JSON data?

Hi, I want to parse below json data .Below is one sample event- Objabco.codecnullavro.schema�{"type":"record","nam...

by Builder in

Can you help me remove some unnecessary values in a field?

Hello Folks, I'm struck with removing result fields unnecessary values: ex: src domain (1)www(2)google(...

by Explorer in

Can you help us find web GUI log in attempts from index=_audit?

Hi, We're looking for web GUI log in attempts from index=_audit. Note that for event like following: Audit:[tim...

by Communicator in

Monitoring Remote log via file share but have \x00\

usually the first few line have issue, i suspect the application still writing the log file but splunk already try to...

by New Member in

How do I search results that depend on the subsearch being empty?

Hello, I have following search: index=mlbso sourcetype=BWP_hanatraces earliest=1543313122.531 latest=1543313122...

by Builder in

How can we handle under spec search heads?

Most of our Search Heads are of 252 GBs of RAM but there are some old VMs with 48 GBs of RAM. These ones have been un...

by Ultra Champion in

Has anyone brought Prometheus data into Splunk?

Hey there, our private cloud team currently uses Prometheus to monitor system level data. I was wondering if anyone h...

by Builder in

How can I calculate the average duration between changes of two fields / events?

Hi  My base search looks like this: I used | dedup RobotSubState for this screenshot. In reality, every 1 se...

by Path Finder in

Should our two multisite clusters have distinct site numbers?

We have our original multisite cluster with site1 and site2. It will be decommissioned in 6 months when all of its in...

by Motivator in

Can you help me with the following error that showed up after restarting the server: "Could not create path D:\Splunk\cisco\db appearing in indexes.conf: 3"

I restarted my server, and the Splunk web GUI didn't load up. My other servers and search heads load up, just not thi...

by Communicator in

Login Attempts And Lockout Status

Hello Community, I'm new to splunk and couldn't seem to find an answer to my question. I'm currently running a Sp...

by Engager in

Is it normal for Splunkd to attempt to terminate the McAfee Processes?

Hello, I'm using McAfee VirusScan Enterprise and Host Intrusion Prevention (HIPS), and HIPS is reporting that Splu...

by Explorer in

How to restrict time range picker to specific period for search?

Hello Team, Here, I want some way to restrict events to search more than a specific period. eg. user can only sel...

by SplunkTrust in

Splunk - JSON Parsing error

Hi All, I'm a newbie to the Splunk world! I'm monitoring a path which point to a JSON file, the inputs.conf has...

by Path Finder in

How to pull logs from Symantec Protection Engine?

Can we pull the logs from Splunk end instead of sending them from Symantec Protection Engine using a third party tool...

by Engager in

While running the rebalance command on an indexer cluster, it is possible to improve performance?

We recently resized our indexer cluster from a 3 node to a 4 node. We've ran the "rebalance" command from the master ...

by Communicator in

Can we improve on a standard index=index_name sourcetype=*prod | stats query?

We have this standard query - index=<index name> sourcetype=*prod clientID=*aaa OR clientID=bbbb OR clientID=*ccc ...

by Ultra Champion in

Errors when monitoring core log in symlink

we are using 6.5.2 Enterprise> On new search heads, the core logs have been moved to a symlink: ls -l /opt/splunk/var...

by Communicator in

Can you help me with the time series data and axis behavior on a chart?

I have a chart that shows a time series, for example, let's say it's the # of donuts sold by noon every day for a mon...

by Path Finder in

Displaying real-time values with an auto-fresh rate of 0.1sec.

Is it possible to display real-time values with an auto-refresh rate of 0.1sec on a timechart/single-value display? ...

by Explorer in

Get Updates on the Splunk Community!

Monitoring Splunk

Discussions

Feature request: fsck repair indexes performance

monitored drafted mail

Unable to get the perfmon logs from Windows Universal Forwarder

What could be the reason for a spike in CPU Usage in some indexers in a clustered environment?

Can you help us with a Splunk Root user Issue?

How do you parse the following JSON data?

Can you help me remove some unnecessary values in a field?

Can you help us find web GUI log in attempts from index=_audit?

Monitoring Remote log via file share but have \x00\

How do I search results that depend on the subsearch being empty?

How can we handle under spec search heads?

Has anyone brought Prometheus data into Splunk?

How can I calculate the average duration between changes of two fields / events?

Should our two multisite clusters have distinct site numbers?

Can you help me with the following error that showed up after restarting the server: "Could not create path D:\Splunk\cisco\db appearing in indexes.conf: 3"

Login Attempts And Lockout Status

Is it normal for Splunkd to attempt to terminate the McAfee Processes?

How to restrict time range picker to specific period for search?

Splunk - JSON Parsing error

How to pull logs from Symantec Protection Engine?

While running the rebalance command on an indexer cluster, it is possible to improve performance?

Can we improve on a standard index=index_name sourcetype=*prod | stats query?

Errors when monitoring core log in symlink

Can you help me with the time series data and axis behavior on a chart?

Displaying real-time values with an auto-fresh rate of 0.1sec.

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

alert action email with empty attachment

MSSP reporting

Splunk UBA

Talos Cisco IoCs Splunk ES

Problems with SA-Hydra

Monitoring Splunk

Are you a member of the Splunk Community?

Discussions