Monitoring Splunk

Start a Conversation

Discussions

Start a Conversation

Thread Info

Unknown Protocol and failed to establish connection with kvstore

mongod.log is being spammed with unknown protocol messages. this message rolls from server to server we have this ...

by Path Finder in

How to calculate the top 5 license usage by indexes (Average value) for the last 30 days?

Hi, I would like to calculate the average of top 5 indexes by license usage for the last 30 days. Note: there is a s...

by New Member in

eval - Error in 'eval' command: The expression is malformed. Expected ).

index=abc123 | eval app=case(application==Application_1,"app_id_1",application==Application_2,"app_id_2") | stats cou...

by New Member in

How much CPU and RAM to allocate to SPLUNK VM which is indexing 25GB per day?

Hi, I need to index 25GB per day to the SPLUNK machine. I am not pretty sure as what exactly the size of CPU and R...

by Explorer in

If I wanted to continuesly monitor HTTP get request to a particular web server, how would I go about doing this?

So from what I know, I would have to add data to splunk. I know where to go to do this, but I am not sure what to put...

by New Member in

Persisting the health of a server using the events fired from windows event logs or some other monitoring tool

Hi Experts, We have a search which checks for critical windows event logs on a windows box which decide the health...

by Contributor in

AWS ECS Logs in Splunk

Hello Folks, I am trying to send logs from ECS to Splunk and I have followed everything in this blog https://www.s...

by New Member in

Splunk Windows directory monitoring results in 30x "logfile size" to "data indexed" volume

Summary For monitoring Windows directories, Splunk is reporting roughly 30 times the index volume versus the actua...

by Engager in

Why is my Splunk instance not starting and crashing with crash logs?

My splunk instance keeps on crashing it's not even starting. Whenever "splunk start" is entered it creates crash logs...

by Splunk Employee in

not monitored similer name local files on windows

My logs files are having named as "xxxx*.log.2018-06-27, xxxx*.log.2018-06-26, xxxx*.log.2018....." it differntiate w...

by Contributor in

Why am I getting an error while creating a new app "ERROR SearchPhaseGenerator :Fallback to two phase search failed:Error in 'script'"?

I have created a basic helloworld app but it is giving error Please see below the log 07-31-2018 03:36:25.484 ...

by Explorer in

Lexmark Event Logging Message Reference

Hi, i am currently looking for a Lexmark Event Logging Message Reference as i am currently working on Live Logging fr...

by New Member in

Monitor splunk file after restart

On the Splunk docs it is given as How Splunk Enterprise handles monitoring of files during restarts When the Splu...

by Contributor in

Windows DHCP log files "too small to match seekptr checksum"?

I'm seeing "seekptr checksum" errors for all the Microsoft's DHCP log files. Here's an example: ERROR TailingProce...

by Path Finder in

License/Indexing question

If we are licensed for 200 GB a day and we send 100 GB of raw data. Is it how much we send Splunk or how much we inde...

by New Member in

Citrix XenDesktop app spiking CPU usage

Hello, I'm having issues with my Citrix XenDesktop7 app and TA. The forwarder (7.02, same as my enterprise splunk) do...

by Path Finder in

Multiple Domain Usage Stats Count

Hey there! I have three broad domains (many IPs associated). gotomeeting.com webex.com zoom.us I want to get th...

by New Member in

Inputs.conf - use a variable

Hello all. I have a bunch of *nix machines which all mount the same shared file server location to write their logs (...

by Explorer in

Unable to sink logs on splunkweb

I am trying to sink logs on splunkweb from a Linux server, I added monitor@path of logs but cant sink. Any suggest...

by Explorer in

Why does my Splunk server keep crashing?

-bash-4.1$ cat crash-2018-05-21-09:41:12.log [build fa31da744b51] 2018-05-21 09:41:12 Received fatal signal 6 (Aborte...

by Engager in

Get Updates on the Splunk Community!

Monitoring Splunk

Discussions

Unknown Protocol and failed to establish connection with kvstore

How to calculate the top 5 license usage by indexes (Average value) for the last 30 days?

eval - Error in 'eval' command: The expression is malformed. Expected ).

How much CPU and RAM to allocate to SPLUNK VM which is indexing 25GB per day?

If I wanted to continuesly monitor HTTP get request to a particular web server, how would I go about doing this?

Persisting the health of a server using the events fired from windows event logs or some other monitoring tool

AWS ECS Logs in Splunk

Splunk Windows directory monitoring results in 30x "logfile size" to "data indexed" volume

Why is my Splunk instance not starting and crashing with crash logs?

not monitored similer name local files on windows

Why am I getting an error while creating a new app "ERROR SearchPhaseGenerator :Fallback to two phase search failed:Error in 'script'"?

Lexmark Event Logging Message Reference

Monitor splunk file after restart

Windows DHCP log files "too small to match seekptr checksum"?

License/Indexing question

Citrix XenDesktop app spiking CPU usage

Multiple Domain Usage Stats Count

Inputs.conf - use a variable

Unable to sink logs on splunkweb

Why does my Splunk server keep crashing?

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Splunk alert for multiple time?

What does it mean searchparsetmp in the StreamedSe...

TrackMe - insert hosts into trackme_host_monitorin...

Are there any sample logs for SalesForce and Cisco...

How important are the TCPOutAutoLB Health Warnings...