Monitoring Splunk

Discussions

Thread Info

Does splunk capture information for configuration changes

is there a way to track configuration changes to splunk - either via splunkweb or command line? The idea is: Lets say...

by Splunk Employee in

How to get Splunk aware of the changes in inputs.conf of an app without restarting Splunk?

Hi all, I've been searching high and low to understand how to get Splunk aware of the changes in inputs.conf of an...

by Splunk Employee in

Trying to understand "Average Execution lag" on the scheduler_status view

I'm looking on the "Overview" (scheduler_status) view in the Splunk 4.1 Search app and I'm trying to understand what ...

by Super Champion in

Output of 'splunk list monitor'

Is the output of 'splunk list monitor' clipped at all? I have a directory with (approx) 50 log files, but the out...

by SplunkTrust in

Monitoring TCP output from a telephone switch.

I want to use Splunk to monitor the error output of a telephone switch. I can easily see the data by connecting to th...

by New Member in

Backup and restore of Splunk??

Hi, Been trying to backup and restore of Splunk indexer and the steps that I took to backup our splunk server is: ...

by Path Finder in

Splunkd crash log - couldn't parse hash code

The following line is found when I try to restart the stopped splunkd process:- 05-12-2010 14:30:50.819 ERROR Word...

by Engager in

Splunk search 'plan'

Is there anyway to run an sql like 'plan' on a splunk search to determine efficiency?

by Communicator in

Why is my search taking so long to run?

When I queried a new Summary Index with only 100k of events and 16MB of size, the response time of the a simple query...

by Splunk Employee in

Disable monitoring of sub directories

Hello How can I monitor the files within a directory but ignore its subdirectories? e.g. I want to monitor all ...

by Path Finder in

How can I resolve the error - "The minimum free disk space (2048MB) reached for /opt/splunk/var/run/splunk/dispatch" ?

I just upgraded to version 4.1 and I'm seeing this message in the UI. My minimum free disk space is 1GB and I haven't...

by Splunk Employee in

How many tags is too many tags?

How many tags can be created before Splunk's performance is adversely affected? And what specifcally is adversely aff...

by Contributor in

What are some searches I can run to check out the current situation with my queues?

I need some help with figuring out some potential blocked queues. What searches can be run to help me figure this out...

by Champion in

How can I control the size and number of Splunk's internal logs?

Some of our servers are running low on Disk capacity and we are concerned with splunk log files generated and stored ...

by Splunk Employee in

Put Data in Separate Index Based on Timestamp

We have Splunk as part of our default vm image but we're having some bucket issues. Initially, the time isn't set and...

by Communicator in

When should I use a FIFO for an input?

I notice there is support for fifo's as inputs. Are there any benefits to using a fifo or is it just support for thos...

by Splunk Employee in

How do I set the default PAGE, instead of just the default app?

I've followed the instructions on http://www.splunk.com/base/Documentation/4.0.9/Developer/DefaultApp to set the defa...

by Communicator in

Timestamp logic/config on forwarder or indexer?

I looked at the report for timestamping errors and found a fair amount of errors. I’ve been following the Splunk blog...

by Communicator in

ERROR SavedSplunker - No record for that user

Seeing this error in splunkd.log on a splunk indexer when running a saved search. What does it mean?

by Splunk Employee in

performance characteristics of dedup command

I'm thinking about using the DEDUP commend to solve the following problem: I have an event with an ID field and I'd l...

by Contributor in

Monitoring Splunk

Discussions

Does splunk capture information for configuration changes

How to get Splunk aware of the changes in inputs.conf of an app without restarting Splunk?

Trying to understand "Average Execution lag" on the scheduler_status view

Output of 'splunk list monitor'

Monitoring TCP output from a telephone switch.

Backup and restore of Splunk??

Splunkd crash log - couldn't parse hash code

Splunk search 'plan'

Why is my search taking so long to run?

Disable monitoring of sub directories

How can I resolve the error - "The minimum free disk space (2048MB) reached for /opt/splunk/var/run/splunk/dispatch" ?

How many tags is too many tags?

What are some searches I can run to check out the current situation with my queues?

How can I control the size and number of Splunk's internal logs?

Put Data in Separate Index Based on Timestamp

When should I use a FIFO for an input?

How do I set the default PAGE, instead of just the default app?

Timestamp logic/config on forwarder or indexer?

ERROR SavedSplunker - No record for that user

performance characteristics of dedup command

Splunk physical indexers require maintenance to mo...

How do I properly configure the Splunk app. Alerts...

How do I configure Splunk app Meta Woot! please t...

Indexer Queues are full

Splunk endpoint monitoring without spamming events