Monitoring Splunk

Discussions

Thread Info

Error message when creating new Splunk instance: The splunk daemon (splunkd) is already running. [FAILED]

Hi, I am running a splunk instance on a server under /apps/splunk-1/ at port 8980. I would like to run another ins...

by Path Finder in

Create Splunk Storage (Disk Space) Capacity Alarm (Alert)

The OS I am currently using is Redhat, i need help with the query that sends an alert if the DiskSpace goes over 70 p...

by Explorer in

Why are the queues being filled up on one indexer?

In the last day or two all the queues of one indexer got filled up. We bounced it and now on another indexer all the ...

by Ultra Champion in

How can I calculate per host CPU utilization in a report?

host=test01 index="perfmon" collection="CPU" counter="% Processor Time" | bucket _time span=15m | stats avg(Value) as...

by Path Finder in

How do I Save Raw Log Data for Audit Purposes?

If I have a regulatory requirement to store raw data for audit purposes as well as allowing the possibility of other ...

by Engager in

May I know how Splunk calculate license usage for Packet collections

Hi All I want to know how Splunk will calculate license usages for packets collection? Currently what we are doing...

by New Member in

Can I limit the disk size of a Splunk instance to 300 GB within config files?

I'm looking to set up a stand-alone test Splunk instance and want to limit the disk size of the instance to 300GB. ...

by Explorer in

How to I add an indexer to the MC?

We added recently indexers and all of them show up as being members of the indexer cluster. How do I add them to the ...

by Ultra Champion in

Why do we get kernel:BUG: soft lockup on the Search Head?

We get the following - $ ./splunk status Message from syslogd@<host> at Oct 11 06:02:24 ... kernel:BUG: soft loc...

by Ultra Champion in

can we use semicolon instead of comma in MVZIP

is it possible to use semicolon instead of comma in MVZIP??

by Builder in

Why did Crash log occur?

[build 249101] 2017-08-12 20:00:03 Received fatal signal 11 (Segmentation fault). Cause: Unknown signal origin (si_co...

by Communicator in

How to turn off splunkd during certain hours

I have a customer who wants to have the splunk forwarder turned off during certain critical processing time.

by Explorer in

how do I generate a diag (Splunk diagnostics file)?

How do I generate a diag (Splunk diagnostic) file for splunk support?

by Splunk Employee in

Why is the CPU usage showing 80-100% (falsely)? -- Search help

I am trying to get CPU usage for a specific process in windows. My search looks like this: host=host1 AND sourcety...

by Explorer in

"HttpListener - Socket error from 127.0.0.1 ... Broken pipe" splunkd.log messages since upgrading to Splunk 6.1.5

The full message is: WARN HttpListener - Socket error from 127.0.0.1 while accessing /servicesNS/-/search/admin/su...

by Motivator in

How to resolve error "The minimum free disk space (5000MB) reached for /opt/splunk/var/run/splunk/dispatch"?

I have this problem: The minimum free disk space (5000MB) reached for /opt/splunk/var/run/splunk/dispatch. So I c...

by Communicator in

New Errors that did not exist last week

Say I did a bunch of changes over the weekend and wanted to see a list of any new errors. Is there a way I can sh...

by Contributor in

Where can I find the internal logs in the Splunk 5.0.1 file directory?

Hi, I'm trying to find the var/log/splunk/ folder logs to check the errors and warning but in the older versions s...

by New Member in

Query to setup alert if the diskspace goes over 70%?

Below are the Host and Source type, I am trying to setup an alert if the diskspace goes over 70%. can some help? h...

by Explorer in

Measuring Splunkd Uptime

Looking for a way to measure splunkd service uptime, and alert on when it's down. Not so much worried about system up...

by New Member in

How to limit datamodel_summary folder disk space

Hello guys, i noticed that the datamodel_summary folder is filling up my diskspace... How can i limit this ? It...

by Path Finder in

Changing timechart x-axis from _time to another field

I am looking to chart my data based on another time field than the default _time that splunk uses. is this possible?...

by Path Finder in

What is the expected response time for an HEC POST?

We're seeing about 50 ms. Normal range? How would we optimize this? EDIT: Also, how do you measure HEC performance...

by Influencer in

Using btool command

Using btool command i want to check all the conf file or get a list of all conf files where my xyz host entry is pres...

by Communicator in

Are there any Splunk apps we can use to audit Oracle behavior like failed logons?

I would like to know if there are any Splunk apps which we can use use to audit Oracle behavior e.g failed logons. Sp...

by Path Finder in

Get Updates on the Splunk Community!

Monitoring Splunk

Discussions

Error message when creating new Splunk instance: The splunk daemon (splunkd) is already running. [FAILED]

Create Splunk Storage (Disk Space) Capacity Alarm (Alert)

Why are the queues being filled up on one indexer?

How can I calculate per host CPU utilization in a report?

How do I Save Raw Log Data for Audit Purposes?

May I know how Splunk calculate license usage for Packet collections

Can I limit the disk size of a Splunk instance to 300 GB within config files?

How to I add an indexer to the MC?

Why do we get kernel:BUG: soft lockup on the Search Head?

can we use semicolon instead of comma in MVZIP

Why did Crash log occur?

How to turn off splunkd during certain hours

how do I generate a diag (Splunk diagnostics file)?

Why is the CPU usage showing 80-100% (falsely)? -- Search help

"HttpListener - Socket error from 127.0.0.1 ... Broken pipe" splunkd.log messages since upgrading to Splunk 6.1.5

How to resolve error "The minimum free disk space (5000MB) reached for /opt/splunk/var/run/splunk/dispatch"?

New Errors that did not exist last week

Where can I find the internal logs in the Splunk 5.0.1 file directory?

Query to setup alert if the diskspace goes over 70%?

Measuring Splunkd Uptime

How to limit datamodel_summary folder disk space

Changing timechart x-axis from _time to another field

What is the expected response time for an HEC POST?

Using btool command

Are there any Splunk apps we can use to audit Oracle behavior like failed logons?

October Community Champions: A Shoutout to Our Contributors!

Community Content Calendar, November Edition

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

alert action email with empty attachment

MSSP reporting

Splunk UBA

Talos Cisco IoCs Splunk ES

Problems with SA-Hydra

Monitoring Splunk

Are you a member of the Splunk Community?

Discussions