Monitoring Splunk

Discussions

Thread Info

Help Newbie to Design a Monitoring solution

Hi, I am a newbie with a task to implement a monitoring functionality on Splunk. The requirement is for Splunk to be ...

by New Member in

Splunk for statistical testing/ Analysis

Hi ,I am one beginner of splunk. May I know whether Splunk supports any statistical testing/ analysis, e.g. Normality...

by Engager in

Best Practices to Measure Performance improvement after Splunk Migration.

Hi, We are moving a 3 tier clustered splunk env from an on prem environment to a cloud instance - where we have be...

by Builder in

Performance monitoring for wireless network

Hi, Can anyone help me get the list of apps who can monitor wireless and wired network devices performance and health...

by Path Finder in

What is the expected performance for KV store with over 5 million entries for these search head specs?

Does anyone have any ball park performance figures for what a kv store should perform like with 5mill+ entries for th...

by Motivator in

Splunk DB connect: The java bridge is: loading.... (+ page is reloaded in a endless loop)

The dbquery commands seem to be working, but the status query of the java bridge doesn't work. We found out, that the...

by Path Finder in

Where do I start with troubleshooting full queues?

So, there's this... Looking for documentation/advice on where to start.

by Champion in

Why am I seeing a lot of name=cooked_output events in _internal?

All of a sudden, noticed getting tons of events in _internal with name=cooked_output. What could be causing this beha...

by Explorer in

Monitoring for login failures - Events are on different lines

I need to monitor for the following condition. The "PsftpManager.GetPsftpCommand Cmd:" string will get me the user ID...

by New Member in

audit command in splunk

What exactly audit command is going to do If I queried like this index=_audit | audit - It is saying valid attempt...

by Communicator in

Splunk is not extracting the correct host name from the secure file

We are forwarding the messages and secure file to our Splunk server via rsyslog. The files for each server are placed...

by New Member in

How to Show Indexer Activity

I'm wondering if there is a command line way to show search activity on the indexers. For example, I had a situation ...

by New Member in

Can I disable _internal indexes from Splunk Web? Getting error "cannot disable idx=_internal, is internal."

Currently _internal is enabled, but we wanted to disable this from Splunk Web? I tried to do so by getting into splun...

by Motivator in

what is the splunk license Slave server limitation ?

We are planning install more number of Splunk license slave servers. There is any limitation .

by New Member in

Hitting eventstats memory limit. Is there another way to form my search?

I'm seeing the following error below when trying to use eventstats on a large lookup table (about 500,000 rows). ...

by Builder in

splunkd crashes on startup with "ERROR SQLitePersistentStorageImpl - Error executing: create table keyvaluepairs_t(primarykey text constraint primary_c unique,secondary1 text, secondary2 text, secondary3 text, value text); Msg=database is locked"

Splunkd will not start and splunkd.log shows this error message: "ERROR SQLitePersistentStorageImpl - Error execut...

by Splunk Employee in

Can run splunkd in foreground?

Some integration reason I need to run application in foreground by another agent in my company. Is it a way to run Sp...

by Path Finder in

How to troubleshoot why Splunk performance decreased and images were not displaying in navigation menus for a certain day?

Hi fellow Splunkers, On May 30, Splunk was very slow and was not showing any images in the navigation menus. I wou...

by Path Finder in

Splunk DB Connect - How to reset tail.rising state?

How to reset tail.rising state that go back and read everything from the beginning of my database table?

by Explorer in

License Usage past 30 days does not work. (Distributed Management Console)

Overview of Issue I've seen a few discussions on this topic, but none of them seem clear to me. We have two indexe...

by Explorer in

how to exclude .txt file in log directory from monitoring??

Hello, i have log directory in which all files need to be monitored but i need to exclude file with .txt am sure ...

by Path Finder in

How to find out how many license violations have occurred in the last 30 days in Splunk 6.2?

I have installed Splunk 6.2 version and it shows a license violation under category 'license_window'. Is there any wa...

by Explorer in

Where do I find System Activity information in a 6.4.x Distributed Management Console?

Hi there, The Activity > System Activity was very useful in the previous Splunk versions, letting you quickly acce...

by Explorer in

How to troubleshoot why Splunk performance suddenly decreased and we now see error "The splunkd daemon cannot be reached by splunkweb"?

Splunk has been running extremely slow since this morning around 10 AM ET. When I came in this morning, it was runnin...

by Explorer in

Splunking custom windows performance counters

Our developers have created a custom Windows performance counter for an in-house application. I can see the Object an...

by Contributor in

Get Updates on the Splunk Community!

Monitoring Splunk

Discussions

Help Newbie to Design a Monitoring solution

Splunk for statistical testing/ Analysis

Best Practices to Measure Performance improvement after Splunk Migration.

Performance monitoring for wireless network

What is the expected performance for KV store with over 5 million entries for these search head specs?

Splunk DB connect: The java bridge is: loading.... (+ page is reloaded in a endless loop)

Where do I start with troubleshooting full queues?

Why am I seeing a lot of name=cooked_output events in _internal?

Monitoring for login failures - Events are on different lines

audit command in splunk

Splunk is not extracting the correct host name from the secure file

How to Show Indexer Activity

Can I disable _internal indexes from Splunk Web? Getting error "cannot disable idx=_internal, is internal."

what is the splunk license Slave server limitation ?

Hitting eventstats memory limit. Is there another way to form my search?

splunkd crashes on startup with "ERROR SQLitePersistentStorageImpl - Error executing: create table keyvaluepairs_t(primarykey text constraint primary_c unique,secondary1 text, secondary2 text, secondary3 text, value text); Msg=database is locked"

Can run splunkd in foreground?

How to troubleshoot why Splunk performance decreased and images were not displaying in navigation menus for a certain day?

Splunk DB Connect - How to reset tail.rising state?

License Usage past 30 days does not work. (Distributed Management Console)

how to exclude .txt file in log directory from monitoring??

How to find out how many license violations have occurred in the last 30 days in Splunk 6.2?

Where do I find System Activity information in a 6.4.x Distributed Management Console?

How to troubleshoot why Splunk performance suddenly decreased and we now see error "The splunkd daemon cannot be reached by splunkweb"?

Splunking custom windows performance counters

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

A lot of error messages : user=“nobody” had no rol...

Splunk UBA

Talos Cisco IoCs Splunk ES

Problems with SA-Hydra

How to pause and resume the Splunk RUM agent