Monitoring Splunk

Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
a212830

What Splunk stats should I look at to determine if my indexers should use additional pipelines?

Hi, What Splunk stats should we look at to determine if our indexers are candidate for multiple pipelines? SoS cpu ...
by a212830 Champion in Monitoring Splunk 05-11-2016
0 2
0
2
CaptainHook

Monitor last updated time stamp for trace file and generate alert if the file is not updated in the last 45 min.

Can somebody please educate me on how I can set up a monitor for this type of request? The requirement is to check th...
by CaptainHook Communicator in Monitoring Splunk 05-10-2016
0 10
0
10
jbrandtelastica

How to troubleshoot why index size on disk suddenly jumped by 2.5TB overnight?

On May 4th, the disk space used by our default index jumped from about 400G to about 3TB. This doesn't seem to be rel...
by jbrandtelastica New Member in Monitoring Splunk 05-09-2016
0 2
0
2
sat94541

Why is the Distributed Management Console stuck in Standalone Mode?

The issue is that the DMC appears to be stuck in "Standalone" mode. When they go into the DMC Overview page, it state...
by sat94541 Communicator in Monitoring Splunk 05-03-2016
0 2
0
2
Rotema

Can I set a limit on the license usage for an index per day?

Hi, I have Splunk running with several indexes configured. I want to limit one index (index=dev) so it will not use ...
by Rotema Path Finder in Monitoring Splunk 05-02-2016
0 6
0
6
nawneel

Will there be performance issues using KV Store with a large data set?

Hi all I have a large data set (20 million) since 2015 which keeps on growing. In my case, I am supposed to use loo...
by nawneel Communicator in Monitoring Splunk 05-02-2016
0 1
0
1
toabhishek16

Hunk is taking too much time for processing hive ORC data. How do I improve the performance?

Hi Team, I have set up hunk with Apache Hadoop 2.26 and my data is stored in Hive 0.13 table with ORC compression. D...
by toabhishek16 New Member in Monitoring Splunk 05-01-2016
0 7
0
7
lgn1br

Monitor When Trunk Ports Go Down

Hello, I am looking to set up an alert for when a trunk port on a Cisco switch goes down.
by lgn1br New Member in Monitoring Splunk 04-22-2016
0 1
0
1
Umesh_Vedicsoft

monitoring log file in splunk

am monitoring the one log file in splunk by declaring the bleow stanza in inputs.conf file.but the problem is wheneve...
by Umesh_Vedicsoft Path Finder in Monitoring Splunk 04-22-2016
0 4
0
4
shan_santosh

Pass dbinspect result to calculate index disk space

I this search below to calculate compression rate of my index | dbinspect index=myIndexName | stats sum(rawSize) AS ...
by shan_santosh Explorer in Monitoring Splunk 04-17-2016
0 4
0
4
luhadia_aditya

Why splunkd is exiting with retrun code 2, when run in foreground (--nodaemon)

Scenario - We have 2 forwarders, both have been configured in to an HA cluster using Heartbeat for failover situation...
by luhadia_aditya Path Finder in Monitoring Splunk 04-14-2016
0 7
0
7
splunkfly

Search not executed: The minimum free disk space (50000MB) reached for /home/username/splunk/var/run/splunk/dispatch. user=admin.

Even After increasing the size in the settings-->general settings-->Pause indexing if free disk space (in MB) falls b...
by splunkfly New Member in Monitoring Splunk 04-10-2016
0 3
0
3
girishchhabra19

Why is the rs_swap directory under var folder of Splunk filling very fast and causing disk space issues?

There is rs_Swap directory under my Splunk var folder. It is filling very fast and causes disk space issue. Any inpu...
by girishchhabra19 New Member in Monitoring Splunk 04-09-2016
0 1
0
1
Lowell

Is it possible to get a "sample" set of search results rather than the full search results?

I'm working on a search to do some analysis on indexing delays. I'm essentially comparing _time and _indextime to se...
by Lowell Super Champion in Monitoring Splunk 04-07-2016
5 9
5
9
kserra_splunk

Why is Splunk is crashing on my AIX system and getting "bad allocation" errors in the splunkd.log?

I just installed splunk on my AIX system and am seeing lots of crashes in the main tailing thread. Additionally I se...
by kserra_splunk Splunk Employee Splunk Employee in Monitoring Splunk 04-06-2016
3 2
3
2
droth333

Splunk 6.2 Deployment Monitor repeatedly sends "forwarder missing" alert emails

Immediately after upgrading from 6.0 to 6.2 Indexer, we get "missing forwarder" alerts from Deployment Monitor with ...
by droth333 Explorer in Monitoring Splunk 04-01-2016
1 2
1
2
iKate

Choropleth: Failed to memory map index files

Hi splunkers! While trying to add KMZ file to use awesome choropleth map with my country I got this error: Failed to ...
by iKate Builder in Monitoring Splunk 03-30-2016
1 2
1
2
suhprano

What does "removed from queue file" mean?

In splunkd.log I see a few lines like: BatchReader - Removed from queue file=... It's not a warning or an error, b...
by suhprano Path Finder in Monitoring Splunk 03-28-2016
2 2
2
2
rcreddy06

Difference between splunkd -p 8089 restart or splunkd -p 8089 start

When I do top -c1 on the indexers/Heavy Forwarders, splunkd process is running as follows splunkd -p 8089 restart ...
by rcreddy06 Path Finder in Monitoring Splunk 03-21-2016
1 1
1
1
Jason

How do I tell if an indexer is in maintenance mode?

On the CLI of a clustered indexer, what a command I can run (or perhaps a search, if REST needs to be hit) that will ...
by Jason Motivator in Monitoring Splunk 03-20-2016
0 3
0
3
aferone

Monitor Concurrent Searches

Every once in a while, we will get this message, and I understand it. I would like to run a periodic search, add i...
by aferone Builder in Monitoring Splunk 03-18-2016
0 1
0
1
vamsi92

How to Monitor CPU usage

I want to see my cpu usage statistics, i tried using search "host="CARDS_QA_" (sourcetype=cpu OR source=WMI:CPUTime)"...
by vamsi92 Explorer in Monitoring Splunk 03-17-2016
0 5
0
5
scamarda

Monitor That Windows 7 is listening on a specified port

I need to monitor that an application is active on a Windows 7 machine. The application listens on port 80. If the...
by scamarda New Member in Monitoring Splunk 03-14-2016
0 1
0
1
dwaddle

Why am I not getting introspection data for these indexers?

I have several indexers in my cluster that are not producing introspection data, despite being identically configured...
by SplunkTrust SplunkTrust in Monitoring Splunk 03-14-2016
4 1
4
1
pradiptam

Advantage of Splunk DBConnect over general database monitoring tools

I am using Splunk for the last few months, Recently have installed the DBConnect App and also able to connect Oracle ...
by pradiptam Explorer in Monitoring Splunk 03-14-2016
1 2
1
2
Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...