Monitoring Splunk

Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
hkaiser

HTTP Client Timeout

Hello, during evaluation of Splunk I created a new data model, called NG_Events. A report has been scheduled every 1...
by hkaiser Path Finder in Monitoring Splunk 02-01-2016
0 3
0
3
coleman07

How to increase the number of internal logs retained on local server

I want to keep more than 5 copies of eventgen.log. The log file is located in /opt/splunk/var/log/splunk, but is not ...
by coleman07 Path Finder in Monitoring Splunk 01-30-2016
0 1
0
1
rck

How do I compare last week's and the current week's data for page loaded time to see Splunk Web performance?

How can I compare the t_done event in Splunk Web performance for last week's data and current data?
by rck New Member in Monitoring Splunk 01-27-2016
0 2
0
2
chris

Are older indexer servers slowing down overall search performance?

Hi, we recently installed new indexer servers to help the existing indexer servers that were under heavy load. The n...
by chris Motivator in Monitoring Splunk 01-27-2016
0 5
0
5
preben12

splunkd crash

Splunkd has crashed a couple of times now. The only thing I see in splunkd.log is some log WARNS eg. 12-09-2013 07:...
by preben12 Communicator in Monitoring Splunk 01-26-2016
0 6
0
6
twinspop

In introspection data, what does data.normalized_pct_cpu represent exactly? How does it relate to data.pct_cpu? data.elapsed?

For any one search id, there are many, sometimes hundreds, of log entries in introspection. Not all of these have CPU...
by twinspop Influencer in Monitoring Splunk 01-22-2016
0 1
0
1
mataharry

Splunk will not start and is waiting for config lock

My Splunk instance crashed and it won't restart with this error in splunkd.log: 01-30-2013 18:29:05.094 +0000 WARN l...
by mataharry Communicator in Monitoring Splunk 01-20-2016
8 8
8
8
hagjos43

Any reason why Btool might be continuously logging in DEBUG mode?

One of my windows indexers is constantly writing to the btool log in DEBUG mode. I didn't build this environment, but...
by hagjos43 Contributor in Monitoring Splunk 01-20-2016
0 4
0
4
gfreitas

Why are special characters in Splunk Mobile showing as "/Xn" and how do I fix this?

Hi, I'm using Splunk Mobile to connect from an iPad to my Splunk server and it's working properly. There are some pa...
by gfreitas Builder in Monitoring Splunk 01-15-2016
1 2
1
2
jrubio1

Are there maintenance steps or best practices around managing the size of the defaultdb folder?

Hello everyone, I'm fairly new to Splunk and currently have the issue where the Splunk server is above 93% disk util...
by jrubio1 New Member in Monitoring Splunk 01-13-2016
0 1
0
1
mgaraventa_splu

The minimum free disk space (5000MB) reached for /opt/splunk/var/run/splunk/dispatch

On our cluster master server, we saw the following message: The minimum free disk space (5000MB) reached for /opt/s...
by mgaraventa_splu Splunk Employee Splunk Employee in Monitoring Splunk 01-13-2016
6 2
6
2
adamblock2

How is the Distributed Management Console Physical Memory Usage(%) value calculated?

We are currently running a distributed Splunk 6.2.3 infrastructure with multiple indexers. According to the Distribu...
by adamblock2 Path Finder in Monitoring Splunk 01-08-2016
0 1
0
1
rameshnani

How to verify when a SPLUNK server is rebooted,SPLUNK is cleanly shutdown or not?

When a SPLUNK server is rebooted, SPLUNK is cleanly shutdown When SPLUNK vm is powered off, SPLUNK is cleanly shutdo...
by rameshnani New Member in Monitoring Splunk 12-23-2015
0 1
0
1
mataharry

splunkd not responding

I have a indexer, that crashed and I restored. I can start splunkd and splunkweb services, but cannot use the CLI, o...
by mataharry Communicator in Monitoring Splunk 12-18-2015
1 2
1
2
javiergn

What are the implications and performance impact of enabling FIPS 140-2 in our Splunk deployment?

Hi all, Because of regulatory reasons, we might need to use FIPS in our brand new Splunk deployment. I've been going...
by javiergn Super Champion in Monitoring Splunk 12-14-2015
0 7
0
7
nhurtaud

Universal Forwader - Cap CPU, memory, Disk usage

Hi everyone, Thank you for your time. My question is sample: is it possible to cap this three parameters: - CPU - R...
by nhurtaud Explorer in Monitoring Splunk 12-14-2015
0 3
0
3
sonia_splunk

How to troubleshoot why I am unable to start Splunk services (splunkd, splunkweb, splunkforwarder)?

Hello Everyone, 1) I had installed Splunk on Windows 2008 R2 a month ago. 2) Everything was good. 3) Today I have in...
by sonia_splunk New Member in Monitoring Splunk 12-11-2015
0 3
0
3
rkursawe

Why does this _internal log message have two similar key=value pairs and can this be changed?

It's not really a question, but could you please change your _internal log message: The maximum number of concurrent...
by rkursawe Explorer in Monitoring Splunk 12-09-2015
0 2
0
2
mataharry

What does slow reverse dns lookup warning mean in splunkd.log?

I found this in my splunkd.log and It seems linked to the setting rdnsMaxDutyCycle in limits.conf I assume that it tr...
by mataharry Communicator in Monitoring Splunk 12-02-2015
1 4
1
4
splunkLPN

How to optimize processor usage on Mac OS by the splunkd process?

The splunkd process only uses the power of one logical core dispatch on all processors. Is there a way to use all the...
by splunkLPN Path Finder in Monitoring Splunk 12-01-2015
0 1
0
1
melonman

How to enable index data integrity in SPlunk 6.3?

Hi I was in the doc, Block Signing feature has been removed from Splunk 6.2. I need to have a indexed data integrit...
by melonman Motivator in Monitoring Splunk 11-30-2015
0 1
0
1
aneaston

Can I permanently add fields with eventstats?

I have the following search query which does what I'd like: sourcetype=my_log | eval adj_request_id = if(isnotnull(o...
by aneaston New Member in Monitoring Splunk 11-19-2015
0 2
0
2
cmaier

Office 365 Administrator Audit Logs - How can I index them via script?

Just curious if anyone out there has had any experience getting their Office 365 Administrator Audit Logs into Splunk...
by cmaier Explorer in Monitoring Splunk 11-19-2015
0 2
0
2
hylam

Why does our data model "distinct count(cookie) AS UniqueVisitor" take very long?

17 GB IIS log files, 2.5 GB 100% accelerated data model. 16 cores 8 GB RAM with 2 GB RAM free. The pivot was single-c...
by hylam Contributor in Monitoring Splunk 11-12-2015
0 20
0
20
mikaelbje

Distributed Management Console Reporting incorrect amount of CPU cores for indexers

Distributed Management Console Reporting incorrect amount of CPU cores for indexers This is seen in both Splunk 6.2.6...
by mikaelbje Motivator in Monitoring Splunk 11-11-2015
0 1
0
1
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...