Monitoring Splunk

Thread Info

How to audit when users disconnect from Splunk

This document helps me know how to track logins and logoffs: http://answers.splunk.com/answers/108923/how-to-track-a-...

by Communicator in

Can searches with joins be accelerated ?

I was trying to accelerate a search with join command(trying to accelerate two searches). When I look at the job insp...

by Communicator in

CPU Performances issues when running input powershell scripts

Hi, I'm using 4 powershell scripts to gather different infos on my machine (Windows server 2012) . I run the scrip...

by Explorer in

DB Connect 1.1.4: "Error validating dbmonTail for monitor..." trying to create a database input.

When I am running a sql query on database query section in app I am able to get the result. but when I am trying to c...

by Path Finder in

access to _audit index vs using history command

I am working on a dashboard that displays previous queries in splunk. I can find the previous queries using the hi...

by Communicator in

splunk process compulsion stop

Hi I want to kill the process of Splunk. May be performed by specifying the "PID" with this command ? kill -9 <...

by Explorer in

How to use Deployment Monitor or other tools to alert if a host's event count > 0 in the last 24 hours, but no events in the last hour?

Had a server that rebooted this weekend and the Universal Forwarder Service did not start. I want to get alerts about...

by Communicator in

Error message

I am getting below error message. Forwarding to indexer group primary_indexers blocked for 100 seconds. Can you...

by New Member in

Disable an index or Stopping the indexer to clean eventdata?

hi, In the documents, it's stated before we clean eventdata, we should stop the indexer. But if I don't want to do...

by Path Finder in

Performance degrade

Hi All, I am new to Splunk..Can you please tell me the possible scenarios to test Peroformance Degrade on Splunk? ...

by Explorer in

Search degradation on previous days results

Have a strange instance that I haven't seen before. Two days ago I could complete my core search within 10 seconds (t...

by Path Finder in

Sybase DB - Able to connect but no tables nor data returned

Trying to query Sybase DB. Currently I am able to connect. DB Info shows the DB name in the Drop down menu, Under...

by New Member in

Memory Leak - Splunk 4.3.3

I am having an issue with Splunk 4.3.3 regarding a memory issue. For one reason or another, it seems to have a consta...

by Explorer in

Forwarders keep going down

Hi everyone, I'm deploying a Splunk environment with two universal forwarders and two indexers. I've got a primary...

by Communicator in

Performance Queries

Hi, What are the general queires used to pull performance report which has response times? Please help me out. Tha...

by Explorer in

Find splunkd Port from Scripted Input

Similar to http://answers.splunk.com/answers/232122/find-splunkd-port-from-custom-search-command.html I have a scr...

by Splunk Employee in

Splunk server unable to start after upgrade to 6.2.2

We have splunk dev server upgrade to 6.2.2., using splunk account to start and failed, message below: [servername:...

by Explorer in

How to get Splunk DB Connect to respect multiline data in a column?

I've got a table that I am pulling data into Splunk with DB Connect. I've got the database input and database connect...

by Builder in

After my certificates expired and I followed the steps in documentation for getting third party certificates, why is splunkd not starting?

My certificates expired recently and I did the procedures in this article : http://docs.splunk.com/Documentation/S...

by Engager in

Windows could not start the Splunkd (or SplunkForwarder) service on Local Computer...cannot find file specified

This may have already been posted but I couldn't find it and I burnt up about 2-3 hours scratching my head... Afte...

by Path Finder in

If lightweight forwarders are configured on laptops that are not always connected to a network, will it impact the client's performance?

Our desktop team is rolling out a new patch management service (Shavlik) which only sends a limited amount of logs to...

by Explorer in

Can DB Connect see into MS SQL Audit logs?

Hello, We have a need to start tracking MS SQL 2008 & MS SQL 2008 Express Audit logs and hence track changes based...

by Path Finder in

Splunk push notifications through Notify My Android

Hello guys, We just released a tutorial and a script to add push notifications to Splunk through NMA. You can f...

by Engager in

OPSEC LEA 2.0.1 setup issues

I was able to pull the checkpoint cert and verified communication son the checkpoint side. Log grabber is trying t...

by New Member in

Splunk DB Connect: Why am I getting error "Invalid column index" trying to create a database input with a rising column SQL query?

Hi, I have already made the database connection. What I am trying to make is a Database input. Following is my SQ...

by Builder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Monitoring Splunk

Discussions

How to audit when users disconnect from Splunk

Can searches with joins be accelerated ?

CPU Performances issues when running input powershell scripts

DB Connect 1.1.4: "Error validating dbmonTail for monitor..." trying to create a database input.

access to _audit index vs using history command

splunk process compulsion stop

How to use Deployment Monitor or other tools to alert if a host's event count > 0 in the last 24 hours, but no events in the last hour?

Error message

Disable an index or Stopping the indexer to clean eventdata?

Performance degrade

Search degradation on previous days results

Sybase DB - Able to connect but no tables nor data returned

Memory Leak - Splunk 4.3.3

Forwarders keep going down

Performance Queries

Find splunkd Port from Scripted Input

Splunk server unable to start after upgrade to 6.2.2

How to get Splunk DB Connect to respect multiline data in a column?

After my certificates expired and I followed the steps in documentation for getting third party certificates, why is splunkd not starting?

Windows could not start the Splunkd (or SplunkForwarder) service on Local Computer...cannot find file specified

If lightweight forwarders are configured on laptops that are not always connected to a network, will it impact the client's performance?

Can DB Connect see into MS SQL Audit logs?

Splunk push notifications through Notify My Android

OPSEC LEA 2.0.1 setup issues

Splunk DB Connect: Why am I getting error "Invalid column index" trying to create a database input with a rising column SQL query?

Buttercup Games: Further Dashboarding Techniques (Part 7)

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk supported S2S protocols and enableOldS2SPr...

Splunk UBA

Talos Cisco IoCs Splunk ES

Problems with SA-Hydra

How to pause and resume the Splunk RUM agent