Monitoring Splunk

Discussions

Thread Info

What would cause a Fatal thread error in thread typing found in the Splunk crash log?

Hello everyone, Over a ~26 hour period I am seeing several fatal errors regarding the typing thread. I've done som...

by Communicator in

index=_introspection only going back 15 days

I am trying to look at cpu and mem statistics on my indexers and search heads, but the index only ever goes back 15 d...

by Engager in

Looking for a change in the index _indextime rate

I want to identify where the rate that an index's _indextime changes by a specific amount, with a tolerence that incr...

by Explorer in

How can I calculate CPU of the splunk server in percentage from the data in internal index?

How can I calculate CPU of the splunk server in percentage from the data in internal index?The data in internal index...

by Path Finder in

Splunk DB

Hi team , 1 .How to monitor the Splunk DB logs, already installed and configured.2. How to 2 queries of splunk db i...

by Loves-to-Learn Everything in

How to find users restoring and running searches on historic data sets

I am attempting to identify when Splunk users are running searches against historic data (over 180 days old). Additio...

by Engager in

.zip, .gz , .tar files are not getting indexed in splunk

I have a server where logs are generated on daily basis in this format- /ABC/DEF/XYZ/xyz17012022.zip /ABC/DEF/...

by Engager in

DMC not displaying server metrics

On our Monitoring Console on the "Overview", it does not display any metrics under "Resource Usage" for each of the c...

by Contributor in

Splunk query for getting logs in descending order based on API execution time

Can some one help me with query for getting logs in descending order based on API execution time which printed on log...

by New Member in

Search Head Cluster Slow performance

Cluster Member on Version : 6.2.1 and has three Search Head Cluster Memeber: *Issue : * 1) When user run’s adho...

by Communicator in

How to fix aggregration issue for sourcetype

Hi, I have seen a aggregration issue for one of my source type cisco, how can I fix this issue in my splunk cloud ...

by Builder in

How can we find the missing events in splunk

Hi, Splunk hasn't captured the 4743 events, indicating computer account deletions that occurred yesterday at 2 pm. ...

by Builder in

need to build a query how to find out whose account is not showing no_access on splunk roles, who are disabled from AD?

Hello guysHope you are doing great!I want to configure a query, some guys are disabled in AD and also, in Splunk ES w...

by Observer in

HttpInputDataHandler - Parsing error : No data

Hello there, I got the following error a lot: "ERROR HttpInputDataHandler - Parsing error : No data" I guess it...

by Communicator in

SIgnalFx dimensions.AWSUniqueId is empty

Hi All,I have created a detector that monitors splunk environment. I am trying to customize message in alert message ...

by Path Finder in

Issue with Security Command Center Logs Not Appearing in Splunk

Hi, We set up Security Command Center to send alerts to Splunk for detecting mining activity. However, I've observe...

by Builder in

Resource impact when extending search job lifetime

Hi, I'm still new to Splunk and I understand that I can extend search or report lifecycle either using GUI or chang...

by Engager in

Critical System Physical Memory Usage

Oracle Linux 7.5Splunk Core 7.2.5Alert Name -- DMC Alert - Critical System Physical Memory UsageThe alert works on be...

by Explorer in

How can I transfer workflow action in my current splunk machine to a new splunk machine

Hi , in my current splunk I have builded a lot of work flow action, when I want to upload all my workflow action into...

by New Member in

Change output location of splunk diag?

I've seen from personal experience, as well as the answer at http://answers.splunk.com/questions/167/how-do-i-generat...

by Path Finder in

How to confirm does my index have duplicate events?

Hi, When I execute this search index=foo | stats count by _raw, sourcetype, source, host | where count>1 ...

by Builder in

Setting the threshold for the detect large outbound ICMP Packets correlation

Hi, Could someone assist me in setting the threshold for this correlation search in ES? It's generating an excessiv...

by Builder in

Indexing and reading .tsidx files/directory-stored logs?

Hello! Our Splunk server receives dc logs on a daily basis from another network team. Under Files & Directories in ...

by Engager in

How to check the splunk licence spike issues

Hi, We are seeing the sudden spike of the license consumption in our splunk es since last week, Where do we get ...

by Builder in

How does DMC calculate Load Average

How does DMC calculate load average? I understand the number comes from rest api. But it does not explain how exac...

by Path Finder in

Get Updates on the Splunk Community!

Monitoring Splunk

Discussions

What would cause a Fatal thread error in thread typing found in the Splunk crash log?

index=_introspection only going back 15 days

Looking for a change in the index _indextime rate

How can I calculate CPU of the splunk server in percentage from the data in internal index?

Splunk DB

How to find users restoring and running searches on historic data sets

.zip, .gz , .tar files are not getting indexed in splunk

DMC not displaying server metrics

Splunk query for getting logs in descending order based on API execution time

Search Head Cluster Slow performance

How to fix aggregration issue for sourcetype

How can we find the missing events in splunk

need to build a query how to find out whose account is not showing no_access on splunk roles, who are disabled from AD?

HttpInputDataHandler - Parsing error : No data

SIgnalFx dimensions.AWSUniqueId is empty

Issue with Security Command Center Logs Not Appearing in Splunk

Resource impact when extending search job lifetime

Critical System Physical Memory Usage

How can I transfer workflow action in my current splunk machine to a new splunk machine

Change output location of splunk diag?

How to confirm does my index have duplicate events?

Setting the threshold for the detect large outbound ICMP Packets correlation

Indexing and reading .tsidx files/directory-stored logs?

How to check the splunk licence spike issues

How does DMC calculate Load Average

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability

S2S protocols, enableOldS2SProtocol (oldest protoc...

Splunk UBA

Talos Cisco IoCs Splunk ES

Problems with SA-Hydra

How to pause and resume the Splunk RUM agent