Monitoring Splunk

Ask a Question

Discussions

Thread Info

Multiple SearchHeads (one per DC) – How to take advantage of report acceleration data?

Hi, hoping this is a basic question, the lead-in is long, however the questions are brief. We have Multiple Data-C...

by Path Finder in

How does Splunk choose events to scan?

How does Splunk determine which events to scan in order to find results? For example, say I run a query to find a ...

by Path Finder in

How can I set a custom splunk banner/warning?

I'd like to set a custom banner to notify users of outages, for example, a single indexer is down and OPS is working ...

by Champion in

How to open the .tsidx file

I seen several file is shown .tsidx under the C:\Program Files\Splunk folder. I want to know how to open that file.

by New Member in

Splunk DB Connect jbridge failing

We had a working installation of the Splunk DB Connect app until Friday. While no changes were made to the configu...

by Motivator in

Role "restrict search terms" Performance Issue

Hi Everyone, Looks for a few best practices or suggestions. I have installed search term restrictions based on a u...

by Path Finder in

URL Monitoring using Webmon

I am trying splunk and wanted to see the URL monitoring using Webmon. I have installed Webmon and added the following...

by Explorer in

Deployment monitor causing "maximum historical concurrent searches" warning?

I started seeing the following message at the top of the Splunk Web page after installing the Deployment Monitor app....

by Super Champion in

Splunk reporting running out of memory on a VM server wtih 16Gig

Good Afternoon! I am trying to create a report that goes through a 15 Million record file and creates a cost of roami...

by New Member in

License violations: if a sub-pool exceeds quota, what happens to the other pool's slaves?

Greetings all, We have a smallish amount of enterprise licenses, in one stack, most of this is in one larger (prod...

by Explorer in

Why is my log quota being eaten up by "invisible" files?

Using the following search, I find that in the hour after midnight there is a spike in indexing activity: index="_...

by Motivator in

How to monitor specific sub folders

Hi, I have the following folder structure: C:\temp\logs\ComponentName1\InstanceName1\log.txt C:\temp\logs\Componen...

by Explorer in

Sitescope Monitoring

We have an extensive Sitescope implementation and would like to use Splunk to display the status of the various monit...

by Path Finder in

How do I turn off debug in btool.

I am having an issue with lag time in my scheduled searches of time. I am looking for all time of issues that may slo...

by Explorer in

Possible memory leak in 4.3.6

Hello, I have an environment with 2 search heads and 2 indexers. There are 70ish forwarders which send around 50 M...

by Explorer in

loadjob performance

What determines the performance of loading the artifacts of a savedsearch? I have a job which ran a savedsearch, and ...

by Path Finder in

btool app name length limit

It looks as if btool, when run with --debug, only shows the first 10 characters of the app name. Unfortunately the fi...

by Explorer in

Can somebody from Splunk please explain the changes to GUI search logging

Prior to the 5.x (and possibly earlier), Splunk logged user searches from the GUI in a human readable format. The eve...

by Builder in

Faster way to find first occurrence of "duplicate" events

I am trying to chart initial logins over time as follows: index="abc" sourcetype="*apache_access" NOT remote_ident...

by Explorer in

Is the directory for the splunkd.pid configurable

Is there a config file setting that will allow you to change the default location of the splunkd.pid file.

by Communicator in

How do i search indexed data in Warm Db ?

splunkd.log gets indexed in _internal index. From this index , i could able to get data for last 1 month. I need to h...

by Contributor in

Monitoring Avamar backup agent job logs

We are testing Splunk if we could monitor our Avamar backup system agent job logs and see where backups are failing. ...

by Engager in

iOS Crash logs - Indexing

Hi, Newbie to Splunk and trying to use Splunk to arrive at a trend of the iOS Crashes which have been collected fo...

by New Member in

_internal sourcetype=searches isn't recording anything

We've got Splunk 5.0.2 running on Windows. A few weeks ago (possibly when we upgraded, but I'm not sure), I stopped s...

by Builder in

splunkd.log error tracking

I have this error continually coming up in my splunkd.log and I cannot figure out where I need to put in the conf-cha...

by Path Finder in

Get Updates on the Splunk Community!

Monitoring Splunk

Discussions

Multiple SearchHeads (one per DC) – How to take advantage of report acceleration data?

How does Splunk choose events to scan?

How can I set a custom splunk banner/warning?

How to open the .tsidx file

Splunk DB Connect jbridge failing

Role "restrict search terms" Performance Issue

URL Monitoring using Webmon

Deployment monitor causing "maximum historical concurrent searches" warning?

Splunk reporting running out of memory on a VM server wtih 16Gig

License violations: if a sub-pool exceeds quota, what happens to the other pool's slaves?

Why is my log quota being eaten up by "invisible" files?

How to monitor specific sub folders

Sitescope Monitoring

How do I turn off debug in btool.

Possible memory leak in 4.3.6

loadjob performance

btool app name length limit

Can somebody from Splunk please explain the changes to GUI search logging

Faster way to find first occurrence of "duplicate" events

Is the directory for the splunkd.pid configurable

How do i search indexed data in Warm Db ?

Monitoring Avamar backup agent job logs

iOS Crash logs - Indexing

_internal sourcetype=searches isn't recording anything

splunkd.log error tracking

Community Content Calendar, November Edition

October Community Champions: A Shoutout to Our Contributors!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

alert action email with empty attachment

MSSP reporting

Splunk UBA

Talos Cisco IoCs Splunk ES

Problems with SA-Hydra

Monitoring Splunk

Are you a member of the Splunk Community?

Discussions