Monitoring Splunk

Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
wmosher

DISTRIBUTED SEARCH: performance -vs- highavailability

We'd like to do a distributed search setup but it doesn't look like we'll be able to afford a second cluster of searc...
by wmosher Path Finder in Monitoring Splunk 05-12-2011
0 2
0
2
Jason

Settings to improve Splunk performance on high-spec boxes?

Are there any settings that can be set to help Splunk make better use of a high-end box? (I'm currently working with ...
by Jason Motivator in Monitoring Splunk 05-11-2011
1 3
1
3
brettski

What is the frequency with which log files are read?

I am trying to determine what the frequency is that Splunk reads log files. I have Data Inputs setup against 5 web s...
by brettski Explorer in Monitoring Splunk 05-09-2011
1 4
1
4
nurtdi

Large number of errors processing data from forwarders over SSL

The data is being indexed, but a lot of errors in splunkd.log this is a snippet of log after running splunk indexer ...
by nurtdi Path Finder in Monitoring Splunk 05-04-2011
1 2
1
2
howyagoin

Can splunk-optimize kill my box?

Last night around 2345 a splunk-optimize process seems to have kicked off, and my server has essentially been unrespo...
by howyagoin Contributor in Monitoring Splunk 04-26-2011
0 2
0
2
sthao

How does indexing affect hard drive space?

I am indexing to the main index and it has a max size of 500000 MB defined. So far, I have indexed about 14,000 MB o...
by sthao New Member in Monitoring Splunk 04-26-2011
0 3
0
3
gobofo

Deployment Monitor upgrade

Tried to update Deployment Monitor to newer version via the application manager, had a comment a new version was avai...
by gobofo New Member in Monitoring Splunk 04-25-2011
0 1
0
1
albert_newton

Low in disk space. Indexing has been paused.

I am getting this message, when I start splunk (version 4.2): 'You are low in disk space on partition "/opt/splunk/v...
by albert_newton New Member in Monitoring Splunk 04-14-2011
0 3
0
3
vbumgarner

How many files does ignoreOlderThan help with?

I have a couple of directories with 120,000 files in each. This is a file every 5 minutes or so for the last 6 months...
by vbumgarner Contributor in Monitoring Splunk 04-14-2011
1 1
1
1
mctester

Why is Splunk writing errors to splunkd.log when I set memory limits above the minimum requirement?

As an alternative to relying on the Splunk 4.1.7 Light Forwarder to set and manage its own upper memory usage limit I...
by mctester Communicator in Monitoring Splunk 04-13-2011
0 1
0
1
jambajuice

Inputlookup vs. summary index performance

If I have a bunch of events in a tabular format that I wish to search for various charts on a dashboard, is it faster...
by jambajuice Communicator in Monitoring Splunk 04-12-2011
1 2
1
2
Nicholas_Key

Monitor doesn't work with env variable in inputs.conf

I observed that none of the log files are not indexed into Splunk when I used the environment variable, in my case it...
by Nicholas_Key Splunk Employee Splunk Employee in Monitoring Splunk 04-11-2011
0 5
0
5
cfalzone

Splunk Daemon Crashing

Just downloaded Splunk 4.1.3 for windows 32 bit. Running Windows 7 32 bit Enterprise Edition. This is what I am get...
by cfalzone New Member in Monitoring Splunk 04-01-2011
0 2
0
2
maverick

Can I make my LWF (lightwieght forwarder) even MORE lightweight that it is out-of-the-box (i.e. Super LightWeight)?

If so, how? What else can I disable or streamline such that my LWF takes up even less local resources?
by maverick Splunk Employee Splunk Employee in Monitoring Splunk 03-28-2011
1 4
1
4
offtheboxuser

Splunk - monitoring a wireshark file

i'm newbie to splunk and i'm trying to get splunk monitor a capture file from Wireshark. i set wireshark to capture t...
by offtheboxuser Engager in Monitoring Splunk 03-25-2011
2 3
2
3
jgauthier

Monitor,transforms?

I am trying to monitor a file on a forwarder. I don't wish to send all the contents, as there is unnecessary data in...
by jgauthier Contributor in Monitoring Splunk 03-24-2011
0 4
0
4
roccotocco

Monitor multi directory and using whitelisting

I have to monitorize multiple log such access_log, error_log and xferlog_regular files in a different categories. The...
by roccotocco New Member in Monitoring Splunk 03-23-2011
0 1
0
1
Lowell

Interpreting execution costs on the Job Inspector page.

Are there any docs or other helpful resources to help explain the Execution costs chart on the Job Inspector page? H...
by Lowell Super Champion in Monitoring Splunk 03-22-2011
6 4
6
4
yannK

why is the windows app generating crash reports in my windows event logs ?

Since I deployed the windows app on my forwarder, I am seeing crashes reported in my windows event logs. But splunk i...
by yannK Splunk Employee Splunk Employee in Monitoring Splunk 03-18-2011
1 3
1
3
zliu

Crash with error "/opt/splunk/p4/splunk/branches/prince/src/search/processors/SortProcessor.cpp:297: bool rescomp_t::operator<(rescomp_t) const: Assertion `first.size() == other.first.size()' failed."

Whenever do a particular search, Splunk always crashes with error "/opt/splunk/p4/splunk/branches/prince/src/search...
by zliu Splunk Employee Splunk Employee in Monitoring Splunk 03-18-2011
0 2
0
2
rupesh212121

where to save rotated logs?

my question exactly means that suppose my logs are rotated constantly. for example access.log becomes access.log1 aft...
by rupesh212121 Explorer in Monitoring Splunk 03-18-2011
0 3
0
3
rupesh212121

where the rotated logs get save in splunk

where the rotated logs get saved in splunk.
by rupesh212121 Explorer in Monitoring Splunk 03-18-2011
0 1
0
1
dkoski

Sending to different index based on host from syslog stream

Ok, so I'm not sure what I'm doing wrong here. I need to send data coming in on the standard syslog UDP 514 stream b...
by dkoski Engager in Monitoring Splunk 03-10-2011
1 9
1
9
jasonnadeau

inputs.conf precendence

I am having problems with splunk configuration file precedence. I have two inputs.conf in my splunk app. One in defa...
by jasonnadeau Explorer in Monitoring Splunk 03-08-2011
2 2
2
2
frankyip

Is RAID controller driver necessary for Redhat 5.6

Hi, We shall install SPLUNK on new IBM x3650M3 server with 12 SAS HD, 8 GB RAM and 2 E5630 CPU. OS is Redhat 5.6. RAI...
by frankyip Engager in Monitoring Splunk 02-17-2011
0 1
0
1
Claim a $25 Cisco Store Gift Card
Help us improve the Splunk Community and complete our survey today!
Get Updates on the Splunk Community!

Unlock Instant Security Insights from Amazon S3 with Splunk Cloud — Try Federated ...

Availability: Must be on Splunk Cloud Platform version 10.1.2507.x to view the free trial banner. If you are ...

What's New in Splunk Observability - November 2025

What's New We’re excited to announce the latest enhancements to Splunk Observability Cloud and ...

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Hi friends!    At Splunk, your product success is our top priority. With Enterprise Security (ES), we're here ...
Top Solution Authors
View All