Monitoring Splunk

Thread Info

SplunkD service never starts successfully after a clean install

SplunkD never starts successfully. This is the first time Splunk has ever been installed on this machine. The machine...

by New Member in

Any concern to use Splunk directly on the servers where the critical applications are running?

Hiya Thinking of using Splunk but worry Splunk takes too much PC resources if use it directly on the servers where...

by New Member in

How to search usage of "view"?

I know I can monitor the usage of saved search by saved_search_name from _audit index. However, I can't find equivale...

by Path Finder in

ERROR DatabaseDirectoryManager::Bucket

11-09-2010 00:00:57.985 INFO WatchedFile - File too small to check seekcrc, probably truncated. Will re-read entire...

by Path Finder in

How to embed google analytics code to all splunk pages?

Hi, I want to use google analytics to get user trace. In which template should I put the google analytics code so ...

by Motivator in

How to minimize splunk's memory usage

Is it possible to explicitly define how much memory splunk (splunkd and splunkweb) is allowed to use? Thanks

by Engager in

rotate input data

Hello, It looks like I'm running out of space on my splunk server. Here is the error that I received when running ...

by New Member in

Performance difference between using SEDCMD and older REGEX/TRANSFORMS method

Is there a performance difference between using the SEDCMD syntax in just props.conf versus using the older method wh...

by Splunk Employee in

Sizing a Splunk installation- and a license question too.

We're considering moving our Splunk environment from AIX to a Linux x86 box for performance reasons. My particular de...

by Builder in

A FusionIO ioDrive card with splunk?

Has anyone used an ioDrive for their splunk? I'm really curious if anyone can speak to the crazy high IOPS & throughp...

by Communicator in

Does fschange use inotify / ReadDirectoryChangesW or similar?

Does Splunk make full use of operating system specific features when monitoring for changed files? In particular, ...

by Motivator in

With coldToFrozenScript, what is responsible for deleting the bucket?

When you specify a coldToFrozenScript in indexes.conf, what is responsible for deleting the cold bucket from the inde...

by SplunkTrust in

Migrating colddb buckets to new storage.

Hi, In an attempt to increase the available storage for indexes, I am looking at moving the colddb indexes to an a...

by Explorer in

monitor latest file only

I write a script to blacklist the oldest file but splunk don't reload inputs.conf until someone restart the services ...

by Path Finder in

Looking for "high performance Splunk"

A client is looking for advice on tuning splunk for what they call "high performance" - defined as minimizing cpu, ne...

by Motivator in

Monitoring Logfiles with random number as part of the name

Our logfiles are named in the format Log.Activity.prod.###.txt where ### is random number. Also we want to leave out ...

by Explorer in

Delay of monitoring thousands of file

I monitored several thousands of file in splunk but I find it indexes the new events for more than 30 minutes. I have...

by Path Finder in

Splunk helpers.. what is it?

Hi, 'Splunk Helpers' what is this process & what does it do? Can it be stopped/started via cmdline. Obviously if c...

by Explorer in

How could events from two hosts be in the same _internal index?

What configuration needs to be in place in order for internal events from one splunk instance to be in the _internal ...

by SplunkTrust in

Splunk & Ossec intergration

Splunk seems like an all around tool. What is the advantage of incorporating the Ossec system into or with Splunk...

by New Member in

OSSEC and SPLUNK... just stopped ?

I've had both services running on the save Ubuntu 10.04 server for about a week. OSSEC is cooking along gathering inf...

by Explorer in

How do I get the most out of a 16 core server?

I have a 16 core server (HP DL580) with 32GB MEM and 2TB SAS Drives (RAID 10) capable of 800 IO/sec. I'm indexing abo...

by Splunk Employee in

terminate called after throwing an instance of 'PollableDescriptorException'

I keep getting the following error in crash logs on splunk-3.4.12-69236 64 bit. Anyone has any idea what is causing i...

by Explorer in

Need Help Troubleshooting Poor SplunkWeb Performance

Hi Folks, I could use some pointers troubleshooting some Splunk Web performance issues. Over the last few weeks...

by Explorer in

Clarification on why our license is tripping

we have a license for our QA environment for 500MB. We wanted to have the same functions (deployment, alerts, securit...

by Engager in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Monitoring Splunk

Discussions

SplunkD service never starts successfully after a clean install

Any concern to use Splunk directly on the servers where the critical applications are running?

How to search usage of "view"?

ERROR DatabaseDirectoryManager::Bucket

How to embed google analytics code to all splunk pages?

How to minimize splunk's memory usage

rotate input data

Performance difference between using SEDCMD and older REGEX/TRANSFORMS method

Sizing a Splunk installation- and a license question too.

A FusionIO ioDrive card with splunk?

Does fschange use inotify / ReadDirectoryChangesW or similar?

With coldToFrozenScript, what is responsible for deleting the bucket?

Migrating colddb buckets to new storage.

monitor latest file only

Looking for "high performance Splunk"

Monitoring Logfiles with random number as part of the name

Delay of monitoring thousands of file

Splunk helpers.. what is it?

How could events from two hosts be in the same _internal index?

Splunk & Ossec intergration

OSSEC and SPLUNK... just stopped ?

How do I get the most out of a 16 core server?

terminate called after throwing an instance of 'PollableDescriptorException'

Need Help Troubleshooting Poor SplunkWeb Performance

Clarification on why our license is tripping

Announcing the Expansion of the Splunk Academic Alliance Program

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

Splunk UBA

Talos Cisco IoCs Splunk ES

Problems with SA-Hydra

How to pause and resume the Splunk RUM agent

Logging of Restart Trigger