Monitoring Splunk

Discussions

Thread Info

Splunk generating tons of fcntl Solaris audit records

I have a Solaris 10 SPARC server that is running Splunk 4.1. It's configured to generate audit logs to syslog, create...

by New Member in

Interpreting metrics log values

What is the significance of cumulative_hits below? Search match hits? number of events returned from a search? 07-...

by Splunk Employee in

ERROR WordPositionData - couldn't parse hash code (SPL-31080)

Crash results in corrupt metadata preventing Splunk from starting up again. Look for following line before crash in s...

by Engager in

New Splunk install to Monitor WebSphere 7.0

Hi, I am having problems getting Splunk to monitor WebSphere V7. I have enabled PMI on WebSphere and installed ...

by Engager in

Benchmarking search: indexer vs search head.

I've just setup a search head that will search across 2 load balanced indexers. I'd like to compare the execution ti...

by Splunk Employee in

Multiple indexes + disk space usage

So if I follow the data space and retirement process correctly, it works in a circular manner with old data being del...

by Communicator in

"Cannot parse into key-value pair" error after upgrading to 4.1.4

I just upgraded one of my splunk forwarders to version 4.1.4 and now I'm seeing the following error message in my int...

by Super Champion in

I'm getting GetDriverHandle: Unable to install driver. Errors...

"Hi support I am receiving a lot of these messages in my light forwarder's splunkd.log 06-29-2010 14:27:05.615 ERROR ...

by Splunk Employee in

Error adding SSHFS mount as a data input

on a mac os x server, I am trying to add a directory as input. I encounter the following error when trying to save th...

by New Member in

Memory use in HP-Ux

Does someone know how much memory and CPU the Splunk agent uses when installed under HP-Ux? And how does the Splunk A...

by Engager in

Decomposition is not trusted

I have noticed that Splunkd.log is recording the following error: web_service.log:2010-06-27 12:21:18,769 ERROR Tr...

by Explorer in

Splunk performance problems

We've got Splunk running on a Windows 2003 R2 x64 server with 8 GB of memory, and two dual-core 3.0 GHz processors. ...

by Communicator in

Performance improvement by having multiple indexes?

A client asks: is there any performance improvement by having multiple indexes? I'm guessing that there would be, ...

by Motivator in

Does splunk capture information for configuration changes

is there a way to track configuration changes to splunk - either via splunkweb or command line? The idea is: Lets say...

by Splunk Employee in

How to get Splunk aware of the changes in inputs.conf of an app without restarting Splunk?

Hi all, I've been searching high and low to understand how to get Splunk aware of the changes in inputs.conf of an...

by Splunk Employee in

Trying to understand "Average Execution lag" on the scheduler_status view

I'm looking on the "Overview" (scheduler_status) view in the Splunk 4.1 Search app and I'm trying to understand what ...

by Super Champion in

Is there a way for Splunk to understand app-specific variables so that the variables usable in input.conf?

I'm currently working with inputs.conf and would like to have the stanzas recognize the values that are assigned to t...

by Splunk Employee in

Output of 'splunk list monitor'

Is the output of 'splunk list monitor' clipped at all? I have a directory with (approx) 50 log files, but the out...

by SplunkTrust in

Monitoring TCP output from a telephone switch.

I want to use Splunk to monitor the error output of a telephone switch. I can easily see the data by connecting to th...

by New Member in

Backup and restore of Splunk??

Hi, Been trying to backup and restore of Splunk indexer and the steps that I took to backup our splunk server is: ...

by Path Finder in

Splunkd crash log - couldn't parse hash code

The following line is found when I try to restart the stopped splunkd process:- 05-12-2010 14:30:50.819 ERROR Word...

by Engager in

Splunk search 'plan'

Is there anyway to run an sql like 'plan' on a splunk search to determine efficiency?

by Communicator in

Why is my search taking so long to run?

When I queried a new Summary Index with only 100k of events and 16MB of size, the response time of the a simple query...

by Splunk Employee in

Disable monitoring of sub directories

Hello How can I monitor the files within a directory but ignore its subdirectories? e.g. I want to monitor all ...

by Path Finder in

How can I resolve the error - "The minimum free disk space (2048MB) reached for /opt/splunk/var/run/splunk/dispatch" ?

I just upgraded to version 4.1 and I'm seeing this message in the UI. My minimum free disk space is 1GB and I haven't...

by Splunk Employee in

Get Updates on the Splunk Community!

Monitoring Splunk

Discussions

Splunk generating tons of fcntl Solaris audit records

Interpreting metrics log values

ERROR WordPositionData - couldn't parse hash code (SPL-31080)

New Splunk install to Monitor WebSphere 7.0

Benchmarking search: indexer vs search head.

Multiple indexes + disk space usage

"Cannot parse into key-value pair" error after upgrading to 4.1.4

I'm getting GetDriverHandle: Unable to install driver. Errors...

Error adding SSHFS mount as a data input

Memory use in HP-Ux

Decomposition is not trusted

Splunk performance problems

Performance improvement by having multiple indexes?

Does splunk capture information for configuration changes

How to get Splunk aware of the changes in inputs.conf of an app without restarting Splunk?

Trying to understand "Average Execution lag" on the scheduler_status view

Is there a way for Splunk to understand app-specific variables so that the variables usable in input.conf?

Output of 'splunk list monitor'

Monitoring TCP output from a telephone switch.

Backup and restore of Splunk??

Splunkd crash log - couldn't parse hash code

Splunk search 'plan'

Why is my search taking so long to run?

Disable monitoring of sub directories

How can I resolve the error - "The minimum free disk space (2048MB) reached for /opt/splunk/var/run/splunk/dispatch" ?

Preparing your Splunk Environment for OpenSSL3

Deprecation of Splunk Observability Kubernetes “Classic Navigator” UI starting ...

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

Splunk UBA

Talos Cisco IoCs Splunk ES

Problems with SA-Hydra

How to pause and resume the Splunk RUM agent

Logging of Restart Trigger