Splunk Enterprise

Community Activity

Reaching the license limit- What can we do to not breach the limit? We are quite close to reach the license limit, data wise, about 2 TBs off the 20 or so TBs allowed. What can we do to... by danielbb Motivator in Splunk Enterprise 04-01-2022 0 3	0	3
ERROR CMRemotePrimaryManager - Failed to evict delete for bid=index_name~XXXX.XXXX.XXXX as part of onPrimary Getting the following message in splunkd logsERROR CMRemotePrimaryManager - Failed to evict delete for bid=index_name... by dm1 Contributor in Splunk Enterprise 04-01-2022 0 1	0	1
Should I be placing the SAML configuration in a separate location? I'm having an issue with the authentication.conf file on my search head. I have the file managed in puppet with the n... by ginsburgnm Observer in Splunk Enterprise 04-01-2022 0 0	0	0
How can we ensure that the HTTP Event Collector works correctly? How can we ensure that the HTTP Event Collector works correctly? without dropping connections on the HEC endpoint, so... by danielbb Motivator in Splunk Enterprise 04-01-2022 1 0	1	0
How can to delete these leftover source types and basically start over? Is deleting the whole index the only way? Hi! I've installed DB Connect for the first time today and can successfully get data from Oracle. While testing I've ... by zith Loves-to-Learn in Splunk Enterprise 03-31-2022 0 2	0	2
Why has the Forwarding stopped suddenly for few of the forwarders? We have a distributed architecture Search head cluster with 6 hosts across 3 data centres Index cluster with 6 index... by yj055 Loves-to-Learn Lots in Splunk Enterprise 03-31-2022 0 6	0	6
How to restrict users from export data via RestAPI, CLI ? Hi splunkers, i know how we can restrict users from export data in splunk web. Does anyone happens to know , how can... by human96 Communicator in Splunk Enterprise 03-31-2022 0 8	0	8
How to write this field extraction using rex? Hi All, I'm trying to extract the card details in my logs. Just confused how to extract the two or more card details... by Kk Path Finder in Splunk Enterprise 03-31-2022 0 1	0	1
I set up a forwarder but why can't I see it on my splunk enterprise instance? Hi, I set up an universal forwarder on a docker container : 172.17.0.3 I configurated it to forward data to 172.17... by splunkatt Explorer in Splunk Enterprise 03-31-2022 0 10	0	10
Rolling restart hung on "Reassigning primaries"- How do we cancel or finish? Hello, we have an indexer cluster of two peers with replication and serach factors set to 2. The latest rolling resta... by pachinis Engager in Splunk Enterprise 03-30-2022 0 6	0	6
Why am I unable to see IIS logs from one of the servers that has forwarder installed? Splunk 6.4.3I am unable to see IIS logs from one of the servers that has forwarder installed. I have following config... by shivamchopra New Member in Splunk Enterprise 03-30-2022 0 16	0	16
Why search on sourcetype changed after migration? Hello everyone, We recently upgraded our Splunk Enterprise from 7.x to 8.1.7.2 and we noticed some changes when we ... by kiwine Observer in Splunk Enterprise 03-30-2022 0 1	0	1
Hostname or end point url of Splunk enterprise instance Hi Team, I have recently installed Splunk enterprise free trail in my pc. Created and hec event collector and hec to... by Kumar_Gana New Member in Splunk Enterprise 03-30-2022 0 4	0	4
Where is the splunk start commandline? I just install Splunk EP 6.6 on my Cne OS VM and install it b following the instruction. However, I can't start it up... by winniew13 New Member in Splunk Enterprise 03-30-2022 0 2	0	2
How to upgrade Splunk from 8.2.2 to latest version? i want to upgrade splunk from 8.2.2 to latest version. is there a way to output the data stored in Splunk to another... by human96 Communicator in Splunk Enterprise 03-29-2022 0 0	0	0
Why shouldn't dropEventsOnQueueFull config be used while monitoring files? In our outputs.conf for our splunk forwarders we have two tcpout target groups ([tcpout:<target_group>]) . Both tcpou... by jangusprangus Engager in Splunk Enterprise 03-29-2022 0 2	0	2
Why is my case command with less than or equal to operator not categorizing correctly? Hi All, I have the below line of code to categorize transactions based on the response time (duration) taken in secon... by lrnr01 Observer in Splunk Enterprise 03-29-2022 0 2	0	2
How to create time/date token for a dbxlookup? Hello, Need to create a date/time token for a dbxlookup. The default values for start needs to be Thursday from the p... by genesiusj Builder in Splunk Enterprise 03-29-2022 0 1	0	1
How to create a drilldown to another window in splunk dashboard? i have a table in dashboard generated from stats and a time picker in my dashboard. Based on value selected in timep... by splunker2022 Explorer in Splunk Enterprise 03-29-2022 0 5	0	5
How to make a custom REST endpoint in Splunk? How do I make a custom REST endpoint in Splunk? I am struggling to find documentation that explains how to make one. by LukeMurphey Champion in Splunk Enterprise 03-29-2022 1 4	1	4
How to integrate Proxy certificate into Splunk Python? I am getting error "unable to verify SSL certificate" error while AWS / GCP addon is trying to fetch data from AWS / ... by ckp123 Path Finder in Splunk Enterprise 03-29-2022 0 1	0	1
How to resolve when the memory spike occurs in splunk indexer? How to resolve memory spike ? by human96 Communicator in Splunk Enterprise 03-28-2022 0 7	0	7
Why is Splunk not ingesting .txt logfiles starting with a numeric value? I am trying to bring in some .txt logfiles using Splunk forwarder. There are several logs in the directory, such as L... by dbrooks_CIR New Member in Splunk Enterprise 03-28-2022 0 3	0	3
Where to download Splunk Exchange app? Hello, I've been trying to find and download Splunk Exchange app from the archive, but I couldn't find it. I know the... by cjaramilloc Explorer in Splunk Enterprise 03-28-2022 0 3	0	3
Why are we getting alerts for a disabled user? Hi there,One of my colleague having admin access has created a dashboard for audit to know that who logged into Splun... by Mohanveera1 Explorer in Splunk Enterprise 03-28-2022 0 4	0	4