Splunk Enterprise

Discussions

Thread Info

Forcing LWF to resend (and Indexer to re-index) segment of corrupted data

We recently rebuilt several endpoints and cloned the configs on them. Unfortunately, the input.conf file had the same...

by Engager in

Issue with some records indexing and not others...

Hey everyone. I am trying to index some sizable CSV files (each line in the file is approximately 200 fields). The th...

by Builder in

Can i tweak log.cfg so that splunkd.log contains inputs.conf?

I would like to see my list of directories from inputs.conf show up in splunkd.log. It there any attribute value that...

by Path Finder in

Why set maxHotBuckets > 1 in indexes.conf?

I need someone to translate this from the admin manual attribute: maxHotBuckets what it configures: The ...

by Contributor in

What does the "TypeError: 'NoneType' object is unsubscriptable" error mean on IE?

I'm having an access issue with Splunk for IE8. The error message is TypeError: 'NoneType' object is unsubscriptab...

by Contributor in

props.conf cant figure source

Hi, I have enabled content based routing in my environment; consisting of a lightweight forwarder (A) & a splunk s...

by Explorer in

How can I determine what version of a thrid party package Splunk is using

I'd like to know the specific version of the third-party packages (openssl, pcre, openldap, etc.) Splunk ships with. ...

by Path Finder in

change hostname for indexed data dynamically?

I have a bit of an issue, as I typo'd a path change this morning, and ended up with about 8-10 hours of data being in...

by Explorer in

Kept receiving error message at indexer

Hi all, I'm trying to forward my summarized events from an indexer (machine1) to multiple indexers (machine2 and m...

by Splunk Employee in

How to generate a report on multiple indexes?

There's a limitation in the dbinspect command where you cannot specify multiple indexes to report on, therefore repor...

by Builder in

Extraction in props.conf not working

I have following inputs.conf [script://$SPLUNK_HOME/etc/apps/mck-perflog-aix/bin/lsvgdetails.sh] index = mck-perfl...

by Explorer in

Regarding the Splunk software product major, minor, and patch maintenance release cycle

How often do the Splunk software product and patch maintenance releases occur? Is there a standard schedule for them ...

by Splunk Employee in

What is behind the volume reported by _thefishbucket index?

I'm running Splunk version 4.1.3 and am seeing a significant volume being reported in _thefishbucket index. This is c...

by Champion in

What's an authDB in current Splunk? What was it in old versions of Splunk?

I see I have an "index" var/lib/splunk/authDB with nothing in it. Do I need this? Does Splunk need to maintain suppor...

by Splunk Employee in

Get Updates on the Splunk Community!

Splunk Enterprise

Discussions

Forcing LWF to resend (and Indexer to re-index) segment of corrupted data

Issue with some records indexing and not others...

Can i tweak log.cfg so that splunkd.log contains inputs.conf?

Why set maxHotBuckets > 1 in indexes.conf?

What does the "TypeError: 'NoneType' object is unsubscriptable" error mean on IE?

props.conf cant figure source

How can I determine what version of a thrid party package Splunk is using

change hostname for indexed data dynamically?

Kept receiving error message at indexer

How to generate a report on multiple indexes?

Extraction in props.conf not working

Regarding the Splunk software product major, minor, and patch maintenance release cycle

What is behind the volume reported by _thefishbucket index?

What's an authDB in current Splunk? What was it in old versions of Splunk?

Observability Highlights | January 2023 Newsletter

Security Highlights | January 2023 Newsletter

Platform Highlights | January 2023 Newsletter

Tag event data based on patterns and keywords conf...

How to generate a certificate for encryption OKTA-...

Thresholds aggregated by the ITSI Service

Can you nullQueue metrics indexes?

How I can combine avgCpuUtilization and maxCpuUtil...