Splunk Enterprise

Discussions

Thread Info

inputs.conf access by root only??!?!

Hi Everyone, i am having problems configuring a splunk app, here are the instructions. Configure a 'Light Weight F...

by Explorer in

Forcing LWF to resend (and Indexer to re-index) segment of corrupted data

We recently rebuilt several endpoints and cloned the configs on them. Unfortunately, the input.conf file had the same...

by Engager in

Issue with some records indexing and not others...

Hey everyone. I am trying to index some sizable CSV files (each line in the file is approximately 200 fields). The th...

by Builder in

Can i tweak log.cfg so that splunkd.log contains inputs.conf?

I would like to see my list of directories from inputs.conf show up in splunkd.log. It there any attribute value that...

by Path Finder in

Why set maxHotBuckets > 1 in indexes.conf?

I need someone to translate this from the admin manual attribute: maxHotBuckets what it configures: The ...

by Contributor in

What does the "TypeError: 'NoneType' object is unsubscriptable" error mean on IE?

I'm having an access issue with Splunk for IE8. The error message is TypeError: 'NoneType' object is unsubscriptab...

by Contributor in

props.conf cant figure source

Hi, I have enabled content based routing in my environment; consisting of a lightweight forwarder (A) & a splunk s...

by Explorer in

How can I determine what version of a thrid party package Splunk is using

I'd like to know the specific version of the third-party packages (openssl, pcre, openldap, etc.) Splunk ships with. ...

by Path Finder in

change hostname for indexed data dynamically?

I have a bit of an issue, as I typo'd a path change this morning, and ended up with about 8-10 hours of data being in...

by Explorer in

Kept receiving error message at indexer

Hi all, I'm trying to forward my summarized events from an indexer (machine1) to multiple indexers (machine2 and m...

by Splunk Employee in

How to generate a report on multiple indexes?

There's a limitation in the dbinspect command where you cannot specify multiple indexes to report on, therefore repor...

by Builder in

Extraction in props.conf not working

I have following inputs.conf [script://$SPLUNK_HOME/etc/apps/mck-perflog-aix/bin/lsvgdetails.sh] index = mck-perfl...

by Explorer in

Regarding the Splunk software product major, minor, and patch maintenance release cycle

How often do the Splunk software product and patch maintenance releases occur? Is there a standard schedule for them ...

by Splunk Employee in

What is behind the volume reported by _thefishbucket index?

I'm running Splunk version 4.1.3 and am seeing a significant volume being reported in _thefishbucket index. This is c...

by Champion in

What's an authDB in current Splunk? What was it in old versions of Splunk?

I see I have an "index" var/lib/splunk/authDB with nothing in it. Do I need this? Does Splunk need to maintain suppor...

by Splunk Employee in

Get Updates on the Splunk Community!

Splunk Enterprise

Discussions

inputs.conf access by root only??!?!

Forcing LWF to resend (and Indexer to re-index) segment of corrupted data

Issue with some records indexing and not others...

Can i tweak log.cfg so that splunkd.log contains inputs.conf?

Why set maxHotBuckets > 1 in indexes.conf?

What does the "TypeError: 'NoneType' object is unsubscriptable" error mean on IE?

props.conf cant figure source

How can I determine what version of a thrid party package Splunk is using

change hostname for indexed data dynamically?

Kept receiving error message at indexer

How to generate a report on multiple indexes?

Extraction in props.conf not working

Regarding the Splunk software product major, minor, and patch maintenance release cycle

What is behind the volume reported by _thefishbucket index?

What's an authDB in current Splunk? What was it in old versions of Splunk?

Developer Spotlight with Brett Adams

Index This | What can you do to make 55,555 equal 500?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

native saml auth with shibboleth

Upgrading Enterprise from 9.1.7 -> 9.2.4: hit cloc...

test of rolling-restart using rest api

SSL certificate check with SNI (Server Name Indica...

Higher memory usage with 9.4.0 splunkd process.