Splunk Enterprise

Community Activity

how to index hard disk only guys, i have a little question. I've been testing out splunk on windows version server. What i'm after is just retri... by li_leejohn New Member in Splunk Enterprise 06-02-2011 0 1	0	1
Cold rolling to frozen when it shouldn't? My $SPLUNK_HOME/etc/system/local/indexes.conf is below. Apparently I'm missing something because cold archives are be... by twinspop Influencer in Splunk Enterprise 04-29-2011 0 1	0	1
Cloning and shutting down an indexer So originally I thought the way cloning would work between two indexers was that data from a forwarder setup to clone... by skippylou Communicator in Splunk Enterprise 04-09-2011 2 6	2	6
received event for unconfigured/disabled index=_audit Currently, I have enabled splunk forwarder on a particular windows box with SSL encryption to the indexer. ( Although... by heterodyned Path Finder in Splunk Enterprise 03-24-2011 0 2	0	2
Splunk on a clustered file system What types of clustered file systems does Splunk support? Or, more importantly, are there any types that Splunk does... by maverick Splunk Employee in Splunk Enterprise 03-18-2011 2 3	2	3
splunk error message when launch splunk web When I launch Splunk web interface,I get next message.How to fix it? "received event for unconfigured/disabled index... by bwenge Explorer in Splunk Enterprise 02-28-2011 0 1	0	1
Index filesystem sizing We're building out new Linux Splunk servers on dedicated hardware. These servers have a rather large amount of disk ... by mfrost8 Builder in Splunk Enterprise 02-15-2011 2 2	2	2
transforms.conf - Parsing KVP pairs using DELIMS This is a sample Oracle syslog below. Anybody know if it is possible to parse the string below following the LENGTH p... by jgreen1 Engager in Splunk Enterprise 02-04-2011 3 2	3	2
inputs.conf access by root only??!?! Hi Everyone, i am having problems configuring a splunk app, here are the instructions. Configure a 'Light Weight For... by kristiaan_d Explorer in Splunk Enterprise 02-03-2011 0 3	0	3
Forcing LWF to resend (and Indexer to re-index) segment of corrupted data We recently rebuilt several endpoints and cloned the configs on them. Unfortunately, the input.conf file had the same... by TR_Splunker Engager in Splunk Enterprise 01-31-2011 1 1	1	1
Issue with some records indexing and not others... Hey everyone. I am trying to index some sizable CSV files (each line in the file is approximately 200 fields). The th... by msarro Builder in Splunk Enterprise 01-24-2011 0 1	0	1
Can i tweak log.cfg so that splunkd.log contains inputs.conf? I would like to see my list of directories from inputs.conf show up in splunkd.log. It there any attribute value that... by sfmandmdev Path Finder in Splunk Enterprise 01-18-2011 0 3	0	3
Why set maxHotBuckets > 1 in indexes.conf? I need someone to translate this from the admin manual attribute: maxHotBuckets what it configures: The maximum nu... by jeff Contributor in Splunk Enterprise 12-28-2010 2 2	2	2
What does the "TypeError: 'NoneType' object is unsubscriptable" error mean on IE? I'm having an access issue with Splunk for IE8. The error message is TypeError: 'NoneType' object is unsubscriptabl... by BunnyHop Contributor in Splunk Enterprise 10-29-2010 0 12	0	12
props.conf cant figure source Hi, I have enabled content based routing in my environment; consisting of a lightweight forwarder (A) & a splunk ser... by standias Explorer in Splunk Enterprise 10-22-2010 0 3	0	3
How can I determine what version of a thrid party package Splunk is using I'd like to know the specific version of the third-party packages (openssl, pcre, openldap, etc.) Splunk ships with. ... by Alan_Bradley Path Finder in Splunk Enterprise 09-15-2010 0 1	0	1
change hostname for indexed data dynamically? I have a bit of an issue, as I typo'd a path change this morning, and ended up with about 8-10 hours of data being in... by mcafeesecure Explorer in Splunk Enterprise 08-31-2010 2 5	2	5
Kept receiving error message at indexer Hi all, I'm trying to forward my summarized events from an indexer (machine1) to multiple indexers (machine2 and mac... by Nicholas_Key Splunk Employee in Splunk Enterprise 08-29-2010 0 1	0	1
How to generate a report on multiple indexes? There's a limitation in the dbinspect command where you cannot specify multiple indexes to report on, therefore repor... by Brian_Osburn Builder in Splunk Enterprise 08-27-2010 2 2	2	2
Extraction in props.conf not working I have following inputs.conf [script://$SPLUNK_HOME/etc/apps/mck-perflog-aix/bin/lsvgdetails.sh] index = mck-perflog... by manuarora Explorer in Splunk Enterprise 08-19-2010 2 4	2	4
Regarding the Splunk software product major, minor, and patch maintenance release cycle How often do the Splunk software product and patch maintenance releases occur? Is there a standard schedule for them ... by maverick Splunk Employee in Splunk Enterprise 06-30-2010 2 3	2	3
What is behind the volume reported by _thefishbucket index? I'm running Splunk version 4.1.3 and am seeing a significant volume being reported in _thefishbucket index. This is ... by the_wolverine Champion in Splunk Enterprise 06-24-2010 2 2	2	2
What's an authDB in current Splunk? What was it in old versions of Splunk? I see I have an "index" var/lib/splunk/authDB with nothing in it. Do I need this? Does Splunk need to maintain supp... by jrodman Splunk Employee in Splunk Enterprise 04-20-2010 1 1	1	1