Hi We have a splunk installation with smart store enabled. We have plenty of cache on disk, so we are no near the space padding setting. I have seen bucket downloads from the S3, and I did not e...
See more...
Hi We have a splunk installation with smart store enabled. We have plenty of cache on disk, so we are no near the space padding setting. I have seen bucket downloads from the S3, and I did not expect that. So my question is, do Splunk pre-emptive evict buckets, even if there are enough space ? I se no documentation that states it does anything else than LRU. Regards André
Dear Cansel, The query you have shared is running properly on one collector, but what if there are multiple collectors? It is showing me the wait state with its numeric IDs and giving a count for i...
See more...
Dear Cansel, The query you have shared is running properly on one collector, but what if there are multiple collectors? It is showing me the wait state with its numeric IDs and giving a count for it as well. Another thing was, can I show the name of query with it's ID? Please check if the query is right or wrong because it is still not showing. One more thing, I want to let you know my setup is on prem. Please find the attachment below Thanks & Regards, Hardik
@SOARt_of_Lost the only way I can think of initially is to have a scheduled playbook to check for containers from notables without artifacts and then run the relevant playbook against them. Timer app...
See more...
@SOARt_of_Lost the only way I can think of initially is to have a scheduled playbook to check for containers from notables without artifacts and then run the relevant playbook against them. Timer app would be used to create the container to kick the utility playbook off as regularly as you want.
I want to deploy a single Splunk collector in my AWS ECS cluster which will 1. Collect all resource metrics for other running tasks within the same cluster 2. Receive, process and forward all custo...
See more...
I want to deploy a single Splunk collector in my AWS ECS cluster which will 1. Collect all resource metrics for other running tasks within the same cluster 2. Receive, process and forward all custom OT metrics sent to it by the applications themselves. Is this possible? Thanks
Hi Tony, Based on your first screenshot this is normal, Yes tier was created but the agent is not working anymore. Can you please answer below in order to understand situation? 1- Is this monolith...
See more...
Hi Tony, Based on your first screenshot this is normal, Yes tier was created but the agent is not working anymore. Can you please answer below in order to understand situation? 1- Is this monolith Java App 2-Do you have more than 1 JVM instance on same host Thanks Cansel
Hi @dhruvisha2345, if you created the new app by GUI, you have only to upload a file and Splunk automaticall add the appserver/static folder. If you created the app by SH, you have to manually crea...
See more...
Hi @dhruvisha2345, if you created the new app by GUI, you have only to upload a file and Splunk automaticall add the appserver/static folder. If you created the app by SH, you have to manually create it. Ciao. Giuseppe
I created a role with the capabilities 'edit_license' and 'edit_user', but I didn't receive all the users from the GET request to the URL: /services/authentication/users?output_mode=json. It only ret...
See more...
I created a role with the capabilities 'edit_license' and 'edit_user', but I didn't receive all the users from the GET request to the URL: /services/authentication/users?output_mode=json. It only returned part of the users. Without the role 'edit_license', I received the following error: "messages": [ { "type": "ERROR", "text": "Unauthorized" } ] What are the minimum permissions required to retrieve all users, and does anyone know if this is the same for Splunk Cloud?
Hi William, Think this issue hitting to OS - java version problem. To localize this issue can you try the machine agent bundle java .zip version instead of "rpm" package with same agent version? A...
See more...
Hi William, Think this issue hitting to OS - java version problem. To localize this issue can you try the machine agent bundle java .zip version instead of "rpm" package with same agent version? Another thing is can you please try to install the machine agent with "rpm" way with older version like 23.x.x. Based on your experience if you can share the latest update we can localize your problem. Thanks Cansel
Hello all, I am trying to ingest metrics via Opentelemetry in an enterprise environment. I have installed the Splunk Add-On for OpenTelemetry Collector , which according to the documentation is comp...
See more...
Hello all, I am trying to ingest metrics via Opentelemetry in an enterprise environment. I have installed the Splunk Add-On for OpenTelemetry Collector , which according to the documentation is compatibl
I have some doubts to configure it: where can you know the following connection points that my enterprise environment has? - SPLUNK_API_URL: The Splunk API URL, e.g. https://api.us0.signalfx.com - SPLUNK_INGEST_URL: The Splunk ingest URL, e.g. https://ingest.us0.signalfx.com - SPLUNK_LISTEN_INTERFACE: The network interface the agent receivers listen on.¿? - SPLUNK_TRACE_URL: The Splunk trace endpoint URL, e.g. https://ingest.us0.signalfx.com/v2/trace
Is there a configuration file where to view it? Do I have to do some step before to get those services up?
thanks in advance
BR
JAR
T
Hello, The UI of my search head is not loading ...I am seeing only a white screen with no error message as such ..Splunkd is also running ...Kindly suggest?
Hi Hardik, Actually, this is not a syntax error, after "FROM" you specify the data source and there is no data source like "DB5". You have to use "dbmon_wait_time" this comes from event service shar...
See more...
Hi Hardik, Actually, this is not a syntax error, after "FROM" you specify the data source and there is no data source like "DB5". You have to use "dbmon_wait_time" this comes from event service shards. Another thing is (sorry this is my fault ) I accidentally removed "count" before " (`wait-state-id`) " that is bolded below. Btw this query is based on a controller that has only 1 DB collector, if you have more than 1 collector you need to specify 'server-id' column with "WHERE" clause. SELECT `wait-state-id`, count(`wait-state-id`) FROM dbmon_wait_time Thanks Cansel
I am a beginner in splunk and I have created a new app in the Splunk Enterprise.I am not able to see appserver folder in the newly created app? How can I add that directory?
Hi Sikka, SaaS platform serving as a multitenant controller it is really hard to manage this kind operation if you dont have any real technical issue. So you can kindly ask this to support team or...
See more...
Hi Sikka, SaaS platform serving as a multitenant controller it is really hard to manage this kind operation if you dont have any real technical issue. So you can kindly ask this to support team or your account manager with a support ticket. Based my older experience it is not impossible but it can charge additional cost for you just because professional service. Thanks Cansel
Hi, 1- All Analytics data include Log Analytics stored in your SaaS Event service (based on your controller type you can also store in on-prem.) 2-Storege Management default for SaaS based on your...
See more...
Hi, 1- All Analytics data include Log Analytics stored in your SaaS Event service (based on your controller type you can also store in on-prem.) 2-Storege Management default for SaaS based on your license type. If you have ; * PoC license default 8 days analytic retention period * Prod (paid) license default retention for analytics 30days * You can also increase this retention up to 90 days if you paid additionaly per license. This values are constant on SaaS if you are using on-prem default retention value is also same but you can reduce retention day based on your storage size. 3- there is no way to increase your your default retention orher than license type and yes ypu can only"reduce" your retention period "only" on-prem event service. Thanks Cansel