Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
All Posts
Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- All Posts
All Posts
01-22-2024
01:23 AM
Hi We have a cloud instance , however we would like have predictive storage analysis for feature requirement. As part of the i was trying to look after the accurate options available. While look at...
See more...
Hi We have a cloud instance , however we would like have predictive storage analysis for feature requirement. As part of the i was trying to look after the accurate options available. While look at it ,i noticed that our daily ingestion data is around 450-500 GB but when i check the Searchable storage (DDAS) has increased around 60GB compared to previous day. Could you please let me know whether i'm missing anything while doing this calculations. Secondly, is there a way to do predictable SVC & Storage analysis (DDAS & DDAA) for future requirement.
- Tags:
- using Splunk Cloud
Labels
- Labels:
-
using Splunk Cloud
01-22-2024
01:10 AM
Hello! Tell me, is there a ready-made solution in splunk that makes is possible to save data from dashboards into excel. This functionality is needed for all existing dashboards. It would be nice if ...
See more...
Hello! Tell me, is there a ready-made solution in splunk that makes is possible to save data from dashboards into excel. This functionality is needed for all existing dashboards. It would be nice if the xls item appeared on the export button. Thank you!
Labels
01-22-2024
12:54 AM
Hello, I'm encountering an issue with Splunk Forwarder on a Windows Server OS. When it runs under the "SplunkForwarder" user, it fails to send Sysmon logs. Surprisingly, the forwarding works correct...
See more...
Hello, I'm encountering an issue with Splunk Forwarder on a Windows Server OS. When it runs under the "SplunkForwarder" user, it fails to send Sysmon logs. Surprisingly, the forwarding works correctly when the forwarder is configured to run as the "SYSTEM" user. While this resolves the immediate problem, I'm hesitant to continue using the "SYSTEM" user due to its extensive access to system resources. I'm seeking a better solution that allows the Splunk Forwarder to send Sysmon logs without compromising security. Any guidance on this matter would be greatly appreciated. Thank you.
Labels
- Labels:
-
universal forwarder
01-22-2024
12:51 AM
Yep. My version works too (of course if you do stats afterwards and not include the "zipped" field, it will vanish).
01-22-2024
12:47 AM
Command passed under search of my Monitoring Console, I have all my 17 Indexers "Up" with the right site repartion. I dont see the decomissionned indexer who dont have any splunkd running. (Splunkd...
See more...
Command passed under search of my Monitoring Console, I have all my 17 Indexers "Up" with the right site repartion. I dont see the decomissionned indexer who dont have any splunkd running. (Splunkd have been disabled). Thanks
01-22-2024
12:40 AM
Here is the result when I did it Please share your search for when you didn't get the result you were expecting
01-22-2024
12:36 AM
OK. Looks relatively good. Try to run | rest splunk_server=<your_cluster_manager> /services/cluster/manager/peers | table label site status from your MC
01-22-2024
12:28 AM
What do you mean by "I integrated my UF with Splunk"? Also the usual questions. 1. Do you have _any_ events from this forwarder (especially forwarder's own logs in _internal index) in your Splunk? ...
See more...
What do you mean by "I integrated my UF with Splunk"? Also the usual questions. 1. Do you have _any_ events from this forwarder (especially forwarder's own logs in _internal index) in your Splunk? 2. Do you have connectivity from your UF to your receiving component(s)? Did you verify it manually? 3. Did you check your forwarder's logs ($SPLUNK_HOME/var/log/splunk/splunkd.log) for errors?
01-22-2024
12:23 AM
1 Karma
While there is no explicitly stated mpreview introduction in the 8.1.0 changelog, the command itself shows in the 8.1.0 version of the docs which suggests it wasn't available in previous versions and...
See more...
While there is no explicitly stated mpreview introduction in the 8.1.0 changelog, the command itself shows in the 8.1.0 version of the docs which suggests it wasn't available in previous versions and was introduced in 8.1
01-22-2024
12:07 AM
splunk btool server list clustering | grep factor Hi thanks, here is the output : etc/system/default/servers.conf >>> ack_factor = 0 etc/apps/MULTI_SITE_APP/local/server.conf >>> replication...
See more...
splunk btool server list clustering | grep factor Hi thanks, here is the output : etc/system/default/servers.conf >>> ack_factor = 0 etc/apps/MULTI_SITE_APP/local/server.conf >>> replication factor = 2 etc/apps/MULTI_SITE_APP/local/server.conf >>>search_factor = 2 etc/apps/MULTI_SITE_APP/local/server.conf >>>site_replication_factor = origin:1, site1:1, site2:1 total 2 etc/apps/MULTI_SITE_APP/local/server.conf >>>site_search_factor = origin:1, site1:1, site2:1 total 2 etc/system/default/server.conf >>> replication factor = 3 Regards,
01-21-2024
11:57 PM
I have enabled sysevent and sys_audit in splunk instance. But I am not receiving any logs from the servicenow. Do I have to configure anything on servicenow
Labels
- Labels:
-
configuration
-
troubleshooting
01-21-2024
11:23 PM
Can you please say, what do we need to enable on servicenow instance to send it's log to splunk. I enabled sysevent and syslog_audit on splunk instance. But not receiving logs. What to do?
01-21-2024
11:12 PM
I installed Universal Forwarder On Linux Machine and integrate it with Splunk , but their is no logs returned on Splunk Search Head , as per your Knowledge I`m currently working on distributed Splun...
See more...
I installed Universal Forwarder On Linux Machine and integrate it with Splunk , but their is no logs returned on Splunk Search Head , as per your Knowledge I`m currently working on distributed Splunk Enterprise . Any Recommendations ?
Labels
01-21-2024
10:58 PM
Hi @SplunkySplunk , as @inventsekar said, these are thre ways to accelerate searches that runs in a different way and that re to use in different conditions. e.g. I used report acceleration when I ...
See more...
Hi @SplunkySplunk , as @inventsekar said, these are thre ways to accelerate searches that runs in a different way and that re to use in different conditions. e.g. I used report acceleration when I had a dashboard with many real time searches, used by many users: I created an accelerated report that was visualized in the dashboard, in this way I had a near real time dashboard used by many users, that runned only one search. Data Models, are the most efficient solution if you have to search only using predefined fields. Summary indexes are very useful when you want to reduce and structure your logs: e.. if you have the logs from a fireawll (that usually are very many and with many fields not always used!), you can reduce the logs and use the reducted logs for your searches, also on raw (reducted) logs. As me and @inventsekar said, it depends on what is your requirement. Ciao. Giuseppe
01-21-2024
10:09 PM
Hi team, Could you please support on my request.
01-21-2024
09:26 PM
I did not found and i am also looking for the solution.
01-21-2024
09:19 PM
I have updated the universal forwarder with RPM and deb packages and following commands: rpm -Uvh and dpkg -i
01-21-2024
08:50 PM
01-21-2024
08:25 PM
Two questions. In addition to comparison of host values for the purpose of exclusion, is there any other information you want to extract from sysmon_index? I will assume no. Is presence in sysmon...
See more...
Two questions. In addition to comparison of host values for the purpose of exclusion, is there any other information you want to extract from sysmon_index? I will assume no. Is presence in sysmon_index necessary and sufficient for exclusion? I will assume yes. With these assumptions, you don't need stats. The following subsearch should suffice: index=dhcp_source_index NOT
[search index=sysmon_index
| stats values(host) as host]
01-21-2024
06:01 PM
Possible solution would be a missing JRE installation. https://docs.splunk.com/Documentation/DBX/3.15.0/DeployDBX/Prerequisites#Java_Runtime_Environment_.28JRE.29_requirements Validate JRE is insta...
See more...
Possible solution would be a missing JRE installation. https://docs.splunk.com/Documentation/DBX/3.15.0/DeployDBX/Prerequisites#Java_Runtime_Environment_.28JRE.29_requirements Validate JRE is installed: java --version If nothing is returned, then on Ubuntu: sudo apt install default-jre Restart Splunk.
