Hi I afraid that you must do this in HF or IDX with props and transforms? The reason for that is those file/directory names. I think that splunk internally expand those in one equal name and for that...
See more...
Hi I afraid that you must do this in HF or IDX with props and transforms? The reason for that is those file/directory names. I think that splunk internally expand those in one equal name and for that reason you have only one monitoring stanza not three? Maybe you could try to put those in different order, put that wildcard only into latest. Use btool to look how splunk see those and in which order it put those. Another tool to check how those are read is use “splunk list inputstatus” that shows which files it has read and which stanza those belongs. r. Ismo
I just did this from the /opt/splunk directory on all 3 SHC members, and the deployer: grep --include=inputs.conf -rnw . -e "host =" The only place where I see the hostname being in an inputs.c...
See more...
I just did this from the /opt/splunk directory on all 3 SHC members, and the deployer: grep --include=inputs.conf -rnw . -e "host =" The only place where I see the hostname being in an inputs.conf is in $SPLUNK_HOME/etc/system/local, and $SPLUNK_HOME/var/run/splunk/confsnapshot/baselinelocal/inputs.conf Kind of at a loss...
Here https://conf.splunk.com/files/2017/slides/pushing-configuration-bundles-in-an-indexer-cluster.pdf is an old conf presentation about pushing cluster bundle. It contains quite much information and ...
See more...
Here https://conf.splunk.com/files/2017/slides/pushing-configuration-bundles-in-an-indexer-cluster.pdf is an old conf presentation about pushing cluster bundle. It contains quite much information and starting page 41 is troubleshooting section. There are e.g. places where those bundles are stored on CM and peers. Basically you could look their content to see are those different which explains the difference of hash. r. Ismo
If I recall right you could put html files into appserver directory? See https://community.splunk.com/t5/All-Apps-and-Add-ons/Creating-an-APP-and-setting-a-custom-HTML-Webpag/td-p/398100
Does anyone know if there is a way to suppress the sending of alerts during a certain time interval if the result is the same as the previous trigger, and if the result changes, it should trigger reg...
See more...
Does anyone know if there is a way to suppress the sending of alerts during a certain time interval if the result is the same as the previous trigger, and if the result changes, it should trigger regardless of any suppression or only trigger when there is a new event that causes it to trigger?
Probably you should install e.g. https://splunkbase.splunk.com/app/833 to collect some files, statistics etc. Also you should check Getting Data In documentations from docs.splunk.com and lantern.splu...
See more...
Probably you should install e.g. https://splunkbase.splunk.com/app/833 to collect some files, statistics etc. Also you should check Getting Data In documentations from docs.splunk.com and lantern.splunk.com.
How do I change what metrics that is sent from my Macbook to Splunk? Now I see average output but it I don't think its correct? I downloaded som files just to generate some traffic but that traffic...
See more...
How do I change what metrics that is sent from my Macbook to Splunk? Now I see average output but it I don't think its correct? I downloaded som files just to generate some traffic but that traffic do not show
Thank you for that. I think I've got it! I know see my MacBook in Forwarder instance on the Splunk cloud page. Now I just have to figure out if I can create a dashboard and see different metrics fr...
See more...
Thank you for that. I think I've got it! I know see my MacBook in Forwarder instance on the Splunk cloud page. Now I just have to figure out if I can create a dashboard and see different metrics from my MacBook?
Thanks, interesting app. If anyone knows how to fix the curl issue or maybe use search for creation secrets, please share. By the way, the function you suggest implementing doesn't work for me, I u...
See more...
Thanks, interesting app. If anyone knows how to fix the curl issue or maybe use search for creation secrets, please share. By the way, the function you suggest implementing doesn't work for me, I used the code from that function inside generate() and it works, at least I can extract the API key, but for some reason I can't make a request...
Hi After you have unpacked it you have directory named like 100_<your cloud stack name or something similar>. Then just move/copy this directory (with its structure) under /Application/SplunkForwarde...
See more...
Hi After you have unpacked it you have directory named like 100_<your cloud stack name or something similar>. Then just move/copy this directory (with its structure) under /Application/SplunkForwarder/etc/apps/ then restart or start your splunkd in your laptop. If there are issues just look logs under …./var/log/splunk/ directory, especially splunkd.log. Btw. logd input is probably still broken? I haven’t test that with 9.4.0 yet. r. Ismo