Hello I noticed that my frozen folder are not splitting up by indexes. Instead I have "$_index_name" at the root folder on the volume. this is my configuration:   [default] maxTotalDataSizeMB = 1000000 frozenTimePeriodInSecs = 13824000 homePath = volume:hot/$_index_name/db coldPath = volume:cold/$_index_name/colddb tstatsHomePath = volume:hot/$_index_name/datamodel_summary summaryHomePath = volume:hot/$_index_name/summary thawedPath = $SPLUNK_DB/$_index_name/thaweddb coldToFrozenDir = /frozen/$_index_name/frozendb repFactor=auto   is there a way to fix it? Thank you

Hi, I am looking for a search command for generating a typical graph with multiple fields as below. CSV File has the following data. IPAddress Severity 192.168.1.4 Low 192.168.1.5 High 192.168.1.6 Medium 192.168.1.4 High 192.168.1.4 Medium 192.168.1.5 Low 192.168.1.5 Low 192.168.1.6 High 192.168.1.6 Low   Looking to see the data in splunk visualization similar to the following graph. The graph is plotted using excel for the above csv table.  I am looking for a search command to visualize the data similar to the above graph.  Appreciate your inputs. ~Arjun      

Let's suppose I have the following search:   | makeresults | eval name="Denis", age=34 | append [| makeresults | eval name="Nazarena", age=28] | append [| makeresults | eval name="Diego", age=10] | append [| makeresults | eval name="Maria", age=43] | search age > 30 | stats count by name   It outputs: name count Denis 1 Maria 1   I need to get the number of times some name appears when it's age is higher than 30 BUT I need to show the unmatched names (lower than 30) as "count = 0". Something like this: name count Denis 1 Nazarena 0 Diego 0 Maria 1 What should I need to change in this search in order to achieve that?

Hello,  I'm working with splunk 8.2.4 installed in Windows 11 OS  I'm trying to collect performance log data from a linux virtual machine, I installed and configured the universal forwarder and followed all the configuration steps from NMON performance monitor userguide and I even followed the steps of the troubleshooting guide, but the problem is still the same :  In the splunk server I only get the event types nmon_collect and nmon_clean, and get this error in the search app  : no files found in directory: /opt/splunkforwarder/var/log/nmon/var/csv_repository/*.csv When running the nmon_helper.sh script manually from the cmd of the linux VM i get this error :  Does anyone know the source of the problem and can help me to solve it please  ?  And thanks in advance   .  

Hello, I upgraded our office's Search Head (SH) to 8.1.9 from 8.0.4. On the previous version, MC wouldn't even load. Now that it does, the Overview Window just says "Searching for..." (See screenshot below). But I can do a search for my indexer or forwarder and other events in the Search App. Not sure what I am missing with the MC setup. Other tabs like the Health Check work. Any suggestions or help are greatly appreciated! Thank you very much.   V/r, mello920