Hi,
I've hit a bit of a road block trying to set up some custom correlation searches, which are very similar to others that work successfully.
The data model is configured and generates events;...
Splunk appears to be calling "Win32_Product" WMI function that triggers a consistency check of installed applications causing numberous 1035 event codes to be generated in the event log (approximatel...
...ecurity audit logs; thus increasing the volume and frequency of Windows Security logs that the Universal Forwarder has to forward for indexing. We suspect this is the cause of the issue to spiral. A...
...ome search strings I would use, or how would I start using Splunk to troubleshoot historical (not live) connection issues going out to a website? I know this is a broad question, but I'm just looking f...
I want to connect Splunk Enterprise configured in Azure VM and O11y Cloud through Log Observer Connect.
I tried Log Observer Connect connection, but it is not connected as shown in the attachment. ...
...nstances = *
interval = 10
mode = single
object = Process
useEnglishOnly=true
index=winmetrics
Any idea on what might the issue be? Where I can start troubleshooting?
Doing a simple search index=test over 10mln events gives me browsing speed around 5000 events per second. Extremely slow timeline build. Cpu load 100%. Doing that in fast mode gives 20k per second....
...r so at most. That is the time I want them to be shown in. Also changing the intermediate forwarder timezone to PT fixes the issue for the instances in PT but messes up the instances that are i...
Splunk Enterprise v7.0.1
Some notable events are showing in Incident Review but not all.
We are missing some notables that used to show/generate fine in the past.
Not sure if related but r...