I understand that the best practice is to disable local indexing and forward data from the search heads, cluster master, the deployment servers, etc to theindexers. The syntax for outputs.conf I s...
...orks fine: Windows logs goes in ot_windows index, all remaining ones still go on ot index. Then, we try another configuration, explained on second scenario. Scenario 2 In this case, we want: N...
Hi I came in today and about 5 indexes are disabled. I am getting the following messages, but i am unsure what to do? Even after restarting i am getting the message it is disabled. 06-1...
...ry to set port=127.0.0.1:9001 in "phantom/etc/supervisord.conf" and execute "./phantom/bin/start_phantom.sh".It shows "Phantom startup successful".But I can't access the supervisord through browser.
S...
Hello experts,
Need help. My requirement is to extract 1st set of lines into 1st indexand 2nd setinto 2nd index. And ignore all other lines from a log file.
Below is my configuration which i...
...erfmon_metrics as a metrics index type then configure that on inputs.conf local copy?
How will my licensing be billed? Just for the metric points or the entire perfmon log?
Hi,
I have been recommended the SimpleCSVRecordReader to convert CSV to JSON.
I have tried to setupaVirtualIndex Provider, but taking the default settings, but including the following l...
I'm trying to forward events to a Splunk instance using the HTTP event collector (http://<splunk_instance>:8088/services/collector/event) but it seems that the connection is being r...
I can access the login page, but when I put Userid and Password and click login, theattachement file displays.
Splunk Server Environment: AWS Centos6 linux
Splunk Access Server : AWS WIndows S...