...pgrading from splunk v4 to splunk v5. On v5, when logging in using the DNSRR fqdn, almost immediately after successfully logging in the user is immediately logged back out. This was not the case in v...
All,
I had Splunk Light installed (version 6.4.0). Tried to log in, but noticed that the license had expired, so I switched to free. Great. Now I get:
This pool has exceeded its configured poo...
Hi,
I am trying to self join some data so that I can compare every result with the immediate preceding result. E.g.:
Data for days 1,2,3,4,5,6 - compare day 1 to day 2, 2 to 3, 3 to 4, etc....
...oftware that compresses the rolled log immediately. This is a problem for two reasons:
If Splunk does not have the file open at the time it is compressed, then anything written to the log after S...
I noticed that a tag definition doesn't get immediately applied but takes up 1 min to become active.
E.g. I define a tag false_positive on the search head (we have a single indexer):
MD5=4...
I created an account for education purposes for my company this morning. I can't install splunk locally due to work requirements so I was opting for the splunk cloud 15 day trial option. When I initi...
...or updates. However, there is a requirement to apply changes immediately to these forwarders without waiting for the next time forwarder polls. In essence, instead of a forwarder doing a pull o...
...educing them after 30 days, not immediately. In addition, only this index in question has this problem. It's a relatively large index with 416.41 GB out of 488.28 GB in use. This wasn't an issue b...
...he socket through a stream and close the socket. Next time create a new socket to connect to the forwarder.
2. The above way pushes the events and shows up immediately on the Splunk side.
Since c...