...his instance.
My original thoughts are having one at each site, but how do i keep the configurations synced? Is there a way for forwarders talk to multiple deployment servers, or better yet, d...
I can never remember where I need to configure my various Splunk settings. Some need to be on the forwarder side, some on the indexers and I even sometimes need them on the search head...
So w...
...ctive" starting from today at 18:01 until tomorrow at 08:59. My doubt is: how can I configure this time range? This is the alert configuration window:
I thougth about using C...
Just started getting this warning today.
Configuration file settings may be duplicated in multiple apps: stanza="Notable - Events Over Time" conf_type="savedsearches" apps="S...
What does it mean when these settings are commented out in the inputs.conf? Are those inputs disabled by default?
## Logical Disk
#[perfmon://LogicalDisk]
#counters = % Free Space; Free M...
...MT
If I have to setup flexible sourcetyping, the above configuration does not work:
In inputs.conf:
[monitor:///path/to/foo.log]
In props.conf:
[source::...foo.log]
TRANSFORMS-a...
I installed Splunk Tanium app in my environment, Can you please help me for the configuration in Splunk for tanium
In which configuration file i need to edit and get the data in SPlunk for tanium
We ended up using the following -
base search
| eval _time=strptime(eventStartTime,"%Y-%m-%d %H:%M:%S.%N")
Which works perfectly.
Is there a way to set it up in the configuration, so e...
I have 3 search heads in a cluster and I need to configure email settings. I don't see server settings in the settings drop down on any of the search heads, only on the deployer. When I configure i...