Hi, I understand that importing the evtx format into Splunk consumes more licenses than the volume displayed. (Because evtx is a compressed format.)
Am I right in thinking that I will consume a...
Hello
I have 5 indexers managed by Cluster Master.
On the indexes.conf (located as master-app) I have the following configuration:
[default]
maxTotalDataSizeMB = 1000000
f...
Is there anyway to check how much log is being generated with DEBUG log mode for a particular index? Let say if index name is my_index and I need to check what is size of log generated for DEBUG m...
I want to trigger an alert if there is 50% increase/decrease of today's indexingvolume versus average indexingvolume of last 7 days.
I've written below query but last 7 days have 60 indexesand t...
...ption 1 Can I then define a volume in /etc/system/local/indexes.conf on every indexer. On idx01: [volume:coldvolume] path = /mnt/coldvolume/idx01/ On idx02 [volume:coldvolume] path = /m...
Hi Splunkers,
I want to create an Instance overview dashboard, and one KPI should be today's estimated indexingvolume. The daily traffic varies greatly by time (significantly more over the w...
...eplication factor = 2. In that case we will have four copies of data stored (2 peers * 2 SAN nodes) and twice less volume for indexes.
Is there a better way to store data in our case without number of c...
Hi,
I'm not sure if i understand maxVolumeDataSizeMB correctly
Lets say, i have a volume stanza like this in an index cluster wih 4 peers:
[volume:volume_name]
path = /f...