Hi Fellow Splunkers, So a more general question: what are the bestpractices for upgrades around security patching and deployment in a distributed production environment. We have SHs and ndexers c...
Hello Splunkers, Whats is "the bestpractice" to ingest DNS logs inside a distributed Splunk environment. I hesitate between two possibilities (maybe there are others) : - Install a UF on m...
The app write log entries to a log file, say /var/theapp/thelogfile.log. The app is configured to roll the log file once it reaches a certain size and to keep only x copies, say 3 copies of 10 MB ea...
...ave two separate applications to better manage changes in source control: TA-Exchange-Mailbox_inputs TA-Exchange-Mailbox_props (or parsing or whatever) I would appreciate any advice or bestpractices...
...s the bestpractices to forward data from our syslog-ng server to our splunk instance ?
For now, our syslog forward it directly over udp:514 but we have some problem with that (if splunk restart w...
Hello All,
I have been tasked with building a clustered environment from scratch in PROD. This will be my first. I have only practiced in a test environment and everything is usually good. B...
Hello Splunkers, I have a Splunk HF that will receive multiple logs coming from different machines, all sending via UDP. I am wondering it I need to configures the external sources to send the lo...
Hi We have very big indexes (300 GB ) Also we have very limited storage is it recommended to split the index to smaller indexes (storage , performance ) ?