My Splunk forwarder is forwarding ~5 events per second (per my DeploymentMonitor on my search head). The maxKBps is set to 20,000 and Splunk is transferring at a rate of 16,000 KBps. Why is the n...
...o also index all of thehistorical events that may be logged in the Event Viewer previously.
The reason is, when it starts indexing thehistorical Win Events, it causes the CPU to spike up i...
I have a single Distributed Management Console which I have monitoring separated regional indexers like so....
I had everything from Region 1 registered in the DMC first and then I r...
I have a search/alert that alerts me when certain indexes have more than the usual amount of event data using _internal metrics, and which runs once an hour. And then I have this search which I run f...
...ame_10
5/22/2020, 2:00:52 PM.
The blocked host name belongs to a domain controller where I just deployed a UF. I'm not receiving any data from this forwarder.
This is harder than I a...