I have a question aboutmanaging the buckets in my volumes configured for indexes.
Below are my current configurations:
[volume:hotwarm]
path = /data/splunk/homedb
maxVolumeDataSizeMB = 9...
Hi community , I am trying to filter out some undesired traffic from a particular index. I read about the option using props.conf and transforms.conf. The query matching the traffic that I d...
...oving forward with RAID 0 configuration as it will halve our storage requirement and will provide good IOPS atleast. Is anyone using RAID 0 on prods for indexers? I managed few with reducing on d...
Hi So I've upgraded the Alert Manager app to version 3.0.7 and enable the logging of alerts into an index called "alerts", I have an index cluster and a search head cluster. The index has been c...
I have a clustered Splunk env with an index="myjavaapp".
I need to collect the logs from multiple environments - Dev/QA/Stress/Pre-Prod/Prod - where each environment has about 2 to 15 servers. T...
Hi, I'm not sure about the effect of the general setting "Save results to KVStore / index". Is there a difference in the functionality/features of the alert handling depending on this setting? C...
...ike 4-5TB of index data, so that would take a real long amount of (down) time.
Are there better solutions? I was thinking about extending the existing indexer cluster to the new DC, increase the repl....
...6 13:49:16,858 INFO pid="8842" logger="alert_manager" message="Incident status after suppresion check: new" (alert_manager.py:422)
From the below error, is there concern about using index "index...
We recently upgraded from 7.2.1 to 7.3.3 and from the _internal logs I can see that these new warnings are showing up across my indexer cluster. What is it saying and how do I go about fixing t...