I would like to createa few summaryindexes in order to run some searches more quickly -- starting with the search in http://splunk-base.splunk.com/answers/59927/improve-speed-of-append -- but I h...
I'm having a tough time getting a particular scheduled saved search to not generate duplicates in my summaryindex. Looking for some advice.
The premise: I have a lot of Apache web logs (hits) in...
...ne of the applications using Splunk wanted to use summaryindexing and use their own summaryindex.
I created the indexas I typically do; I reload the deploy-server and restart the Indexers a...
...ure what the best way to structure this should be. Should I createasummaryindex "si-paging" (and "si-san", "si-webhits", etc...) that will capture all that information across all hosts every few m...
...=firewall 、 index=apache 、 index=vpn 、 index=waf
Each index has a very large amount of log.Some indexes have 10 million logs a day.
For different indexes. I created a lot of alert.
For t...
...rerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking configuration... Done.
Checking index directory...
Creating: /opt/splunk/v...
...a summmary index that runs every 5 minutes, using the webinterface, or use a collect command to do it manually one time, i have the following problem :
the time fields that splunk shows the d...
Hi All,
If you createa saved search in the webinterface and then set the alert condition to 'if custom condition is met' then enter a custom condition search.
See second image here http://i...
...EnterpriseSecuritySuite) from etc/shcluster/apps to etc/apps folder Ran the upgrade command – (/opt/splunk/bin/splunkinstall app ./splunk-enterprise-security_620.spl -update 1) Ran the essinstall command as per the in...
...ptions like --get, -i, ...]
Some sample usages:
On same host as the Splunk server, default username + password, just get index names. (Note that the script is smart enough to pick up your web...