...ays:
1. Splunk Web
2. CLI
3. Edit indexes.conf
When using CLI (2), indexers.conf is created in $SPLUNK_HOME/etc/apps/search/local
When editing indexes.conf (3) it says to put it in $S...
Report acceleration is failing because splunk cannot create the folder for the summary (summaryHomePath ).
This seems linked to my custom homePaths.
It works for this index, and the folder /o...
...he cluster. My question is, if am using my customindex (ExampleIndex), do I need to create this index on every peer node (either using WEB OR INDEXES>CONF) or no need of creating index on every p...
We need a way for our custom add-on to include additional information from an alert into the cim_modactions log it writes when a failure happens. The custom add-on's purpose is to create t...
...ules that run on real-time where last field in the rules is "| collect ". At the same time I have created the index via the index cluster and deploy it to the indexers and checked that the index e...
I am not using deployment server in our environment yet. I have non-clustered search head and three indexers. If I want to createcustom app where should I create it. on search head server or app s...
...efore indexing ).
The whole idea is: When a new event comes, splunk will create a brand new event and save it in different index with little set of information from previous event + some extra i...
We need a way for our custom add-on to include additional information from an alert into the cim_modactions log it writes when a failure happens. The custom add-on's purpose is to create t...