Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
51 results
Sorted by:
10-23-2017
06:05 AM
...reation, or when I restart Splunk instance, the index size decreases to nearly half of the max index size.
Is there any idea of why there is so significant delay for Splunk purging old events? a...
02-26-2020
08:03 PM
...nd event time. as follows:
index = test
|eval indextime=strftime(_indextime,"%Y/%m/%d %H:%M:%S")
|eval age=(_indextime - _time)/60
|table indextime _time a...
10-30-2018
12:38 AM
We are experiencing a delayed indexing of UDP events.
Environment: UF -> Indexer.
Event1 was sent to indexer(confirmed via tcpdump that the messages are sent successfully to indexer).
Event...
- Tags:
- splunk-enterprise
- udp
01-07-2019
10:54 PM
We have set up a Splunk forwarder to forward the latest logs in the same server, but we are having an issue where there is a huge difference between indexed time and the event time. I can see the delay...
02-26-2019
01:11 PM
...or some reason there's a huge delay between event indexing and event creation time, still receiving logs that are 3 months old and new logs are getting delayed. What can be a reason for such a delay...
08-08-2019
02:31 PM
Hello all,
I have 4 SH, 2 indexer's, 1 Deployment Server in one of my environments (windows).
I'm now noticing that there's a long delay in some of my data showing up when searched on. This i...
11-10-2020
03:43 PM
...indextime but never found latency more than 20 minutes index=proofpoint source=proofpoint_message_log
| eval indextime=strftime(_indextime,"%Y-%m-%d %H:%M:%S")
| eval delay=_indextime-_...
Labels
09-18-2018
05:25 AM
02-03-2016
10:01 PM
...o 1GB in size. We have already tuned the queue sizes on the heavy forwarders and indexers and all other events come in quickly, which makes us think the issue must be on the universal forwarder (l...
