Hello Splunkers,
I want to put restrictions on the seach time period , right now one usercansearch for as long as they like..Now i want retrictions on it, lets say 30 min...eg he cansearch f...
...have
My question is, how does this work in a distributed environment?
Imagine I have two search heads, and users load-balanced between them. Both search heads distribute to the same farm of 1...
...ndexing Stop?
What happens for enterprise features e.g. distributedsearches, access control with multiple users ...
Any pointer to the information would be appreciated.
Hi
I am in a bit of urgent issue and cannot figure out solution.
I use that rest call to get list of all indexers:
|rest /servicesNS/-/-/search/distributed/peers
From admin is working ok b...
control/limit users to search or view the data stored in specific directories
What I am trying to achieve is
limit "user 1" to search the data stored in "Directory 1" only and "user 2" to v...
In a large enterprise scenario, what's the most efficient way to achieve the goal that each manager can only search bluecoat records of his/her subsidiaries?
Hi..
I have 4 SH's, out of which one is acting as a deployment server. The users created at deployment server should be passed to other search heads i.e other 3 SH's . Howcan I do that ?? Is t...
Hi,
I've setup SHC across a few servers. How do I test the following in Splunk:
1) User sessions are being distributed across the servers?
2) Work load is being distributed?
...ut one month later, the splunk server can get only one forwarder data. And the status of splunk server and two forwarders are normal. Currently the splunk version is free. so my question is how many f...
...alue3 is in token1 -> message3 is in token2. To do this can I put vales and messages in the same file or I have to put them in two different files? in in two different files, howcan I be sure t...