Search

ramprakash · ‎02-09-2019

Hello Splunkers, I want to put restrictions on the seach time period , right now one user can search for as long as they like..Now i want retrictions on it, lets say 30 min...eg he can search f...

Dan · ‎05-10-2010

...have My question is, how does this work in a distributed environment? Imagine I have two search heads, and users load-balanced between them. Both search heads distribute to the same farm of 1...

melonman · ‎12-14-2015

...ndexing Stop? What happens for enterprise features e.g. distributed searches, access control with multiple users ... Any pointer to the information would be appreciated.

net1993 · ‎02-28-2019

Hi I am in a bit of urgent issue and cannot figure out solution. I use that rest call to get list of all indexers: |rest /servicesNS/-/-/search/distributed/peers From admin is working ok b...

myli12 · ‎02-01-2011

control/limit users to search or view the data stored in specific directories What I am trying to achieve is limit "user 1" to search the data stored in "Directory 1" only and "user 2" to v...

2guotou · ‎09-14-2011

In a large enterprise scenario, what's the most efficient way to achieve the goal that each manager can only search bluecoat records of his/her subsidiaries?

rakesh_498115 · ‎12-30-2013

Hi.. I have 4 SH's, out of which one is acting as a deployment server. The users created at deployment server should be passed to other search heads i.e other 3 SH's . How can I do that ?? Is t...

a212830 · ‎12-20-2014

Hi, I've setup SHC across a few servers. How do I test the following in Splunk: 1) User sessions are being distributed across the servers? 2) Work load is being distributed?

tanzic · ‎06-26-2019

...ut one month later, the splunk server can get only one forwarder data. And the status of splunk server and two forwarders are normal. Currently the splunk version is free. so my question is how many f...

gcusello · ‎11-03-2020

...alue3 is in token1 -> message3 is in token2. To do this can I put vales and messages in the same file or I have to put them in two different files? in in two different files, how can I be sure t...

Search

Search the Community

How to control search duration of users

How do concurrent searches and other user quotas w...

What happens to Splunk if annual term enterprise l...

|rest /servicesNS/-/-/search/distributed/peers Ge...

control/limit users to search or view the data sto...

What's the best way to control user's search acces...

How can I distribute user info across multiple sea...

Search Head Clustering: How to test if work load a...

how many forwarders does the splunk free version s...

Eventgen: is it possible to create events taking p...