Hi, we have an Indexer Cluster with a dedicated Cluster Manager. The indexers have an additional hard drive attached for the custom indexes. The cluster manager has only one hard disk. When a...
Hi all, Im under Splunk Version 9.0.2. After decomissionning one indexer in a multi site clustering, I cant retrieve my SF / RP. A Rolling restart and CM restart (splunkd) had no effect. G...
Hello Experts, I'm facing challenge where I need to automatically load data from Python script results into a metric index in Splunk. Is it possible? I'd appreciate any guidance or examples how t...
Greetings!!
1.a. I need to check data size indexed in indexers per day, per month and per year in GB?
1.b. what if the data ingested per day is 200GB/day, How do I calculate to know t...
In the below screenshot, we can see that from November 6th onwards, there are three sources generated in Splunk; it shows only one "File Collector: DepTrayCaseQty." Splunk created unnecessary two oth...
How to change the architecture from a single indexer to an indexer cluster with indexer management? I need an overview of what configuration files need to be changed to change the architecture from s...
Hi, and sorry if this question was already answered in any other thread. Thanks in advance for the help. I had an index in which the current size was over 10 GB, for deleting the d...
Hello, I am fairly familiar to spunk, but I do need to improve on indexes. I am currently working on a new client environment and they have a large amount of indexes within splunk, however some of t...
Hi, I am deploying sysmon all acrros our company but for some reason the sysmon events are not getting indexed Our deployment is the following: Splunk 9.0.5 running on Windows server sysmon index...