EDIT: Splunk version = 4.1.6
Are there any guidelines on the length of time that _audit and _internal index data should be kept?
I have come up with age-out policies for our Splunkevents, h...
I'm tring to troubleshoot a problem with sending data from a light forwarder to a splunk server. In this particular case, the clients are 2 Windows 2008 R2 boxes running the "Client access server" r...
I need details about what to validate after the upgrade so I know it was successful. How can I tell that everything got upgraded correctly, and that the system is healthy and ready to go?
Hi,
I have only started using splunk on a test server, and I am consistently getting "skipped indexing of internal audit event will keep dropping events until indexer congestion is remedied. C...