Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Search
Splunk Community
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
35 results
Sort by:
05-12-2023
05:23 AM
Hi, I am trying to use btool to find an index that is used in an inputs.conf: ./splunk btool inputs list --debug | grep "indexname" However I get nothing back, am I doing something w...
- Tags:
- btool
Labels
06-06-2025
12:32 PM
I have a puzzle with a Linux host running RHEL 8.10, which is running Splunk Universal Forwarder 9.4.1, configured to forward data from local syslog files "/var/log/secure" and "/var/log/messages" to...
Labels
- Labels:
-
Linux
-
universal forwarder
08-05-2013
03:33 PM
Arg this is so frustrating.
I cant find the nix_action_lookup and I can't find the IDS config.
How do i troubleshoot this error.
Is there a btool shortcut to find where this permissions i...
12-28-2020
03:00 PM
...AX_EVENTS (256) was exceeded without a single event break. Will set BREAK_ONLY_BEFORE_DATE to False, and unset any MUST_NOT_BREAK_BEFORE or MUST_NOT_BREAK_AFTER rules. Typically this will amount to t...
Labels
- Labels:
-
configuration
04-05-2015
06:29 AM
1 Karma
...nd ps_sos.sh).
On 1 idx-cluster peer I have the following sets of configurations dumped using btool:
From indexes - (only showing configs that are not from the default indexes.conf)
/opt/s...
09-15-2020
12:22 AM
...est_indexer") stops indexing any incoming and local data completely after I add the following configurations: /opt/splunk/etc/system/local/inputs.conf [monitor:///path/to/my/file.log]
index = m...
Labels
09-12-2019
12:55 PM
Does anyone know where I can find guidance about editing configuration files?
10-21-2019
02:39 PM
1 Karma
...ownloaded from master nor managed by local deployment client. Either define this index at the master or specify repFactor=0 on peer to skip replication.
[Critical] App='system' with replicated index='_...
11-14-2024
04:22 PM
1 Karma
...bsp; ### Troubleshooting # To delete the entire SearchHistory KV Store (because maybe you inadvertently restored everything to an incorrect user, testing, or due to other s...
Labels
02-27-2017
11:52 AM
Hi,
I was wondering is there a Splunk command to find out configuration errors? For example, LINE_BrEAKER in props has a typo. So is there anyway we could find out these types of errors?
