Hi, I am trying tousebtoolto find an index that is used in an inputs.conf: ./splunk btool inputs list --debug | grep "indexname" However I get nothing back, am I doing something w...
I have a puzzle with a Linux host running RHEL 8.10, which is running Splunk Universal Forwarder 9.4.1, configured to forward data from local syslog files "/var/log/secure" and "/var/log/messages" to...
Arg this is so frustrating.
I cant find the nix_action_lookup and I can't find the IDS config.
How do i troubleshoot this error.
Is there a btool shortcut to find where this permissions i...
...AX_EVENTS (256) was exceeded without a single event break. Will set BREAK_ONLY_BEFORE_DATE to False, and unset any MUST_NOT_BREAK_BEFORE or MUST_NOT_BREAK_AFTER rules. Typically this will amount to t...
...nd ps_sos.sh).
On 1 idx-cluster peer I have the following sets of configurations dumped using btool:
From indexes - (only showing configs that are not from the default indexes.conf)
/opt/s...
...est_indexer") stops indexing any incoming and local data completely after I add the following configurations: /opt/splunk/etc/system/local/inputs.conf [monitor:///path/to/my/file.log]
index = m...
...ownloaded from master nor managed by local deployment client. Either define this index at the master or specify repFactor=0 on peer to skip replication.
[Critical] App='system' with replicated index='_...
...bsp; ### Troubleshooting # To delete the entire SearchHistory KV Store (because maybe you inadvertently restored everything to an incorrect user, testing, or due to other s...
Hi,
I was wondering is there a Splunk command to find out configuration errors? For example, LINE_BrEAKER in props has a typo. So is there anyway we could find out these types of errors?