Thanks in advance for your time and assistance.
Can someone please tell me how to generate a list of configured, properly functioning Data Models that support Splunk Enterprise Security c...
...roperly, but essentially trust but verify that splunk is indexing the appropriate data. I know splunk is in use world wide and specifically in SOCs around the world. If one were asked to verify...
Hi Everyone,
Every night just after midnight, I need to verify that data for a specific sourcetype has been indexed during the course of yesterday for a list of hosts that is provided as a m...
Hello Splunkers, For a specific index I configured repFactor = auto and I suppose that the logs are exactly the same on my two indexers for this specific index. How could I verify that all b...
I have configured IT Data Block Signing as per http://www.splunk.com/base/Documentation/latest/Admin/ITDataSigning .
The page states that I can verify the integrity of events by doing a Show S...
...ay to see when the data is received and is locally available for ingestion. And then, I want to calculate the time it takes for ingestion and see if it's less than 5 minutes.
I'm using Splunk Q...
We have configured our Splunk 4.2 to remove log data as follows:
remove data if it is older than 200 days
remove data if it uses more diskspace than X
The actual disk and diskspace s...
...one
1
0
N/A
N/A
/opt/splunk/var/lib/splunk/rca/db
system
>Kristian ">Go to Manager -> Access Controls -> Roles -> your_role and look at the bottom of the page. Verify that you h...
...hatever the splunk node was processing at the time.
Besides checking journalctl -u splunkd for logs, is there a way to verify we are not losing data or data processing during a stop|restart?
Is t...