Hi Splunkers
I am getting this value of field app=win:unknown being captured in 63% of Windows security logs in Splunk. What does it mean?
Other values for app fields are :
win:remote
w...
...e nice but is not a requirement.
What is the smallest number of servers required for a Splunk Cluster? If I understand the Cluster manual correctly, I need at least three hosts, or four hosts (In...
...rovide a portal that will allow them to view pre-built dashboards / report etc.
All of this I have under control I think — using permissions limit the data visible, and apps to provide the portal w...
We are planning to upgrade from current 6.2.6 to 6.3.4 inthis month. We currently have a distributed setup with about 1TB of incoming data daily from various sources. We have fairly complex q...
...omplete in 360 seconds
I'm not sure why it's trying to restart Splunk Web on a deployment client, since I have this disabled. Any ideas on what's hanging this up?
Not new to Splunk, but new to 4.2.2.
I had setup a forwarder and manually entered specific paths to monitor:
/p01/foo/bar/logs/server.log
/p02/foo/bar/logs/server.log
went to on to p50.
I...
...'m new to doing this from scratch with Splunk. I would appreciate any help in understanding the best way to do it.
The workflow is as follows:
Using a script:
script, gain access to the t...
I saw this article in the manual
http://docs.splunk.com/Documentation/Splunk/6.2.5/Installation/InstallonLinux#Default_shell
Default shell
Splunk Enterprise assumes you are using the bash s...