Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
10,000 results
Sorted by:
12-04-2019
03:06 AM
...to index=main.
Have someone faced this issue, then pls suggest what needs to be done so that the data can be moved to the right index.
02-13-2019
02:14 PM
...is the difference (aside from not removing a CR/LF)? What did I do wrong in the first one to cause Splunk to not actually prevent the data from being indexed? These are both in the etc/system/l...
10-17-2018
06:54 AM
The question pretty much sums it up.
I am wanting to get PerfMon data into a Metrics index and have been banging my head against it for about a week now. So far, I have been unsuccessful in my e...
Show results in replies (5)
-
...etting data. Collect perfmon data and wmi:uptime data in metric index 3.) Make sure the entire stack i...
-
...ourcetype=Process, host=servername, index=winmetrics. Metric event data without metric name is invalid and w...
-
...erfmon data and wmi:uptime data in metric index And as per Compatibility between forwarders and S...
-
...erfmon-data-to-metrics-index.html
-
...owever do not provide the data in a way that the Metrics index will accept. What I am aiming to do is c...
04-17-2019
12:23 PM
...roubleshootHTTPEventCollector#Possible_error_codes) says that is a Token disabled, but it doesn't say how to check for that)
I'm running it in a Windows Server 2012. don't know what more can i do now.
06-11-2012
09:36 PM
I've struggled on this issue for the past few days and I can see to resolve it.
I've checked and rechecked my config.
None of my data gets indexed when my application is copied (with os path m...
05-14-2020
02:18 PM
...ttp_event_collector_metrics" .
Some data has been sent to it for testing.
Can someone explain what I'm seeing when looking at the entry below?
{ [-]
component: HttpEventCollector
data: { [-]
f...
06-15-2016
08:35 AM
...onnection_host = ip
disabled = 0
I would like to find what data is coming in on these ports, set them all up to come in on 9997, and send them to their own index, so that I can allow the managers of that data...
10-10-2019
06:15 PM
...or the cluster to meet RF/SF after replacing a single indexer.
How can I calculate an estimate for this?
To simplify the question, assume the following:
20 indexers (10 at each site)
10TB o...
11-09-2017
07:26 AM
...nd when that didn't work, I edited inputs.conf and added index = "myIndex", but the data still shows up with index = "os".
Here's what the files look like now.
$ cat ~/etc/apps/SplunkTAnix/d...
10-24-2017
06:13 PM
...pt/splunk/var/lib/splunk (which I believe is the default).
My question is can I tell Splunk to send all of the data to the 4tb drive even if Splunk itself is installed on the root drive?
I'm v...
