Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Search
Splunk Community
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
20,000 results
Sort by:
02-22-2025
04:03 PM
..._00001_no_emea_m_pub. Metric event data without a metric name and properly formated numerical values are invalid and cannot be indexed. Ensure the input metric data is not malformed, have one or more keys of t...
Labels
Show results in replies (4)
-
One cannot redirect event data to a metrics index. Doing so will produce the error message y...
-
...pecific format of data (also numeric) that only a metric index can store. it's the format (or l...
-
...ust fine, but something seems to happen to raw metrics data, as the indexer reject them now - T...
-
...ll the time, why the default defined (event) index name had to be changed to a metric index name, w...
06-25-2024
05:13 AM
...-> Hf on cloud 2 I know how to discover this analyzing the internal logs. But what about if I want to discover which HF on prem collect data sent to a specific index? Let me do an example. Suppose I...
05-07-2024
03:18 PM
...ut I'm struggling on what I need to combine in order to make this search work. I've looked at using coalesce, and can get results from both indexes/sourcetypes, but can't seem to just l...
Labels
- Labels:
-
eval
03-24-2023
01:35 PM
...oints and the results are truncated. I have played with charting.chart.resultTruncationLimit but that only gets so far.
Note: the span of 5m cannot be changed or the data is skewed.
Is there a w...
Labels
- Labels:
-
dashboard
Show results in replies (5)
-
...reset of 30 days and updated the time span next to timechart to 1d I would get 30 data points. The m...
-
...hat comes to mind is how can I take those snapshots and create a larger graph from them. For e...
-
Yes, you've hit the nail on the head when you talk about summarising the data. You'll need to d...
-
Looks like I have figured it out. | mstats rate_avg("octets.*") WHERE index="network" c...
-
Hi @adsquaired, I understand what you're saying. I'm not necessarily suggesting that you c...
04-11-2024
12:47 PM
Hi Splunkers, I have a problem with a Per-Event Index Routing use case. In involved environment, there are some data currently collected in a index named ot. Here we have some logs that must be s...
Labels
- Labels:
-
administration
-
configuration
02-03-2023
07:19 AM
Hello,
We are still facing the following issue when we put in maintenance mode our Indexer Cluster and we stop one Indexer.
Basically all the Indexers stop ingesting data, increasing their q...
- Tags:
- splunk-optimize
- tsidx
Labels
- Labels:
-
administration
-
troubleshooting
Show results in replies (5)
-
...-In/Why-has-the-index-process-paused-data-flow-How-to-handle-too/m-p/631226/highlight/true#M...
-
...as-the-index-process-paused-data-flow-How-to-handle-too/m-p/633554/highlight/true#M108467 W...
-
We see the following message on most of the indexers ( varies anywhere from 1-4): throttled: The index...
-
@dnavara If you see following throttled: The index processor has paused data flow. Too m...
-
...o reduce outage. In server.conf [queue=indexQueue] maxSize=500MB In indexes.conf [d...
07-06-2021
09:41 AM
Hi all, can anyone confirm the behaviour? when running: | rest /services/data/indexes | table title *datatype*
I'm only getting back event indexes. From the documentation : https://docs.splunk...
Labels
- Labels:
-
metrics
10-18-2022
02:26 PM
I guess my real question is how do I move Splunk from one company to another, including some but not all of the data and the indexes for the selected data? I see I can copy config and indexes from t...
Labels
- Labels:
-
indexer
06-08-2021
08:22 AM
1 Karma
...s a cluster setting that is removing it. What am I missing? We only have to get these remaining indexes off so we can decommission this indexer. Let me know if you need more clarification on the issue....
- Tags:
- Clustered indexers
Labels
09-30-2020
03:48 AM
Hello, I am using Splunk Enterprise 7.3.2. and I have structured event data within an events index that I am trying to convert into metrics data so that I can store it in a metrics index. I a...
Labels
- Labels:
-
index
-
sourcetype
-
time
