Hey guys I've been having trouble finding documentation about removing indexed data. After looking through the "meta woot!" app I saw my hosts were growing a few thousand a day and my estreamer app ...
I upgraded from 4.2.2 to 4.2.3 (Windows). After the upgrade, this message appears in the top of my browser:
Misconfigured view 'search_ui_activity' - Unknown parameter 'suppressionList' is d...
...ore importantly: How do we recover from misconfigurations that stop the Search Head Cluster members from restarting correctly?
Scenario: we use the Deployer to deploy a version of indexes.conf that c...
Looking at a specific CIM DataModel (Authentication for example):
The DataModel specifies a macro as its criteria: cim_Authentication_indexes
The intent of this is that you edit the macro to s...
I'm seeing this in my splunkd.log:
07-09-2010 12:53:21.299 WARN DateParserVerbose - Time parsed (Fri Jul 9 12:53:18 2010) is too far away from the previous event's time (Fri Jul 9 18:52:37 2010...
Good Day All,
I have a question for you. I recently misconfigured a index and the size went full on the disk drive. So i have a quick question for you. Lets say i have a 500 GB hard drive and t...
I am following the article https://www.splunk.com/en_us/blog/it/splunking-aws-ecs-part-2-sending-ecs-logs-to-splunk.html to enable splunk logging for ECS EC2 running a demo ASP.NET dotnet 5.0 weather...
Hello, I'm trying to install Splunk ITSI 4.17.1 in a Search Head Cluster with Splunk Enterprise 9.1.2. I already extract the .spl in the directory $SPLUNK_HOME$/etc/shcluster/apps but when I execut...
We have an indexer cluster with several custom indexes configured in the indexes.conf, however when we run:
splunk show cluster-status --verbose
only the main index shows up (am...
Dear community,
After i forwarded the syslog from Cisco ASA into SPLUNK i noticed that the logs are duplicated and this is consuming our license. Any help please ? Thank You