I have two streams of data coming into a HEC. one has call direction (i.e. inbound) and the other has call disposition (i.e. allowed).
at first i was joining these streams (join), but f...
Has anyone else found that their Stream DNS records report sessions backwards? I did some pretty extensive testing today with my SysAdmins and my Stream logs appear to show the initial DNS request f...
Trying to optimize some queries and can't find a definitive answer on where the where clause runs. It looks like it is executing on the indexers because filtering the data before the stats command s...
Hi, I'm trying to get the audit logs from github cloud into splunk instance which has limited network access.
the problem is that ip of github that sends the data to splunk often changes.
I...
...ead (not using SSL so this is set to port 8000 using http://).
The inputs.conf file is configured on all 4 forwarders with the following settings in the [streamfwd] and [streamfwd://streamfwd] s...
...ort must also have compression turned on (in its inputs.conf file). * Defaults to false.
my question: what is the expected bandwidth saving of a compressed stream if i activate it? (u...
...hat:
"Postpone commands that process over the entire result set (non-streaming commands) as late as possible in your search. Some of these commands are: dedup, sort, and stats" (page2)
the example c...
While running the search index=networking | timechart count on Splunk v. 6.3.3, we are getting the following error:
Streamed search execute failed because: JournalSliceDirectory: Cannot seek t...
...erformance on the Stream sensor already.
2) we switched from the disk buffering to memory buffering for the syslog receiver
But the same issue
Any idea please
Cheers Auguste