I'm working on making a connection to avirtual provider with avirtualindex I have confirmed with some test data. I've enabled debug for the provider and executed some searches. The search just e...
...1-06
--/2015-11-05
--/2015-11-04
…
--/2015-10-31
We set up a main virtualindexat the parent so we’re searching all logs under /logs/fwsm. An issue we’re running into is there is a need to search...
is there a possiblity to combine a hunk (virtual) indexand a normal splunk index (for example a summary index) in one search? when a try it naiv with
index="virtualindex" index="s...
Does this seem like a good setup for a dedicated Search head, indexer for avirtualized Splunk?
Search Head
- 8 core 16 GB Ram
Indexer
- 8 core 8 GB Ram 1 TB Hard Drive
We will h...
...wsSecretAccessKey for the S3 properly set in hdfs-site.xml.
Looking through search.log when attempting to query the S3 data I can see it attempting to reach out to the S3 path defined in the virtualindex...
In regular Splunk I can easily search for
index=index1 OR index=index2 <search term> | stats count by index
Then I get results from either index.
When I setup avirtualindex in H...
Hi,
I have 2 virtualindexes, both return data, and both return for a specific search.
But if I try and join and get no results, and if I try an 'or' I get no results.
index=filea ID=2...
...DFS with read/write permissions and use this as the target of asearch with the collect statement such as index=syslog date_hour=12 | collect index=collect_test , no data is written to the virtualindex...
In Hunk, where is the documentation for verbose mode vs smart mode for virtualindexes (VIX)s??
Afaict, verbose mode just "drops down to" HDFS and doesn't invoke a MapReduce Job.
Whereas as l...
...niversal forwarders pushing data to an indexer / search server. If I wanted to consider high availability options within a single site, I might want to cluster the indexers, but as I only have two s...