...uggests that If using Splunk_TA_nix, I should enable metricsinputswith the following:
[script://./bin/vmstat.sh]
interval = 60
sourcetype = vmstat
source = vmstat
# index = os
disabled = 0
[s...
...ound I was getting no log events at all. So I commenced troubleshooting.
First I checked to see if the indexers were receiving data by running tcpdump and I saw the logs and metrics coming over the w...
Hi It's quite easy to find which monitor inputs are activated via host's inputs.conf by queuing those from UF's _internal log. But how I can check same for Windows additional components like W...
I want to send "wineventlog:security " logs to Heavy forwarder(KIWISERVER) and below are the configuration files that I have created on the Universal forwarder
inputs.conf:
[WinEventLog://S...
...yindex
sourcetype = metrics
alwaysOpenFile = 1
recursive = false
Simple inputs.conf above, tried crcSlat and alwaysOpen. Now if I put this monitor on a Forwarder, the events are quickly indexed. I...
...A-linux-metrics/log/read_vmstat.log] index = lnx_os_metrics sourcetype = csv I tried with sourcetype csv as well as metrics_csv, both give the same result. What on earth could be going o...
I found the app - Splunk App for HadoopOps but it only supports Splunk Enterprise 5. I am now using Splunk Enterprise 6.2, is there a new way to monitor Hadoop? And my Hadoop is Apache Hadoop 2.4.2. ...
...mlWinEventLog format. To do this, I simply modified the inputs.conf file of my Universal Forwarder. I changed from this configuration : [WinEventLog://Security] disabled = 0 start_from = oldest c...
...appens it writes it to another log and that is the cycle.
here is my inputs.conf
[default]
host = xxxxxx
[monitor://D:\y\Log Files]
disabled = 0
index=z
followTail = 0
s...
EDIT: Splunk version = 4.1.6
Are there any guidelines on the length of time that _audit and _internal index data should be kept?
I have come up with age-out policies for our Splunk events, h...