Hi In the support program page: http://www.splunk.com/view/support-programs/SP-CAAACC8 what does "Live Product Roadmap & Input" mean? Is there any live roadmap online presentation? ... View more

Hi, I want to know the best practice and patterns that makes Forwarders highly available and redundant. - SH pooling for Search Head redundancy, - Indexer's Index&Forward (Replication) for Indexer redundandy, - AutoLB provides HA for connection between Forwarders and indexers. However, Forwarder itself looks Single Point of Failure. How do people configure forwarders to eliminate Single Point of Failure? Thanks, ... View more

Hi, I would like to set srchIndexesDefault to specific index by app currently users are using. For example, admin role is configured so searchable indexes = * and _*, and default index searched = main. If admin uses a tutorial app, I want to automatically change as follows using authorize.conf. -- authorize.conf in tutorialappdir/default [role_admin] srchIndexesAllowed = * srchIndexesDefault = tutorial But I am still getting data in main index in my tutorial apps. Can I change role's searchable/default index by App? Thank you, ... View more

Hi, Is there any configuration that can set the maximum number of concurrent logins for SplunkWeb? e.g. I don't want many users to log in as admin. Thanks, ... View more

Hi, I would like to know how to route data to a specific index based on a value in a field. I have a series of data that look like this: 2012/06/07 10:45:50 service=srvc1 server=node3 score=50 seq=55041 2012/06/07 10:45:50 service=srvc3 server=node1 score=17 seq=55042 2012/06/07 10:45:50 service=srvc2 server=node1 score=67 seq=55043 2012/06/07 10:45:50 service=srvc2 server=node4 score=43 seq=55044 2012/06/07 10:45:50 service=srvc3 server=node2 score=11 seq=55045 2012/06/07 10:45:50 service=srvc3 server=node2 score=60 seq=55046 2012/06/07 10:45:50 service=srvc1 server=node0 score=28 seq=55047 2012/06/07 10:45:50 service=srvc1 server=node0 score=4 seq=55048 Then, I want to route date to srvc1, srvc2 or srvc3 depending on the value in service field. I found several answers that explains how to route data based on host or source(IP), but I could not find an answer for my questions. I really appreciate any comment on this... Thank you, (JA) イベントの任意のフィールドの値に基づいて保存するIndexを変えるにはどうするのか。 ... View more

Hi, I am trying to configure an Splunk's authentication by LDAP. I have already registered LDAP server and mapped group and role in my Splunk 4.3.2. It seems Splunk and LDAP server communicates. However, when I tried to login with a user registered in LDAP, the login failed. I would like to troubleshoot this, but there is not much information about the log file to take a look at for the LDAP authentication troubleshooting regarding Splunk/LDAP Login. Could anyone point me to the log file or information under SPLUNK_HOME? Thanks, ... View more

Hi, I know it is required to restart splunkweb/splunkd after installing Enterprise license first time. and I don't need to restart splunkweb/splunkd after installing additional Enterprise license (Stacking) My question is, does adding upgrade license require splunkweb/splunkd be restarted? Thank you, ... View more

Hi There, For engineers who are familiar with R programming language, is there add-ons for R Language support? e.g. Querying index data using R Language. Has anyone tried to use R to query data from Splunk? Thanks! ... View more

Hi I was trying to go thru Splunk Tutorial, but now I am having trouble in getting sampledata.zip indexed using the host regex shown in the Splunk Tutorial page. My Splunk is on Windows. Sampledata.zip:./([^/]+)/ http://docs.splunk.com/Documentation/Splunk/latest/User/Adddatatutorial Is this regex good for Windows Splunk? Thanks, ... View more

Hi I am planning to monitor many Windows client via WMI interface. I have one Splunk installed on Windows7. How many remote Windows can a Splunk WMI input support? Do we have any estimation calculation about the number of max number of target windows hosts? 10s, 100s, or 1000s windows hosts? Thanks! ... View more

Hi, I was wondering if I can put splunk installation (SPLUNK_HOME) on NAS? Is it supported? Thank you, ... View more