Activity Feed
- Karma Re: How to restrict a user's role to only view a dashboard and prevent them from running searches? for ngatchasandra. 06-05-2020 12:47 AM
- Got Karma for How to restrict a user's role to only view a dashboard and prevent them from running searches?. 06-05-2020 12:47 AM
- Got Karma for How to restrict a user's role to only view a dashboard and prevent them from running searches?. 06-05-2020 12:47 AM
- Got Karma for In a cluster with a replication factor of 3, if one indexer is replaced, will a copy of the data from the 2 working indexers replicate to the new indexer?. 06-05-2020 12:47 AM
- Got Karma for What are hardware recommendations for servers and indexers in our cluster setup?. 06-05-2020 12:47 AM
- Got Karma for Is there any mailing list for Splunk security updates and bug fixes?. 06-05-2020 12:47 AM
- Got Karma for Is there any mailing list for Splunk security updates and bug fixes?. 06-05-2020 12:47 AM
- Got Karma for Re: Is there any mailing list for Splunk security updates and bug fixes?. 06-05-2020 12:47 AM
- Got Karma for Search for to different subtypes. 06-05-2020 12:47 AM
- Got Karma for Add an incremental number field in search output. 06-05-2020 12:47 AM
- Got Karma for Customize pdf output file. 06-05-2020 12:47 AM
- Got Karma for How to set up an alert to run on a cron schedule every 5 minutes, stop triggering after 5 times in an hour, then trigger again after the 1 hour interval?. 06-05-2020 12:47 AM
- Got Karma for Is there a Splunk web page to use for tuning requirements?. 06-05-2020 12:47 AM
- Posted Re: Why am I getting "ERROR S2SFileReceiver - event=statSize replicationType=eJournalReplication...status=failed" in my indexer cluster? on Getting Data In. 09-16-2015 01:10 AM
- Posted Re: "ERROR DistributedPeerManagerHeartbeat - A time skew of approximately 61 seconds exists between this search head and peer indexer1" on Getting Data In. 09-06-2015 08:37 PM
- Posted "ERROR DistributedPeerManagerHeartbeat - A time skew of approximately 61 seconds exists between this search head and peer indexer1" on Getting Data In. 09-06-2015 07:58 PM
- Posted Re: Is there anything critical for me to consider upgrading my Splunk cluster from 6.2.1 to 6.2.5? on Installation. 09-02-2015 09:01 PM
- Posted Is there anything critical for me to consider upgrading my Splunk cluster from 6.2.1 to 6.2.5? on Installation. 09-02-2015 07:41 PM
- Posted Re: Is there a Splunk web page to use for tuning requirements? on All Apps and Add-ons. 08-30-2015 07:18 PM
- Posted Is there a Splunk web page to use for tuning requirements? on All Apps and Add-ons. 08-30-2015 09:25 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 2 | |||
| 0 | |||
| 0 | |||
| 0 |
09-16-2015
01:10 AM
Did clustering ever work, or is this a new setup?
It is a working cluster environment. I've just experienced it I think thrice.
Does this message appear on all indexers?
No.
Is disk space available on all indexers?
Yes
Do you have constraints on index size or volume size?
None
Is the network connection between indexers good?
Yes
Is the replication port open between all indexers?
Yes
Is the replication port used ONLY for replication (it's not the splunkd port or the receiving port)?
Yes for replication only.
Are all indexers configured identically?
Yes
How many indexers are in the cluster?
There are 3 indexers in the cluster with same configuration.
... View more
09-06-2015
08:37 PM
Thank you so much MuS.
... View more
09-06-2015
07:58 PM
Hi Splunkers,
I'm getting the following error on my search head's splunkd.log:
ERROR DistributedPeerManagerHeartbeat - A time skew of approximately 61 seconds exists between this search head and peer indexer1
I have a RF = 3 and SF = 3 setup.
Thanks
... View more
09-02-2015
09:01 PM
Thanks for the details. In terms of must do an upgrade is what Im suppose to say. Have a great day!
... View more
09-02-2015
07:41 PM
Hi Splunkers,
Good day! I just want to ask is there something critical for me to do an upgrade for my Splunk cluster from 6.2.1 to 6.2.5? As far as my observations are concerned, I don't see any service affecting under 6.2.1.
TIA
... View more
Labels
- Labels:
-
upgrade
08-30-2015
07:18 PM
Thanks for this. That is what Im looking for
... View more
08-30-2015
09:25 AM
1 Karma
Hi,
I just wanted to ask if there is a web site link for Splunk that you can use to estimate disk tuning. Let's say, for example, I will use 3 indexers with 2TB each. This page will show you what are the other requirements needed. It's like a page to tweak your Splunk setup. I used it before, but I was unable to bookmark the site.
Thanks
... View more
08-15-2015
02:43 PM
Hi,
I'm getting the following error on my indexers' splunkd.log. I have a RF=3 and SF=3 indexer clustering with 1 master and 1 search head.
ERROR S2SFileReceiver - event=statSize replicationType=eJournalReplication bid=test~26~89C0FF94-5EB0-410A-9B4D-0E17DBD7FB78 path=/opt/splunk/var/lib/splunk/test/db/26_89C0FF94-5EB0-410A-9B4D-0E17DBD7FB78/rawdata/journal.gz status=failed
Any thoughts?
Thanks,
... View more
07-29-2015
07:10 AM
Hi splunkers,
I just want to configure Splunk Web login to authenticate to my 389DS server. How can I do that on Splunk?
Thanks,
... View more
07-21-2015
11:26 PM
Hi splunkers,
I just want to keep the last 2 months / 60 days of my splunkd.log . Can I add it on logrotate.conf?
Thanks
... View more
07-21-2015
11:16 PM
Hi Im not concern with the data size. Im more concern on the time it keeps on the buckets.
... View more
Fantastic! That was new to me! Thanks bro!
... View more
07-19-2015
07:42 PM
Hi MuS,
Why is it like a set of codes? What about registering here https://mailman.ucsd.edu/mailman/subscribe/splunk-users-l ?
... View more
Hi Splunkers,
Is there any mailing list for Splunk security updates and bug fixes?
Thanks,
... View more
07-16-2015
02:20 AM
Hi merp, yes thanks! As mr Jeff perfectly explained it. 😃
... View more
07-16-2015
02:02 AM
Just want to make it clear, this config will delete the index data for testindex after 1 day? It will not affect the other index configured right?
[testindex]
repFactor = auto
homePath = $SPLUNK_HOME/var/lib/splunk/testindex/db/
coldPath = $SPLUNK_HOME/var/lib/splunk/testindex/colddb/
thawedPath = $SPLUNK_HOME/var/lib/splunk/stestindex/thaweddb/
coldToFrozenDir = $SPLUNK_HOME/var/lib/splunk/archived/testindex
maxHotSpanSecs = 86400
frozenTimePeriodInSecs = 86400
My reason is,I only want to monitor and alert in real time and I don't want to consume more disk resource for this one.
... View more
07-16-2015
01:35 AM
So what if I set my maxDataSize = 100 ? I have an average of 150MB a day. Probably I can adjust this to 1 week of before it get deleted.
... View more
07-16-2015
01:02 AM
This line made me jump out of my seat " * CARELESSNESS IN SETTING THIS MAY LEAD TO PERMANENT BRAIN DAMAGE OR LOSS OF JOB." Im a splunk newbie. So it means I cannot set based on number of days?
... View more
07-15-2015
09:51 PM
Hi splunkers,
I want to achieve 1 day retention for indexed data. How can I achieve this? I have a cluster setup with RF=3 and SF=3. As far as my understanding, I can set frozenTimePeriodInSecs = 86400 , which is equivalent to 1 day? I have the ff configuration on my master indexes.conf .
[testindex]
repFactor = auto
homePath = $SPLUNK_HOME/var/lib/splunk/testindex/db/
coldPath = $SPLUNK_HOME/var/lib/splunk/testindex/colddb/
thawedPath = $SPLUNK_HOME/var/lib/splunk/stestindex/thaweddb/
coldToFrozenDir = $SPLUNK_HOME/var/lib/splunk/archived/testindex
frozenTimePeriodInSecs = 86400
Does it achieved the 1 day retention?
Thanks,
... View more
07-15-2015
09:13 PM
Thanks for the tips. But no worries I just used it in order to extract a specific details from a data that I uploaded
... View more
07-15-2015
08:07 PM
Hi splunkers,
Good day! How can I write a search if I don't want all HOST and PROCESS fields.
Say for example, I don't want:
host=10.10.10.10, process=apache2, mysql, etc..
Thanks
... View more
07-08-2015
06:51 PM
This is the solution. I never thought its that simple 😃 . Thanks for your time.
Have a great day!
... View more
07-07-2015
02:22 AM
Hi splunkers,
I need to gather the success and failed attempts from my linux servers, but when I forward all my auth logs, it shows me so many types of logs. How can I get only those "Accepted" or "Failed" attempts?
Thanks,
... View more
