Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About Prakash493
Prakash493
Communicator
Member since:
04-07-2018
06-05-2020
Community Statistics
| Posts | 89 |
| Solutions | 4 |
| Karma Given | 0 |
| Karma Received | 1 |
| Member Since | 04-07-2018 |
Activity Feed
- Got Karma for Re: Unable to view thawed data. 04-01-2021 02:09 AM
- Posted Splunk DB Connect Connection To SQL on Splunk Search. 02-04-2020 02:27 PM
- Posted Re: Splunk server Patching on Deployment Architecture. 12-10-2019 02:05 PM
- Posted Re: Splunk server Patching on Deployment Architecture. 12-10-2019 12:04 PM
- Posted Splunk server Patching on Deployment Architecture. 12-06-2019 02:13 PM
- Tagged Splunk server Patching on Deployment Architecture. 12-06-2019 02:13 PM
- Posted Re: Min IOPS Requirement for 1 TB indexing /per day on Building for the Splunk Platform. 12-06-2019 08:49 AM
- Posted Min IOPS Requirement for 1 TB indexing /per day on Building for the Splunk Platform. 12-06-2019 08:40 AM
- Tagged Min IOPS Requirement for 1 TB indexing /per day on Building for the Splunk Platform. 12-06-2019 08:40 AM
- Posted Re: Splunk query to see Linux patching on Deployment Architecture. 12-06-2019 08:38 AM
- Posted Re: Splunk query to see Linux patching on Deployment Architecture. 12-06-2019 08:37 AM
- Posted Splunk query to see Linux patching on Deployment Architecture. 12-03-2019 02:06 PM
- Tagged Splunk query to see Linux patching on Deployment Architecture. 12-03-2019 02:06 PM
- Posted Re: How to monitor and alert when the Splunk universal forwarder service has been stopped or modified? on Getting Data In. 11-26-2019 02:08 PM
- Posted Re: How to find LDAP accounts that have been disabled for longer then 30 days on Splunk Enterprise Security. 11-26-2019 11:15 AM
- Posted Re: How to monitor and alert when the Splunk universal forwarder service has been stopped or modified? on Getting Data In. 11-26-2019 11:08 AM
- Posted Re: Unable to view thawed data on Splunk Search. 11-21-2019 01:29 PM
- Posted Re: Unable to view thawed data on Splunk Search. 11-19-2019 07:00 AM
- Posted Re: Unable to view thawed data on Splunk Search. 11-19-2019 06:59 AM
- Posted Re: Unable to view thawed data on Splunk Search. 11-18-2019 02:23 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
02-04-2020
02:27 PM
My DB connect app is hosted on the Splunk Heavy forwarder and i need to create a connection to SQL server. I got the server address and the port number is 1433. I need to request firewall access to from my HF to the db server over port 1433. Do i need to provide the any port number from my HF so the Firewall can be opened to communicate ?
Or i just need to give my HF IP address to the firewall team to open connection to db server ip with port 1433 ?
... View more
- Tags:
- splunk-enterprise
12-10-2019
12:04 PM
is it any problem if i use ./splunk stop command and after patching i will start the service , If i use splunk offline command what it will do and once patching finished how can i start splunk is by using ./splunk start ?
... View more
12-06-2019
02:13 PM
Hi , My infra team is doing the Vulnerability patching on linux servers as we have 6 indexers clustered , we are doing patching on 3 indexers and 3 search heads clustered. is their anything that i need to do except validating the servers after patching ? as they are doing on 3 indexers i am thinking to enable maintenance mode ?
... View more
12-06-2019
08:49 AM
Yes but it doesn't say about the data ingestion per day. It might be 1 GB/DAY or 100 GB/DAY , So i am looking to best iops for 1 TB/DAY ingestion requirement.
... View more
12-06-2019
08:40 AM
Hi , Where can i find the Min IOPS requirement for the data ingestion of 1 TB/DAY with 12 indexers ?
... View more
12-06-2019
08:38 AM
i am not aware of any script i got the file name on the add-on what needs to be turned on.
... View more
12-06-2019
08:37 AM
Thank you so much for the update yes we do have that add-on and version.sh file is disabled , i will turn the logging for it.
... View more
12-03-2019
02:06 PM
Hi , Our most of the splunk servers are Linux based systems , How can i create a splunk query to verify if Linux OS patch has been successful or not ?
... View more
11-26-2019
02:08 PM
yes you can modify this part and set how often you need to check the status of forwarder :case(age < 3600,"Running",age > 3600,"DOWN") 3600 sec = 1hr , if you want to see the status in last 10 mins you can change it to 600. And using the query you can set an alert might little tune needed
... View more
11-26-2019
11:15 AM
Their is a way to determine if any users has not been logged to splunk from last 30 days but if you are looking for ldap disabled accounts , if its indexed then you can get it.
... View more
11-26-2019
11:08 AM
to monitor the universal forwarder use this query :
index=_internal source=*metrics.log group=tcpin_connections | eval Host=coalesce(hostname, sourcehost) | eval age = (now() - _time ) | stats min(age) as age, max(_time) as LastTime by Host | convert ctime(LastTime) as "Last Active On" | eval Status= case(age < 3600,"Running",age > 3600,"DOWN")|search Status=DOWN
This will show if any universal forwarder is down and will list out the host name and when it was connected last. (Will show if any forwarder is down for more then 1 hr)
... View more
11-21-2019
01:29 PM
if your problem is solved please accept the answer to help future peoples.
... View more
11-19-2019
07:00 AM
Refer to below comment as i cannot attach pictures here in this thread.
... View more
11-19-2019
06:59 AM
1 Karma
Here you go the Rest APi URL of cluster master : https://clustermasteruri:8089/services/cluster/master/buckets/~
Here is a ref screenshot , if you see the frozen flag=1 and bucket state is saying searchable means the bucket is not searchable due to this bug where its saying frozen = 1 and if that saying frozen flag 0 and bucket state is searchable means u r good to go ;
... View more
11-18-2019
02:23 PM
i been running into same issue that you are in splunk 7.0.2 their was a bug it prevents the data to be searchable i ended up with setting up a standalone indexer thaw the data their , rebuild the bucket and integrate with search head cluster then my data was searchable.
Tip: You check that by using splunk rest api to go to that particular index and if you see the frozen flag set to true means your rebuilding of buckets is not working.
... View more
10-07-2019
08:26 AM
Hi, I am having an issue to blacklist a monitor file I tried using it blacklist but still, the data is ingesting,
Here is my stanza:
C:\xxxx\logs\logfiles\x2svp*\*.log
blacklist = x2svp1246|x2svp1259|x2svp1258|x2svp1256\.log$
I don't know why it's not working anyone can help me out?
... View more
09-27-2019
09:31 AM
yes its works thanks its because of two pipes i tried with a single pipe and got worked.
... View more
09-25-2019
01:13 PM
Hi , I am monitoring a file path , i am ingesting the logs also i am blacklisting some folders in the directory which is working and i am trying to add one more blacklisting path but its not working , what i am doing wrong here ?
[monitor://\xxxx\Logs\Prod...*.log]
blacklist = TaskAudit|webmanager|web_S*.log||enterpriseSecurity*.log|(\\SXXXXX\Logs\Prod\PlatformServices)
i wanna blacklist the last one platform services log but cant able to do it , tried to add a regex but nothing working.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
