Activity Feed
- Got Karma for Re: Why would Splunk NOT obey "dispatch.ttl" and delete results/artifacts early?. 12-06-2023 05:10 AM
- Got Karma for Re: Why would Splunk NOT obey "dispatch.ttl" and delete results/artifacts early?. 12-20-2022 01:19 PM
- Got Karma for Re: Why would Splunk NOT obey "dispatch.ttl" and delete results/artifacts early?. 06-05-2020 12:51 AM
- Karma Re: O365 Audit logging for sylbaea. 06-05-2020 12:50 AM
- Karma CPU load on Search Peers increased significantly after upgrade to 7.1.1 for christeraustad. 06-05-2020 12:49 AM
- Karma Re: CPU load on Search Peers increased significantly after upgrade to 7.1.1 for john_dagostino. 06-05-2020 12:49 AM
- Posted Re: Why would Splunk NOT obey "dispatch.ttl" and delete results/artifacts early? on Deployment Architecture. 02-12-2020 08:40 AM
- Posted O365 Audit logging on All Apps and Add-ons. 12-11-2018 01:34 PM
- Tagged O365 Audit logging on All Apps and Add-ons. 12-11-2018 01:34 PM
- Tagged O365 Audit logging on All Apps and Add-ons. 12-11-2018 01:34 PM
- Posted Re: Getting Execprocessor error with bash script on Splunk Dev. 05-07-2018 09:27 AM
- Posted Getting Execprocessor error with bash script on Splunk Dev. 05-07-2018 08:39 AM
- Tagged Getting Execprocessor error with bash script on Splunk Dev. 05-07-2018 08:39 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
02-12-2020
08:40 AM
3 Karma
I don't think it has to do with the amount of space in your dispatch directory. If it was completely full it should not delete the jobs, instead it should not allow any more searches to be dispatched. Do these searches have any addition actions such as e-mail, etc? The ttl for those actions may be overwriting. Alert actions like e-mail have a live time of 24 hours, which when taken with the default of 2x this value, would put it at 2 days, which is exactly what you are seeing.
alert_actions.conf is where this would be modified.
... View more
12-11-2018
01:34 PM
My company is beginning to use Power BI and we would like to get the audit logs from it into Splunk. I saw in the documentation that this gets audit logs from Exchange Online, SharePoint online and azure ad, but I did not see Power BI in this.
Is power BI included in this (as I saw a requirement for viewing PowerBI logs was having an Echange Online license)? I saw some powershell scripts where Power Bi logs are able to be pulled from unified audit logging, I did not know if this was where the app would pull audit from.
... View more
05-07-2018
08:39 AM
I am getting this error when running my script as a scripted input:
05-07-2018 10:28:00.177 -0500 ERROR ExecProcessor - message from "/opt/splunk/bin/scripts/pingdomtest" \r 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0\r100 723 0 723 0 0 842 0 --:--:-- --:--:-- --:--:-- 842\r100 8666 0 8666 0 0 8345 0 --:--:-- 0:00:01 --:--:-- 8348
My inputs .conf looks like this:
[script://$SPLUNK_HOME/bin/scripts/pingdomtest]
disabled = false
index = test
interval = 120
source = ./pingdomtest
sourcetype = json_no_timestamp
I have run the script by itself and it is working and getting the data down from pingdom.
Thanks!
... View more
- Tags:
- splunk-enterprise
