Activity Feed
- Got Karma for Upgrade from splunk 7.0.1 to 8.0.6. with uf from 6.4.10.. 10-26-2020 10:37 PM
- Karma Re: Upgrade from splunk 7.0.1 to 8.0.6. with uf from 6.4.10. for nwuest. 10-26-2020 10:23 PM
- Posted Re: Upgrade from splunk 7.0.1 to 8.0.6. with uf from 6.4.10. on Splunk Enterprise. 10-26-2020 09:43 PM
- Karma Re: Upgrade from splunk 7.0.1 to 8.0.6. with uf from 6.4.10. for nwuest. 10-26-2020 09:24 PM
- Posted Re: Upgrade from splunk 7.0.1 to 8.0.6. with uf from 6.4.10. on Splunk Enterprise. 10-26-2020 07:37 PM
- Posted Upgrade from splunk 7.0.1 to 8.0.6. with uf from 6.4.10. on Splunk Enterprise. 10-25-2020 05:33 PM
- Tagged Upgrade from splunk 7.0.1 to 8.0.6. with uf from 6.4.10. on Splunk Enterprise. 10-25-2020 05:33 PM
- Tagged Upgrade from splunk 7.0.1 to 8.0.6. with uf from 6.4.10. on Splunk Enterprise. 10-25-2020 05:33 PM
- Tagged Upgrade from splunk 7.0.1 to 8.0.6. with uf from 6.4.10. on Splunk Enterprise. 10-25-2020 05:33 PM
- Posted Re: how to monitoring same file. it is different location file. on Splunk Enterprise. 09-02-2020 06:08 PM
- Posted how to monitoring same file. it is different location file. on Splunk Enterprise. 09-02-2020 12:59 AM
- Tagged how to monitoring same file. it is different location file. on Splunk Enterprise. 09-02-2020 12:59 AM
- Got Karma for Splunk Python SSL Connection Error (version 2.7).. 06-05-2020 12:50 AM
- Posted Re: Splunk Python SSL Connection Error on Splunk Dev. 07-01-2019 11:54 PM
- Posted Splunk Python SSL Connection Error (version 2.7). on Splunk Dev. 07-01-2019 07:41 PM
- Tagged Splunk Python SSL Connection Error (version 2.7). on Splunk Dev. 07-01-2019 07:41 PM
- Tagged Splunk Python SSL Connection Error (version 2.7). on Splunk Dev. 07-01-2019 07:41 PM
- Tagged Splunk Python SSL Connection Error (version 2.7). on Splunk Dev. 07-01-2019 07:41 PM
- Posted Re: How do i set savedsearchs limit.conf in 8 core server? on Reporting. 06-18-2019 12:43 AM
- Posted Re: In a datamodel search why are tstats and stats results not the same? on Splunk Search. 05-23-2019 11:47 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
10-26-2020
09:43 PM
thank you. @nwuest sry last question. https://docs.splunk.com/Documentation/Forwarder/8.1.0/Forwarder/Compatibilitybetweenforwardersandindexers my case is blank in this guide. but my log data sending to indexer well. why???? is it ok? because of my custom app? forwarder : 6.3.x-6.6.x (Limited support) , indexer : 8.x ====================== my uf : 6.4.10 splunk enterprise : 8.0.6 ======================= Windows upgrade is not possible under the current circumstances. so i should use 6.4.10 Thank you for listening to my poor English.
... View more
10-26-2020
07:37 PM
ty so much @nwuest ^^ current, i using well. uf transmit data to indexer well. Do you mean that i no longer receiving technical assistance and software updates could put in a precarious situation if something bad were to happen? then, i fine. i can recover old splunk version whenever . i backuped my app for 7.0.1 i concerned to uf can not transmit to indexer or worry that not can use new features/enhancements. Is there any new features/enhancements that I can't use because of low uf?
... View more
10-25-2020
05:33 PM
1 Karma
hello, splunker I have question. plz I upgraded 7.0.1 to 8.0.6 but, my uf is 6.4.10 for win7. I saw the document late. (8.0 is not support for uf under 7.x). document: https://docs.splunk.com/Documentation/Splunk/8.0.6/Installation/AboutupgradingREADTHISFIRST my forwarder os win7. so i can't upgrade to 7.x however, I using enterprise 8.0.6 & uf 6.4.10 well. no problem. Why block Splunk upgrade? ty all!
... View more
Labels
- Labels:
-
upgrade
-
using Splunk Enterprise
09-02-2020
06:08 PM
hello @rnowitzki you means that i can same file monitoring at my setting? i testing but, only some data is monitored. ex) host : TEST1, TEST3 It also attempted to set up at host_segment = 4. The result was that the host name was a file name. not folder name is it ok. host_segment = 3 my problem is that some of the same files in other folders are monitored. why???? T_T ty so much.
... View more
09-02-2020
12:59 AM
hello splunker. I would like to monitor the same file in another folder as below. each host is a folder name. it is works in one app. The file names in the folder may be the same or different. my setting : input.conf [monitor://D:\Splunk\Check\TEST*\*.csv] disabled = false host_regex = index = test host = host_segment = 3 sourcetype = testcheck crcSalt = <<SOURCE>> ty help me
... View more
- Tags:
- inputs.conf
Labels
- Labels:
-
configuration
-
using Splunk Enterprise
07-01-2019
07:41 PM
1 Karma
I need to your help.
When I using python to Splunk Connection, I saw this error. I'm using python 2.7
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)
So, I saw that reference pages like this
https://docs.splunk.com/DocumentationStatic/PythonSDK/1.6.5/client.html#splunklib.client.Indexes
But I can't clear that ssl problem.
Connection verify is False.
Anything I do more setting need?
Thank you.
![service = client.connect(
host=host,
port=port,
username=username,
password=password,
verify=False
)][1]
... View more
Labels
- Labels:
-
Python
how do you think 8 core server limit.conf setting.
... View more
05-23-2019
11:47 PM
yes . i checked data. same set of event. all data same
... View more
05-23-2019
09:46 PM
hello splunker.
i changed search to datamodel search(tstats) for speed up.
but, stats and tstats result are slightly different.
average :
ex) tstats : 0.45500000000000007.
stats : 0.4549999999999999.
it is same data.
help me.
Thank you for your reply.
... View more
thank you. It helped me a lot.
... View more
04-26-2019
03:35 AM
Hello splunker.
i want to change dropdown.
I'd like to change it as follows.
How do i can..??
T.T Help it is so important to me
thank you.
... View more
hello splunker.
i have about 50 savedsearchs for only 1 summary index.
It starts at half an hour intervals and saevedsearchs have many subsearch. ( command : map, foreach, streamstats etc..)
I use server which have 8 core and 62GB RAM
How do i set limits.conf?
[search]
base_max_search = ??
max_searches_per_cpu = ??
[scheduler]
max_searches_perc = ??
Please recommend other options.
Thank you ! Please help me. xD
... View more
ty your answer but, i will upgrade my server. it is 8 core. how do i set my server?
... View more
04-23-2019
06:27 PM
Hello, splunker.
I have about 50 savedsearch.
It's schedule is executed once every 30 minutes and my workstation have 4 core.
So I set it as follows.
[search]
base_max_searches = 24
max_searches_per_cpu = 4
[scheduler]
max_searches_perc = 200
however, my splunk so slow.
I can't access splunk and putty shell
why?
I am splunk novice.
please help me.
thank you.
... View more
04-21-2019
11:56 PM
Hello, Guys.
I am used splunk enterprise. my dashboard is XML which make up for Javascirpt.
[ javascript LIST ]
1. developer gadegets : accordian toggle
2. my local javascript
I want to add another script but, The following error occurs in console : F12
Deprecation warning: value provided is not in a recognized RFC2822 or ISO format. moment construction falls back to js Date(), which is not reliable across all browsers and versions. Non RFC2822/ISO date formats are discouraged and will be removed in an upcoming major release. Please refer to http://momentjs.com/guides/#/warnings/js-date/ for more info.
Arguments:
[0] _isAMomentObject: true, _isUTC: false, _useUTC: false, _l: undefined, _i: 2019/04/09 12:10:21.296, _f: undefined, _strict: undefined, _locale: [object Object]
Error
So I can't add. Plz help me !!T.T
thank you.
... View more
- Tags:
- splunk-enterprise
