Activity Feed
- Got Karma for How to change default time range in the pivot window?. 06-05-2020 12:48 AM
- Got Karma for How to change default time range in the pivot window?. 06-05-2020 12:48 AM
- Got Karma for How to change default time range in the pivot window?. 06-05-2020 12:48 AM
- Got Karma for How to change default time range in the pivot window?. 06-05-2020 12:48 AM
- Got Karma for How to change default time range in the pivot window?. 06-05-2020 12:48 AM
- Got Karma for How to change default time range in the pivot window?. 06-05-2020 12:48 AM
- Posted REST endpoint: data/indexes-extended - Why is total_raw_size is bigger than total_size on Getting Data In. 03-09-2018 03:09 PM
- Tagged REST endpoint: data/indexes-extended - Why is total_raw_size is bigger than total_size on Getting Data In. 03-09-2018 03:09 PM
- Tagged REST endpoint: data/indexes-extended - Why is total_raw_size is bigger than total_size on Getting Data In. 03-09-2018 03:09 PM
- Tagged REST endpoint: data/indexes-extended - Why is total_raw_size is bigger than total_size on Getting Data In. 03-09-2018 03:09 PM
- Posted REST endpoints /data/indexes and/data/indexes-extended give different number of event counts on Splunk Search. 03-09-2018 01:00 PM
- Tagged REST endpoints /data/indexes and/data/indexes-extended give different number of event counts on Splunk Search. 03-09-2018 01:00 PM
- Tagged REST endpoints /data/indexes and/data/indexes-extended give different number of event counts on Splunk Search. 03-09-2018 01:00 PM
- Tagged REST endpoints /data/indexes and/data/indexes-extended give different number of event counts on Splunk Search. 03-09-2018 01:00 PM
- Tagged REST endpoints /data/indexes and/data/indexes-extended give different number of event counts on Splunk Search. 03-09-2018 01:00 PM
- Posted Re: Splunk DB dimensioning on All Apps and Add-ons. 03-09-2018 09:43 AM
- Posted Splunk DB dimensioning on All Apps and Add-ons. 02-26-2018 09:09 AM
- Tagged Splunk DB dimensioning on All Apps and Add-ons. 02-26-2018 09:09 AM
- Tagged Splunk DB dimensioning on All Apps and Add-ons. 02-26-2018 09:09 AM
- Tagged Splunk DB dimensioning on All Apps and Add-ons. 02-26-2018 09:09 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 6 |
03-24-2018
03:56 AM
I am not sure what you are seeing or where you are putting your conig settings because I am not seeing what you see.
First, let's define working. In your version of splunk, what time range do you get by default when you are on the Pivot creation screen that has the url path app/launcher/pivot ? This is the page the original question is referring to where it always seems to default to "All Time".
Now, I just took your config settings and put them in user-prefs.conf under <SPLUNK_ROOT>/etc/system/local/ and in <SPLUNK_ROOT>/etc/users/admin/user-prefs/local on 6.4, 6.5, and 7.0 and there was no effect on the default search period of the Pivot creation page.
In all cases I made the config changes, and then rebooted Splunk. No change to the Pivot creation page was observed.
... View more
05-07-2019
08:18 AM
total_raw_size: essentially uncompressed bytes indexed on this indexer for this index
total_size: essentially size on disk for after compression and indexing metadata on this indexer for this index
On average it will be normal for total_size to be 50% of total_raw_size.
... View more
03-09-2018
05:19 PM
indexes-extended data is updated periodically.
Usage details
The default update period is 10 minutes, as defined by the collectionPeriodInSecs attribute in the $SPLUNK_HOME/etc/apps/introspection_generator_addon/default/server.conf file.
... View more
03-09-2018
09:43 AM
Actually, I'm not looking for the ingested log volume per day, but the disk space consumption on the indexer cluster, meaning the increase in these folders:
- $SPLUNK_DB//db
- $SPLUNK_DB//datamodel_summary
In our deployment, we have replication-factor=2, search-factor=2 and we use data model acceleration, so the actual disk space usage is quite different from the ingested log volume. From my experience, when upgrading Splunk version, I've sometime seen a substantial change in the ratio of the log volume and log storage, hence, the need to revise the dimentioning tool from time to time...
... View more
11-09-2017
04:33 AM
Thanks for all your quick answers. They all work perfectly. I should have posted the question sooner so that I didn't have to spend an hour scratching my head 🙂
... View more
