Hi, after upgrade from 5 to 6 I see double menus in the Splunk admin panel. Does anybody knows why ? http://picpaste.com/splunk-double-WP9tpjZt.PNG Thanks in advance for Your support. Konrad ... View more

Hello Splunk Team, could You please tell me how to disable that annoing Splunk errors on the dashboards dedicated for the clients. Nobody is interesting that Splunk Master license server has issues and problems with authentication - nobody except Splunk admin. How to disable it ? In release 5 half of the user screen was populated by errors important for administrator but completly out of scope for splunk users. In the release 6 is the same story. How to disable it errors messages in Splunk web panel ? Thanks in advance for Your support. Konrad ... View more

Hi, does anybody knows how to index files overwritten by crontab ? On the server we have running several cronjobs. Each job creating a file. Everytime, when cronjob is running file will be overwritten. */1 * * * * cronjob_script.sh > output.txt 2>&1 How to setup splunkforwarder to read overwritten files ? Another question, how to disable this strange CRC mechanismus for splunkforwarder. I have more problems with this tool that help... In the splunkforwarder logs I see all the time this: INFO WatchedFile - Checksum for seekptr didn't match, will re-read entire file= Inputs.conf file You can find here: sourcetype = uptime source = uptime crcSalt = <SOURCE> followTail = 0 index = products disabled = 0 I tested almost everything. Splunk doesnt read it... Would be perfect if somebody could support me. Cheers Konrad ... View more

Hi Gurus, I have connected Splunk server to my Active Directory server. I see LDAP groups and everything seems to be fine... but I cant login as user from selected Active Directory group. In the splunkd.log file I see this: 05-08-2013 22:18:12.304 +0200 ERROR AuthenticationManagerLDAP - user="konrad" has matching LDAP groups with strategy="AD", but none are mapped to Splunk roles 05-08-2013 22:18:12.304 +0200 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="konrad" on any configured servers In my opinion it looks like wrong role mapping. How to configure role mapping in the proper way using Splunk gui ? In this case Splunk documentation is not perfect for me. Maybe somebody could support me and tell me what to do ? greetings from Europe Konrad ... View more

Hi, I have a problem with my server. Since few weeks we have high load on the server. Today I saw for the first time SWAP on the server. The funny thing is that I still have free RAM memory on the server. Do You know why Splunk swapping ? Would be great if somebody could support me and tell me how to reduce swap. ... View more

Hi, it would be great if somebody could help me. Since few hours I`m trying to configure log forwarder, but without result. This is my scenario: (1)ApplicationServer --> (2)SomeServer with Splunkforwarder --> (3)Splunk server (1)hostname:appserver Application server(Tomcat) generating logs. On the same machine I have installed Splunkforwarder which forwarding(not working at the moment) logs to machine (2). (2)hostname:logforwarder Someserver with Splunkforwarder - this machine needs to receive all logs from machine (1) and forward it to machine number (3) (3)hostname:webpanel Splunk server - webpanel Maybe somebody could paste here content of inputs.conf / outputs.conf for appserver , logforwarder. I would like to finaly establish connection between that machines. Thanks in advance for Your help. ... View more