×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
scc508
New Member
Member since: ‎09-04-2015
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎09-04-2015
View All

Re: Why is the Splunk App for Stream putting all d...

by in All Apps and Add-ons
‎09-05-2015 08:43 AM
‎09-05-2015 08:43 AM
Thank you both, that helps explain it. Does anyone know what to check why we can't see any data? All we see are the error messages to _internal about "decodePacket: skip bogus packet with length less than IP header length". Clearly something is not working. This is win2012r2 hosted in Azure, so has a hyperv network card. splunkd is running as localsystem. Thank you for any insight or steps to try. ... View more

Why is the Splunk App for Stream putting all data ...

by in All Apps and Add-ons
‎09-04-2015 01:52 PM
‎09-04-2015 01:52 PM
It looks like the Splunk App for Stream puts everything into _internal. In general, we don't like to do that. In this case, do we really need to? It seems like too much volume to put in _internal. My plan is to capture summary data on most network connections for hundreds of product servers. I can't find anything about index choices in the docs. Does anyone have any recommendations on which index(es) to use? This data will be part of our security app we're building, and access will be restricted as well. I have some data on a test server, just with the tcp and udp streams enabled as they come by default. The only messages I see in the events are: "decodePacket: skip bogus packet with length less than IP header length". Any idea what that means? thank you! Scott ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM