Activity Feed
- Karma Re: Regex for extraction of Pattern from existing field for MuS. 06-05-2020 12:47 AM
- Karma Re: Regex for extraction of Pattern from existing field for MuS. 06-05-2020 12:47 AM
- Karma Re: What is the location of Common/Shared/Replicated configurations for members in a Splunk 6.2 Search Head Cluster on Windows? for NOUMSSI. 06-05-2020 12:47 AM
- Got Karma for How to configure search head clustering in multisite environment. 06-05-2020 12:47 AM
- Got Karma for Re: How to configure search head clustering in multisite environment. 06-05-2020 12:47 AM
- Got Karma for Re: How to upgrade Splunk 6.0.3 to a newer version runnin on Amazon AMI Linux?. 06-05-2020 12:47 AM
- Got Karma for Re: What causes "Too many search jobs found in the dispatch directory" and should Splunk be handling this on its own?. 06-05-2020 12:47 AM
- Got Karma for Re: What causes "Too many search jobs found in the dispatch directory" and should Splunk be handling this on its own?. 06-05-2020 12:47 AM
- Got Karma for Re: What causes "Too many search jobs found in the dispatch directory" and should Splunk be handling this on its own?. 06-05-2020 12:47 AM
- Got Karma for Re: What causes "Too many search jobs found in the dispatch directory" and should Splunk be handling this on its own?. 06-05-2020 12:47 AM
- Got Karma for Re: How to monitor a directory for file changes?. 06-05-2020 12:47 AM
- Got Karma for Re: How to monitor a directory for file changes?. 06-05-2020 12:47 AM
- Got Karma for Re: Why are we getting "Replication factor not met" in our multisite indexer clustering environment?. 06-05-2020 12:47 AM
- Got Karma for Why am I getting error "Indexing not ready, fewer than replication factor peers are up" with my current Splunk 6.1 multisite cluster configuration?. 06-05-2020 12:47 AM
- Got Karma for Why am I getting error "Indexing not ready, fewer than replication factor peers are up" with my current Splunk 6.1 multisite cluster configuration?. 06-05-2020 12:47 AM
- Got Karma for Re: Why am I getting error "Indexing not ready, fewer than replication factor peers are up" with my current Splunk 6.1 multisite cluster configuration?. 06-05-2020 12:47 AM
- Got Karma for Re: Why am I getting error "Indexing not ready, fewer than replication factor peers are up" with my current Splunk 6.1 multisite cluster configuration?. 06-05-2020 12:47 AM
- Posted Re: Why are we getting "Replication factor not met" in our multisite indexer clustering environment? on Deployment Architecture. 06-26-2015 04:37 AM
- Posted Re: How to configure search head clustering in multisite environment on Deployment Architecture. 06-25-2015 10:37 PM
- Posted Re: Regex for extraction of Pattern from existing field on Splunk Search. 05-24-2015 04:07 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 2 |
06-26-2015
04:37 AM
1 Karma
Hi Darshan
Try rolling hot buckets by running following command
splunk _internal call /data/indexes/_audit/roll-hot-buckets -auth admin:changeme
Wait for some time and see if problem gets resolved
... View more
06-25-2015
10:37 PM
1 Karma
I have configured Search Head Clustering on Windows Servers and it is working fine with some limitations.
... View more
05-24-2015
04:07 PM
I need one more help. I have a pattern ABCDEF**** in my logs which are getting indexed on Splunk . I need to put that pattern in an field which i want to display in table along with job, How can i do that ?
... View more
05-24-2015
03:58 PM
thanks alot Mus. It works perfectly.
... View more
05-24-2015
03:46 PM
Hi Mus,
I am getting error while pasting this regex after my search. Error is Error in 'SearchOperator:regex': Usage: regex <field> (=|!=) <regex>.
My base search is index = abc host = "xyz"
When i have put it like index = abc host = "xyz" |regex field=source "(?<job>[^\/]*)$" | table job it gave me above error. Please help
... View more
05-24-2015
03:00 PM
I want to extract a pattern from existing field "source" whose value is /abc/Prod/log/p123ot12. I want to extract p123ot12 from this source field and want to put it in new field called job.
Need your assistance ASAP.
... View more
04-14-2015
04:25 AM
Hi NOUMSSI,
Thanks for your Prompt response. Where my saved searches and alerts will get stored? I mean the shared location for them from where other members will pickup those reports, searches, alerts and dashboards ?
Regards,
Sourabh
... View more
04-14-2015
02:58 AM
I have configured Search Head Clustering in my Distributed Environment which is working Perfectly fine.
I need to know what is the shared location for Search head cluster members from where they share the common configurations. Also if they replicate the configurations, where can I see these configurations in my Search Head Cluster?
... View more
04-13-2015
11:16 PM
did you find any solution to this? I am facing same issue as well.
... View more
02-26-2015
04:01 AM
Hi All,
I am looking to Integrate my Splunk 6.2 with CA SOI. For that i have to Send SNMP Trap from my Splunk to CA Spectrum tool. How can i proceed to generate SNMP Trap from Splunk and send it to CA tool ?
Regards,
Sourabh
... View more
- Tags:
- clustering
- snmp
- trap
02-10-2015
03:42 AM
yes its mandatory.
... View more
02-09-2015
10:45 PM
Yes i had enabled all ports and indexing under main index is working absolutely fine. Issue occurs when i create a custom index.
Once i create a custom index at one of my peer and than feed data to that index, at master i can see error as " replication factor not met " and " search factor not met" , though same config worked for main index
... View more
02-08-2015
10:14 PM
Hi mahamed_splunk,
I am able to run the initialize command but while creating a captain by running bootstrap command
splunk bootstrap shcluster-captain -servers_list ":,:,..."
I am getting error as "splunk does not recognize bootstrap command. Please check command or go to Splunk help".
Please let me know why this error occurs as in documentation this command is mentioned
... View more
02-08-2015
09:50 PM
Please suggest right config for my multisite cluster based on above information
... View more
02-08-2015
09:48 PM
Hi ppablo,
Sorry for that!! That was a typo from my side. I just wrote that error message, didnt copied. I am trying to give " bootstrap " but still no success. It gives error as "bootstrap is invalid command" . Please help as its very critical for me.
Do i need to install something to run bootstrap or is there any pre-requisite for this command ?
... View more
02-06-2015
05:17 AM
Hi rbal_splunk
Could you please help me in running bootstrap command for Sh cluster members Captain declaration. I am able to successfully able to initialize the shcluster as mentioned in docs but while running bootstrap coimmand getts following error " command error : bootstrap is not valid command" . AM i missing something ?
Please help!!!
... View more
02-06-2015
04:53 AM
yes you will be deleting output from your old searches.
... View more
02-05-2015
11:40 PM
2 Karma
You can use fschange stanza
Refer to below link
http://docs.splunk.com/Documentation/Splunk/6.2.1/Data/Monitorchangestoyourfilesystem
... View more
02-05-2015
11:24 PM
Thanks for your Reply!! Cross checked it but its bootstrap in Docs
http://docs.splunk.com/Documentation/Splunk/latest/DistSearch/SHCdeploymentoverview
... View more
02-05-2015
09:44 PM
Also Splunk should handle this but in our environment we have noticed that this is not properly handled by Splunk. We only need to take care of this activity by creating a script or deleting them manually.
... View more
02-05-2015
09:42 PM
4 Karma
You have answered your own query.. that thr is growth in users in searches. This is the reason you are getting this error because of limitation of Space and Performance ( running scheduled searches)
Best solution to this is
1. Go to dispatch directory (/opt/splunk/var/run/splunk/dispatch)
2. Delete old searches ( Delete from bottom)
3. Once you do this and restart your search Head error will disapear and you are good to perform you Activities on Splunk.
Please Accept and vote answer if it helps!!!!
... View more
02-05-2015
09:36 PM
I am setting up Search Head clustering. I am able to run the initialize command but while creating a captain by running bootstrap command
splunk bootstrap shcluster-captain -servers_list ":,:,..."
I am getting error as "splunk does not recognize bootstarp. Please check command or go to Splunk help".
Please let me know why this error occurs as in documentation this command is mentioned
... View more
02-05-2015
09:19 PM
On the indexer(s), you must configure a receiving port in inputs.conf.
Or from GUI, go to settings> Forward and receive > in receive add port 9997 at each indexer.
... View more
02-05-2015
09:14 PM
I have two sites. SIte 1 has 3 peers and site 2 has 1 peer. yes i had changed replication_factor = 1 and search_factor = 1 . My current config is
site_replication_factor = origin:1,site1:1,site2:1,total:2
site_search_factor = origin:1,site1:1,site2:1,total:2
replication_factor = 1
search_factor = 1
I worked fine till i created a custom index. After indexing data to custom index , error as stated above is persisting.
... View more
02-05-2015
05:09 AM
In Forwarder, in outputs.conf file
forward data to all your peers. mention IP's of all peers.
autoLBFrequency=40
server = Peer1:9997, peer2:9997
useACK = true
... View more
