×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
uuppuluri_splun
Splunk Employee
Member since: ‎07-22-2013
‎06-05-2020
Community Statistics
Posts 20
Solutions 3
Karma Given 1
Karma Received 19
Member Since ‎07-22-2013
Activity Feed
View All

Re: How to get the last updated (or created) time ...

by Splunk Employee in Reporting
‎01-06-2016 03:02 PM
‎01-06-2016 03:02 PM
With 6.3 (and above), we can get this information using a REST API call. For example, |rest /services/saved/searches/Test will give this information about the Saved Search "Test" in the updated data key such as the below: updated 2015-12-30T18:51:48-08:00 The initial time will be for created and will be replaced by the time of last update. This should help track when the searches were last updated. ... View more

Re: Can /etc/system/static files be symlinked?

by Splunk Employee in Installation
‎11-25-2014 03:09 PM
1 Karma
‎11-25-2014 03:09 PM
1 Karma
No. One can not symlink every file under $SPLUNK_HOME/etc/system/static which generates the error above. Replacing symlinked files with actual files should resolve the problem. Alternately one could symlink the static folder instead of each file. ... View more

Re: Delete corrupt bucket or down index in cluster

by Splunk Employee in Deployment Architecture
‎10-18-2017 11:38 PM
‎10-18-2017 11:38 PM
Just to Sum up : REMOVE FROM ONE Peer: curl -k -u admin:changeme "https://CM:8089/services/cluster/master/buckets/_audit~5~A5F789C3-22C0-407C-9B6B-10C8705F1C3D/remove_from_peer" -d peer=GUID_FOR_PEER REMOVE FROM ALL: curl -k -u admin:changeme -X POST "https://CM:80890/services/cluster/master/buckets/ _audit~5~A5F789C3-22C0-407C-9B6B-10C8705F1C3D/remove_all" ... View more

Re: count message types by facility

by Splunk Employee in Splunk Search
‎03-07-2014 01:41 PM
‎03-07-2014 01:41 PM
Splunk has a foreach command http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Foreach ... View more

Re: splunk support for customers with license

by Splunk Employee in #Random
‎01-06-2014 11:23 AM
‎01-06-2014 11:23 AM
You can go to www.splunk.com and click on the Support pull down menu and then on the support portal which is the last item. You will need your authorized credentials to log into the support portal. ... View more

Re: Indexing not working, how can I correct "BTree...

by in Getting Data In
‎01-02-2014 09:45 AM
‎01-02-2014 09:45 AM
We have data indexed from some days, but not most. The test searches we do show that only about 20-50% of the data is showing up in the indexes for each day. ... View more

Re: Release Notes RSS Feed

by Splunk Employee in Splunk Search
‎05-07-2015 09:47 PM
3 Karma
‎05-07-2015 09:47 PM
3 Karma
You can track the Splunk releases by subscribing to http://www.splunk.com/page/release_rss ... View more

Re: Search generated too much data...

by in Splunk Search
‎09-29-2016 08:31 AM
‎09-29-2016 08:31 AM
This does increase the value but there is still an upper limit that is hard coded ... View more

Re: indexing congestion consistenly happening

by in Getting Data In
‎04-03-2018 08:15 AM
‎04-03-2018 08:15 AM
yannk mentions the SOS app - this has been deprecated - if you have version 6.3 or above this has been replaced by the DMC. We too are getting this error message - any thoughts on a solution for this issue? Audit event generator: Now skipping indexing of internal audit events, because the downstream queue is not accepting data. Will keep dropping events until data flow resumes. Review system health: ensure downstream indexing and/or forwarding are operating correctly. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM