We need to rotate syslog files once they reach a certain size. Our directory structure looks like the following: /opt/splunk/syslog/datasource1 /opt/splunk/syslog/datasource2 /opt/splunk/syslog/datasource3 etc. Once files in the source folders reach 1GB for example, we need them to be moved to /opt/splunk/old_files Has anyone successfully set up a rotation script? ... View more

One of our DNS servers running a universal forwarder, suddenly stopped sending Windows Event logs to our indexers. DNS events are still being forwarded. ... View more

Hello community, I've installed SA-Eventgen and SPL Examples as directed in the following .conf talk: https://conf.splunk.com/files/2017/recordings/creating-your-own-splunk-learning-environment.mp4 However, this doesn't work. I've taken a look at the documentation, created a folder named "local" under the SPL_Examples directory and moved the eventgen.config from the apps\spl_examples\default folder to the apps\spl_exampels\local folder. I restarted Splunk and still getting no events. What am I missing? Luke Netto's talk referenced above makes it seem so trivial? I'm working with a brand new install of Splunk on a Windows 10 system. The only apps I've installed as of this post are SA-Eventgen and SPL Examples. Splunk Enterprise Version: 7.3.1 SA-Eventgen Version: 6.5.1 Splunk SPL Examples Version: 1.0.0 Appreciate any help with this! Here are some of the errors I'm seeing in the internal index: From Splunkd.log: 09-11-2019 12:21:10.206 -0500 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\SA-Eventgen\bin\modinput_eventgen.py"" 2019-09-11 12:21:10 eventgen WARNING MainProcess {'positional_args': (0,), 'event': 'Generator Queue Full. Reput the backfill generator task later. %d backfill generators are dispatched.'} ... View more