×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
tobiasgoevert
Engager
Member since: ‎02-21-2019
‎08-27-2024
Community Statistics
Posts 7
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎02-21-2019
Activity Feed
Topics I've Started
No posts to display.
View All

Re: systemctl stop Splunkd hangs

by in Splunk Enterprise
‎08-27-2024 11:48 AM
‎08-27-2024 11:48 AM
Thanks for the advice!    We´re experiencing the same issues on same RHEL (8.10) Will also check on our test env if this will help   Also interessted in updates, if someone find out something 🙂    Regards,  Tobias ... View more

Re: Bug report - Cisco add-on slows down the searc...

by in All Apps and Add-ons
‎07-18-2024 11:09 PM
‎07-18-2024 11:09 PM
Good Morning,  Found another reason in our case, why the searches are so slow (accelerating the CIM auth datamodel)    Our Network Operations Team activated Cisco TrustSec-Logging for one of our customers...  Since this, we index more then 10 million TrustSec-Logs, where we apply the props and transforms to...  These Logs definitely don´t need all this knowledge... It is an easy KV structure, here an example...   <190>126269710: 126329890: Jul 19 07:56:50.999 CEST: %RBM-6-SGACLHIT: ingress_interface='TenGigabitEthernet2/1/7' sgacl_name='Permit_IP_Log-01' action='Permit' protocol='tcp' src-vrf='CUSTOM_LAN' src-ip='123.123.123.123' src-port='1234' dest-vrf='CUSTOM_LAN' dest-ip='234.234.234.234' dest-port='64399' sgt='0' dgt='16' logging_interval_hits='1'   an specific sourcetype for this type of logs make´s sence i think. 🙂   Regards, and thank you for all the answers.  Tobias ... View more

Re: Bug report - Cisco add-on slows down the searc...

by in All Apps and Add-ons
‎07-18-2024 12:22 AM
‎07-18-2024 12:22 AM
Hello Together,    commented everything out, step by step and came to the solution, that following REPORT statement slows evertything out massively.... A 10 Minute searchwindow with this line needs 230 seconds (203 sec commandSearch / 192 KV) - without just 25 (24 sec CommandSearch / 13 Sec KV) - FastMode But it contains nessasary fields in our env.... Will try to analyse the regexes inside.    Regards ... View more

Re: Bug report - Cisco add-on slows down the searc...

by in All Apps and Add-ons
‎07-15-2024 07:04 AM
‎07-15-2024 07:04 AM
Hello, do you found out, where the problem was?  It looks like, that i have also an performance issues with this TA. After deaktivation, i can run the search in seconds... When it´s active, the search don´t finish...  Thanks for your answer! ... View more

Re: How to stop a read-only user from deleting kno...

by in Security
‎05-14-2024 05:42 AM
‎05-14-2024 05:42 AM
Hello Mikeydee,    i have exactly the same issue/problem in our splunk environment. Do you have a solution for this yet?    Regards,  Tobias ... View more

Re: Why are there Issues when upgrading from 8.1.2...

by in Splunk Enterprise
‎07-11-2022 01:00 AM
‎07-11-2022 01:00 AM
Hello together,  we have the same issue after our upgrade. Regards,  Tobias Gövert ... View more

Re: Using Splunk Stream for Netflow- now, ingestin...

by in All Apps and Add-ons
‎02-21-2019 10:34 PM
‎02-21-2019 10:34 PM
Hi Together, same situation for me! i ingested netflow from our cisco-routers to splunk via Splunk app for stream. Now i want to visualize it. @keiran_harris do you have some results jet? Regards, Tobias,Hi together, same situation for me! We also ingested netflow from our cisco-router and want to visualize it now. @keiran_harris do you have some results jet? Regards, Tobias ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎08-27-2024 03:09 PM
Karma given to
View All