Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
- Find Answers
- :
- About splunkreal
splunkreal
Influencer
Member since:
05-26-2016
2 weeks ago
Community Statistics
| Posts | 632 |
| Solutions | 32 |
| Karma Given | 890 |
| Karma Received | 50 |
| Member Since | 05-26-2016 |
Activity Feed
- Karma KVStore does not start when running Splunk 9.4 ( WITH A SOLUTION ) for triptraptresko. 2 weeks ago
- Karma Re: Splunk KV store does not start for claudio_manig. 3 weeks ago
- Karma Re: Splunk Add-on for Check Point Log Exporter for kknairr. 3 weeks ago
- Posted Re: How to resolve disk usage show negative value on monitoring console after adding storage. on Splunk Enterprise. 3 weeks ago
- Posted Re: How to resolve disk usage show negative value on monitoring console after adding storage. on Splunk Enterprise. 4 weeks ago
- Posted Re: No result using sourcetype on Splunk Search. a month ago
- Karma Re: Search by sourcetype returns no results for bmaupin. a month ago
- Karma Re: Splunk Forwarder SSL unsupported certificate purpose? for cbtadmin. 04-08-2026 02:34 AM
- Karma Re: Indexer/UF SSL: requireClientCert and SSL3_GET_RECORD:wrong version number (7.3.2) for harsmarvania57. 04-07-2026 02:27 PM
- Karma Re: How to quickly validate the metadata files of a given index and of all its buckets? for hexx. 04-06-2026 05:11 AM
- Posted Re: No result using sourcetype on Splunk Search. 03-30-2026 08:11 AM
- Karma Re: No result using sourcetype for isoutamo. 03-30-2026 02:06 AM
- Posted Re: No result using sourcetype on Splunk Search. 03-26-2026 04:23 PM
- Posted No result using sourcetype on Splunk Search. 03-26-2026 01:44 PM
- Posted Re: Splunk Add-on for Check Point Log Exporter on Getting Data In. 03-20-2026 05:13 AM
- Karma Re: Splunk Add-on for Check Point Log Exporter for kknairr. 03-20-2026 05:12 AM
- Posted Splunk Add-on for Check Point Log Exporter on Getting Data In. 03-20-2026 03:35 AM
- Posted Re: Log ingestion delay on Splunk Enterprise Security. 03-19-2026 08:03 AM
- Posted Re: Search lag error on Splunk Search. 03-16-2026 04:29 AM
- Karma Re: how to perform lookup on CSV file from search on index for yeahnah. 03-13-2026 01:54 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 0 |
3 weeks ago
Rolling restart of indexers solved.
... View more
4 weeks ago
Hello @elend how did you solve it? Did you restart MN or IDX for instance? Thanks!
... View more
a month ago
Hello, solution was provided by support (Poland), sourcetype:: was missing in the transforms.conf for another sourcetype in same index.
... View more
03-26-2026
04:23 PM
The sourcetype appears on the left side with results... when we click on it then no result.
... View more
03-26-2026
01:44 PM
Hello, when using index=si_cisco we get results however if we add index=si_cisco sourcetype="cisco:ise:syslog" then no result. The data is coming from HF (HEC) from log management system (Kafka). Earlier today it was working with index=test sourcetype="cisco:ise:syslog" but then our log management admin changed the destination index. I suspect props.conf/transforms.conf issue. We use Splunk Add-on for Cisco ISE 4.2.0 Thanks for your help.
... View more
Labels
- Labels:
-
other
03-20-2026
05:13 AM
Yes, just unsupported now?
... View more
03-20-2026
03:35 AM
Hello, we have Splunk Add-on for Check Point Log Exporter ( https://splunkbase.splunk.com/app/5478 ) Built by Splunk LLC. We would like to know if it's supported with Splunk v10 (v10.2 for instance)? Thanks.
... View more
Labels
- Labels:
-
heavy forwarder
-
inputs.conf
-
syslog
03-19-2026
08:03 AM
Hello @tsa which sourcetype did you set? It doesn't look documented at https://open-docs.neuvector.com/integration/splunk/ Something like neuvector:json? Thanks!
... View more
03-12-2026
09:46 AM
Hi @woodcock got this warning after network issues yesterday, applied https://splunk.my.site.com/customer/s/article/The-number-of-extremely-lagged-searches-X-over-the-last-hour-exceeded-the-red-threshold-X-on-this-Splunk-instance but could not find any lagged search. Either wait to be cleared or maybe will need restart of the impacted SHC member...
... View more
03-05-2026
07:48 AM
Hello, On UF I've seen that we put pem certificates in etc/apps/myapp/default/data On our servers however I've seen something like etc/apps/myapp/data Are there rules or both are ok? (they are working but are they best practices?) Thanks!
... View more
Labels
03-02-2026
10:01 AM
Hello, which Splunk 10 version is stable? I've seen there is 10.2 and before 10.0, what happened to 10.1? Also I saw 10.0.4 was released recently, why? Thanks.
... View more
Labels
02-25-2026
09:40 AM
Hello, us there still Intermediate findings column for findings in analyst queue for Event based detections? Thanks.
... View more
Labels
- Labels:
-
administration
-
installation
02-19-2026
08:45 AM
squash_threshold = <positive integer> * Periodically the indexer must report to license manager the data indexed broken down by source, sourcetype, host, and index. If the number of distinct (source, sourcetype, host, index) tuples grows over the 'squash_threshold', the (host, source) values are squashed and only a breakdown by (sourcetype, index) is reported. This is to prevent explosions in memory + license_usage.log lines. * This is an advanced setting. Set it only after consulting a Splunk Support engineer. * This needs to be set on license peers as well as the license manager. * Default: 2000
... View more
02-19-2026
08:45 AM
Hello, if you have license usage error when running a query on license logs, it can be based on Splunk server.conf setup.
... View more
Labels
- Labels:
-
license usage
-
monitoring console
02-16-2026
01:51 AM
Hello @bowesmana had some errors, this way is more reliable but from ssh : find /OPT/splunk/etc/apps -type f -path "*/lookups/*" -exec du -h {} \; | sort -h
... View more
02-16-2026
12:28 AM
Hello @kknairr thanks for detailed explanation, especially sslRootCAPath, no need to put all rootCAs in single file but in the directory then?
... View more
02-15-2026
02:26 PM
Hello @PickleRick thanks, do you mean using sslRootCAPath? By default ssl verify is disabled so is it necessary? Thanks.
... View more
02-12-2026
12:12 AM
Hi @PickleRick thanks but it's almost empty, just ES using it.
... View more
02-11-2026
09:48 AM
1 Karma
Hello, running "splunk backup kvstore -pointInTime true" on SHC member or captain doesn't create kvstore .tar.gz - it works with pointInTime = false We can see this error in logs in splunkd.log : ERROR MongodRunner [57705 KVStoreBackupThread] - Failed to create PKCS1 certification for Mongo CLI tools INFO MongodRunner [57705 KVStoreBackupThread] - PKCS1 Certificate already exists INFO MongodRunner [57705 KVStoreBackupThread] - Private key password changed. Creating a new PKCS1 Certificate ERROR MongodRunner [57705 KVStoreBackupThread] - Failed to create PKCS1 certification for Mongo CLI tools INFO MongodRunner [57705 KVStoreBackupThread] - PKCS1 Certificate already exists INFO MongodRunner [57705 KVStoreBackupThread] - Private key password changed. Creating a new PKCS1 Certificate ERROR MongodRunner [57705 KVStoreBackupThread] - Failed to create PKCS1 certification for Mongo CLI tools INFO MongodRunner [57700 MongodLogThread] - mongod exited normally (exit code 0, status: PID 57701 exited with code 0). in /var/lib/splunk/kvstorebackup/ empty kvdump_... Thanks for your help.
... View more
Labels
02-11-2026
09:45 AM
Hello, we will need to change root CA/server certificates on all our splunk cluster, forwarders will also be affected. Also we use TCP-SSL on our HF with various network appliances, I guess they will be affected? Is there good practice or guideline that you could provide? Thanks for your help.
... View more
Labels
02-11-2026
09:41 AM
Hi @yuanliu thanks, how do you get breakdown by csv file?
... View more
02-09-2026
05:27 AM
Hello @BuzzLights10 did you get your answer? If yes could you provide your SPL query? 😊
... View more
02-06-2026
06:12 AM
Hello @andrew_nelson it looks complicated, is it supported by Splunk using this method?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
2 weeks ago
|
Karma given to
