×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
frmaasdam
Path Finder
Member since: ‎06-04-2014
‎06-05-2020
Community Statistics
Posts 29
Solutions 3
Karma Given 0
Karma Received 13
Member Since ‎06-04-2014
Activity Feed
Topics I've Started
No posts to display.
View All

Re: Installing Enterprise Security app in a distri...

by in Installation
‎04-05-2018 08:25 AM
‎04-05-2018 08:25 AM
First of all you should install Enterprise Security on the Search Head and choose add-ons which you need, then configure add-on pack in via Enterprise Security then download it and add to cluster master then push configuration to indexers Whole process is described in this article: http://docs.splunk.com/Documentation/ES/5.0.0/Install/InstallTechnologyAdd-ons ... View more

Re: I disabled a transforms.conf stanza in Splunk ...

by in Splunk Search
‎11-15-2015 12:09 PM
‎11-15-2015 12:09 PM
There are things that create fields automatically; you should make sure that you set KV_MODE = none also. Post an example event and the fields that shouldn't be there. ... View more

Re: Linux Auditd: What is the best way to make /va...

by in All Apps and Add-ons
‎05-16-2019 07:32 PM
‎05-16-2019 07:32 PM
Thanks very much @Intermediate , will do. 🙂 ... View more

Re: Can't get started...

by in Splunk Enterprise
‎11-08-2014 07:33 AM
‎11-08-2014 07:33 AM
I'm pretty sure it was a permissions problem. Originally I tried this guide: http://wiki.splunk.com/Deploy:EnsuringSplunkRunsAsNonRootUser and it didn't workout too well. I started over and used the guide here: http://docs.splunk.com/Documentation/Splunk/latest/installation/RunSplunkasadifferentornon-rootuser#Instructions. That worked out well and everything seems to be fine with the exception of "boot-start" (http://docs.splunk.com/Documentation/Splunk/latest/admin/ConfigureSplunktostartatboottime#Enable_boot-start_on_.2Anix_platforms) not working. I'm going to start a new thread for that if I can't figure it out pretty soon. ... View more

Re: Splunk security suite installation

by in Installation
‎10-31-2014 03:56 AM
‎10-31-2014 03:56 AM
I will indeed, thanks again. ... View more

Re: Universal Forwarder not able to read all logs

by in Getting Data In
‎11-05-2014 06:06 AM
1 Karma
‎11-05-2014 06:06 AM
1 Karma
Thank You frmaasdam! After waiting half a day, the machine with these changes started pumping in all logs that were missing. Also, after adding this change to other machines it takes about 1hour before the unread logs start pumping in. Thanks Again for all your suggestions guys! ... View more

Re: What are best practices for setting up a Splun...

by Splunk Employee in Installation
‎05-15-2017 12:15 PM
‎05-15-2017 12:15 PM
To forward data to secondary site, when the primary site is down, we have a new feature in 6.6 that can handle this case automatically. More info: http://docs.splunk.com/Documentation/Splunk/6.6.0/Indexer/indexerdiscovery#Configure_the_forwarder_site_failover_capability ... View more

Re: Multi-site cluster configuration help with 2 c...

by Splunk Employee in Deployment Architecture
‎09-16-2014 11:22 PM
‎09-16-2014 11:22 PM
using the settings of your first example, you can do: site_replication_factor = origin:1,total:2 site_search_factor = origin:1,total:2 with replication_factor=1, search_factor=1. however, this is identical to non-multisite clustering. the only advantage of this is that its easier to move from 1 peer per site -> multiple peers per site than to reconfigure. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from