cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
ITBlogger
Explorer
Member since: ‎06-18-2012
‎06-05-2020
Community Statistics
Posts 6
Solutions 0
Karma Given 20
Karma Received 0
Member Since ‎06-18-2012
Activity Feed
View All

Re: Will Splunk for Nagios work with Icinga?

by in All Apps and Add-ons
‎06-03-2014 10:20 AM
‎06-03-2014 10:20 AM
Is this still true? Do we know if it will also work with Icinga 2? ... View more

Re: What are best practices for long term storage?

by in Deployment Architecture
‎05-01-2013 01:19 PM
‎05-01-2013 01:19 PM
Yeah, I saw that too when I hit the link you gave above. Interesting stuff. ... View more

Re: What are best practices for long term storage?

by in Deployment Architecture
‎05-01-2013 12:48 PM
‎05-01-2013 12:48 PM
Thanks, that is excellent info to know. Too bad index data signing isn't currently supported with distributed search as that's one of the things that makes Splunk so elegant. ... View more

What are best practices for long term storage?

by in Deployment Architecture
‎05-01-2013 11:37 AM
‎05-01-2013 11:37 AM
Hi All, We have a regulatory requirement to keep logs for 3 years. I am currently architecting our Splunk infrastructure and trying to figure out how far I should go to protect our logs from corruption, drive/array failures, etc. In my current design I'm planning to have 6 load balanced indexers (4 in main site and 2 in alternate), each with an external drive enclosure filled with 25 1.2TB drives. Each indexer will be filled with 8 300GB 15k rpm drives. Because of how I'm splitting up the enclosure where 10 drives are in RAID 10 and 14 are in RAID 5 (although I suppose this can be split up into two groups of RAID 5 arrays), we'll have a total of approx 91TB here and 45TB at alternate site. This is enough storage to store data captured at 100GB per day for 3 years. This design, of course, only protects us from a certain level of drive failures. It doesn't protect us from log data corruption. From a regulatory perspective, we get slammed hard if we lose more than a reasonable number of logs due to corruption, but I'm not sure that warrants building out a separate backup network and doubling storage using a SAN in order to protect against the small chance of data corruption. Is my current design reasonable? Let me know what you think. Regards, Alex ... View more

Re: Splunk App for Windows on Linux indexer

by in All Apps and Add-ons
‎04-08-2013 10:13 AM
‎04-08-2013 10:13 AM
From my experience, it means that you can't use a Linux Indexer to modify configuration of Windows agents to control what data they will grab from their respective hosts and forward to the indexer. As far as I know, in the scenario of Linux Indexer with Windows Universal Forwarders, the Splunk TA for Windows app needs to be installed on any of the Windows Universal Forwarders to really have any meaningful control over performance monitoring data. I don't think it's necessary to install the Splunk TA for Windows app to pull in event log data to the Indexer. ... View more

Re: Openstack App

by in All Apps and Add-ons
‎01-22-2013 11:14 AM
‎01-22-2013 11:14 AM
It would be nice as that's where the world is headed. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to