Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About davpx
davpx
Communicator
Member since:
08-23-2016
06-05-2020
Community Statistics
| Posts | 66 |
| Solutions | 7 |
| Karma Given | 15 |
| Karma Received | 13 |
| Member Since | 08-23-2016 |
Activity Feed
- Karma Re: Events not received in Phantom for tomaszdziwok. 06-05-2020 12:50 AM
- Got Karma for Re: How come our indexes are missing in our search head cluster?. 06-05-2020 12:50 AM
- Karma RHEL/CentOS 7 & systemD not honoring ulimits for jethompson_splu. 06-05-2020 12:49 AM
- Karma Re: What can be done with an indexer in a "hung" state? for harsmarvania57. 06-05-2020 12:49 AM
- Karma Can I use kvstore as a web application backend? for jedatt01. 06-05-2020 12:49 AM
- Karma Re: Stats count on list of values from lookup and how many times they are displayed in the results. for king2jd. 06-05-2020 12:49 AM
- Karma Re: How to customize stats using simple math? for skoelpin. 06-05-2020 12:49 AM
- Karma Re: How to customize stats using simple math? for skoelpin. 06-05-2020 12:49 AM
- Karma Re: How to configure indexes.conf to keep large volume of data? for ddrillic. 06-05-2020 12:49 AM
- Karma Re: Indexes are not available to select from "Available search indexes" during role creation since upgrade to 7.0.0 for rjteh_splunk. 06-05-2020 12:49 AM
- Karma Re: Unable to add more sources to Universal Forwarder for skoelpin. 06-05-2020 12:49 AM
- Karma Re: What's the best way to separate "cluster master" and " deployer" for Steve_G_. 06-05-2020 12:49 AM
- Got Karma for Re: Can I use kvstore as a web application backend?. 06-05-2020 12:49 AM
- Got Karma for Re: Do TRANSFORMS in a source stanza and a sourcetype stanza both apply?. 06-05-2020 12:49 AM
- Got Karma for Re: Do TRANSFORMS in a source stanza and a sourcetype stanza both apply?. 06-05-2020 12:49 AM
- Got Karma for Re: Running Alerts in Verbose or Fast mode. 06-05-2020 12:49 AM
- Got Karma for Re: How to customize stats using simple math?. 06-05-2020 12:49 AM
- Got Karma for Re: The maximum number of concurrent auto-summarization searches on this cluster has been reached. 06-05-2020 12:49 AM
- Got Karma for Re: How to get average of all the summed values?. 06-05-2020 12:49 AM
- Got Karma for Re: How to get average of all the summed values?. 06-05-2020 12:49 AM
Topics I've Started
No posts to display.
03-15-2019
10:45 AM
You can barely run a single instance on 4 cores reliably. Definitely not two. At 10GB/day, unless you need HA, you really shouldn't need more than one instance/server but you absolutely must get more cores.
If cost is a concern, see about reducing some of that memory usage. No way you need 200GB for this small of a deployment and RAM is expensive.
... View more
03-15-2019
10:41 AM
Quick and dirty example of the average of both over time.
sourcetype=Perfmon* (object="Memory" counter="Committed Bytes") OR (object="LogicalDisk" counter="% Free Space")
| timechart avg(Value) as Value by counter
... View more
01-25-2019
07:37 PM
You can try using sendCookedData=false as in https://docs.splunk.com/Documentation/Splunk/7.2.3/Forwarding/Forwarddatatothird-partysystemsd#Forward_a_subset_of_data
... View more
01-25-2019
07:19 PM
Download the app yourself and unpack to etc/apps if you have this much permission. Otherwise, it seems you have splunk admin permissions, download locally and upload via manage apps.
... View more
01-25-2019
07:14 PM
You should upgrade. There are known bugs for tailing files in versions this old.
... View more
01-25-2019
07:12 PM
You have a lot of traffic for your deployment. Increase disk space.
... View more
01-25-2019
07:11 PM
The owner of the search needs to have list_storage_passwords capability.
... View more
01-24-2019
11:37 AM
Because there is but only a single capability to grant access to all secrets stored on the system and it traverses system wide. Splunk really needs to work on their permissions structure.
... View more
01-24-2019
11:35 AM
1 Karma
This was fixed in 7.0.8 and recent releases of 7.2. To workaround this in earlier versions, either add the indexes to your search head or go grab an authorize_roles.xml from a 6.x version and deploy it to your SHC manually in etc/apps/search/local/data/ui/manager
https://docs.splunk.com/Documentation/Splunk/7.0.8/ReleaseNotes/Fixedissues#Splunk_Web_and_interface_issues
... View more
11-10-2018
06:19 PM
Why are you using such odd ports? Nuance practices like these will get you in a lot of trouble.
... View more
04-04-2018
05:27 PM
TIME_PREFIX = timestamp:\s+
TIME_FORMAT = %s
in props.conf
... View more
04-04-2018
05:26 PM
Try running these again with a set time window instead of a real-time search and compare again.
... View more
04-04-2018
05:24 PM
Some inputs can return the shortname and some return the FQDN. Check to ensure your forwarder's inputs.conf hostname under [default] matches the name in server.conf and that any other inputs do not specify a host explicitly.
... View more
04-04-2018
05:21 PM
1 Karma
Try something like
index=wineventlog EventCode=521 OR EventCode=4617 | timechart span=1h count by host
or
index=wineventlog EventCode=521 OR EventCode=4617 | timechart span=1h sum(eval(EventCode=521)) as 521 sum(eval(EventCode=4617)) as 4617 by host
... View more
04-04-2018
05:18 PM
Does something like this help?
index=blah sourcetype=sourcetypeA OR sourcetype=sourcetypeB | stats count(my_field) as count by sourcetype
... View more
04-04-2018
05:15 PM
Yes, check this out. https://answers.splunk.com/answers/188709/how-to-display-dashboard-panels-dynamically.html
... View more
03-09-2018
02:04 PM
1 Karma
I downvoted this post because refusing to accept a correct answer leaves unanswered spam on the board.
... View more
03-09-2018
01:57 PM
Right and _time is actually in epoch format under the covers but it sounds like you got it resolved.
... View more
03-09-2018
01:22 PM
Your target server is missing from your command or have you redacted it?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
Karma given to
