If I have thousands of unix hosts, will I run into a problem with the Unix app working correctly? Is there some kind of limit of number of hosts for this app to work successfully? ... View more

I'm going through the process of setting up the Splunk Add-on for Microsoft Cloud Services and when I get to the certificate piece, I constantly get the "Auto-generated but invalid" message. I've tried both custom and auto generated and it's always this error. What can I do to fix this? ... View more

If I run: | inputlookup identities.csv xxxx results That shows a different count in the results than | datamodel("Identity_Management", "All_Identities") yyyy results What is going on? I thought I built my indentities.csv correctly. ... View more

If I click through the Data Summary box and select sourcetype = cloudwatch, I receive the following error message from my indexers: Failed to find a valid configuration for multikv stanza = 'tsv_cloudwatch' ... View more

Trying to start Splunk but getting an "execve: Permission denied " error This is Splunk 6.1.x and my OS is AIX. bin/splunk start --accept-license Checking prerequisites... WARNING: File size limit (ulimit -f) is set low (1073741312 bytes) Splunk may not work. You may want to run "ulimit -f unlimited" before starting splunk. Checking mgmt port [8089]: open Creating: /opt/splunkforwarder/var/lib/splunk Creating: /opt/splunkforwarder/var/run/splunk Creating: /opt/splunkforwarder/var/run/splunk/appserver/i18n Creating: /opt/splunkforwarder/var/run/splunk/appserver/modules/static/css Creating: /opt/splunkforwarder/var/run/splunk/upload Creating: /opt/splunkforwarder/var/spool/splunk Creating: /opt/splunkforwarder/var/spool/dirmoncache Creating: /opt/splunkforwarder/var/lib/splunk/authDb Creating: /opt/splunkforwarder/var/lib/splunk/hashDb New certs have been generated in '/opt/splunkforwarder/etc/auth'. Checking conf files for problems... Done All preliminary checks passed. Starting splunk server daemon (splunkd)... execve: Permission denied ... View more

I don't like the default hostname that shows up in Splunk. I would like to change it to the FQDN. How can I do this quickly after my first install of Splunk? ... View more

I want to know what version of python my Splunk instance is running. How can I tell? ... View more

It's crashing on the maintailingthread while reading the disk_objects.log. This is on Windows and the crash looks like this: Crashing thread: MainTailingThread for WatchedTailFile-WatchedFileState: path="C:\Program Files\Splunk\var\log\introspection\disk_objects.log [build 206881] 2014-05-09 04:01:09 Access violation, cannot read at address [0x000079646F626F00] Exception address: [0x0000000140614B21] Crashing thread: MainTailingThread MxCsr: [0x0000000000001FA0] SegDs: [0x000000000000002B] SegEs: [0x000000000000002B] SegFs: [0x0000000000000053] SegGs: [0x000000000000002B] SegSs: [0x000000000000002B] SegCs: [0x0000000000000033] EFlags: [0x0000000000010206] Rsp: [0x000000001192D1D0] Rip: [0x0000000140614B21] ? Dr0: [0x0000000000000000] Dr1: [0x0000000000000000] Dr2: [0x0000000000000000] Dr3: [0x0000000000000000] Dr6: [0x0000000000000000] Dr7: [0x0000000000000000] Rax: [0x000079646F626F00] Rcx: [0x0000000022C11268] Rdx: [0x000000001192E368] Rbx: [0x000000001192E2C0] Rbp: [0x0000000000000000] Rsi: [0x000000001192E368] Rdi: [0x0000000000000000] R8: [0x000000001192E2C0] R9: [0x0000000000000000] R10: [0x000000004E584490] R11: [0x000000004E584990] R12: [0x000000001192E420] R13: [0x0000000000000500] R14: [0x0000000022C11268] R15: [0x0000000000000000] DebugControl: [0x0000000000000000] LastBranchToRip: [0x0000000000000000] LastBranchFromRip: [0x0000000000000000] LastExceptionToRip: [0x0000000000000000] LastExceptionFromRip: [0x0000000000000000] OS: Windows Arch: x86-64 ... View more