Activity Feed
- Got Karma for Bucket replication queue full causing random indexer slowdown.. 08-14-2020 06:30 AM
- Got Karma for Re: Bucket replication queue full causing random indexer slowdown.. 08-13-2020 03:37 PM
- Got Karma for Link srtemp to dashboard or search. 06-05-2020 12:49 AM
- Got Karma for Link srtemp to dashboard or search. 06-05-2020 12:49 AM
- Got Karma for Re: Checking if the _meta data is actually indexed and used during searches. 06-05-2020 12:46 AM
- Posted Re: Bucket replication queue full causing random indexer slowdown. on Getting Data In. 02-04-2019 12:17 PM
- Posted Bucket replication queue full causing random indexer slowdown. on Getting Data In. 02-04-2019 12:16 PM
- Tagged Bucket replication queue full causing random indexer slowdown. on Getting Data In. 02-04-2019 12:16 PM
- Posted Re: What is scheduler log event status=Continued ? on Splunk Search. 01-18-2019 10:00 AM
- Posted Storage calculations for clustered indexers on All Apps and Add-ons. 05-14-2018 05:56 PM
- Tagged Storage calculations for clustered indexers on All Apps and Add-ons. 05-14-2018 05:56 PM
- Tagged Storage calculations for clustered indexers on All Apps and Add-ons. 05-14-2018 05:56 PM
- Posted Link srtemp to dashboard or search on Splunk Search. 05-04-2018 03:21 PM
- Tagged Link srtemp to dashboard or search on Splunk Search. 05-04-2018 03:21 PM
- Tagged Link srtemp to dashboard or search on Splunk Search. 05-04-2018 03:21 PM
- Tagged Link srtemp to dashboard or search on Splunk Search. 05-04-2018 03:21 PM
- Posted Does the Tesla Vehicle Modular Input query Tesla API in a way they won't think is excessive and block access? on All Apps and Add-ons. 11-11-2015 09:53 AM
- Tagged Does the Tesla Vehicle Modular Input query Tesla API in a way they won't think is excessive and block access? on All Apps and Add-ons. 11-11-2015 09:53 AM
- Posted Re: Checking if the _meta data is actually indexed and used during searches on Splunk Search. 07-23-2015 10:01 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 0 | |||
| 2 | |||
| 0 |
02-04-2019
12:17 PM
1 Karma
Answering my own question so others will find it useful.
The presense of the above messages with the same peer guid was ruled to be the problem.
One of our peer nodes was acting up and slowing down any nodes replicating to it just a little bit but enough that it was a propagating and causing queues to get backed up.
The solution was putting the node in manual detention to be either re-built or retired.
... View more
02-04-2019
12:16 PM
1 Karma
Had a weird issue where my queues would fill up on random nodes and rove around within the cluster.
Had a case opened with support and Was working through and making all sorts of adjustments and ruling out all sorts of issues to no vail.
Finally had a breakthrough when I noticed that we were seeing
INFO BucketReplicator - replication queue for peer=<guid> bid=<bid> is full .
Followed almost immediately by
INFO BucketReplicator - replication queue for peer=<guid> bid=<bid> has room now.
over and over again. The gap between those two messages was only a few milliseconds.
No other obvious ERROR pointing to the cause.
... View more
- Tags:
- splunk-enterprise
01-18-2019
10:00 AM
status=Continued means that splunk was unable to run your search as scheduled, But it will catch up and run it for the time period it was supposed to run.
For example your search looking at data from 00:15 - 00:30 was supposed to run at 00:30. But it got the above status.
What splunk will do is run the search for the timeframe 00:15-00:30 at say 00:40. So the results will(mostly) be the same. I say mostly because you can have data show up later and the results may differ because of that.
Splunk will choose to continue searches that are meant to fill summary data etc which can be more flexible than say alerts.
... View more
05-14-2018
05:56 PM
When I installed this app in a clustered environment. The numbers for storage used do not match that shown by DMC(monitoring console).
This app only seems to be showing disk usage numbers from a single indexer. So storage cost is way off.
Or am i missing something?
... View more
05-04-2018
03:21 PM
2 Karma
I get some occurrences of directories in srtemp which are a few hundred gigs in size. Is there a way to link those directories to their source? As in which dashboard is resulting in those.
I want to see which dashboards are doing this and maybe find a way to make them more efficient.
Those directories are transient but cause people to see "not enough free space in dispatch" errors.
... View more
11-11-2015
09:53 AM
Does this Tesla Vehicle Modular Input query Tesla API in a way that they won't think is excessive and get your access blocked?
I asked the same question before and it was deleted.
What gives?
... View more
07-23-2015
10:01 AM
1 Karma
I don't know if anyone still cares as this question was posted long ago but here is the answer:
If you want to use the meta fields in search you have to make them indexed fields.
To do this you need to make a change on the indexer.
In fields.conf add the following:
[environment]
indexed=true
[site]
indexed=true
After that you should be able to use 'environmnt=' in your search. And you should also see those two fields show up in the fields list.
... View more
