×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
milad001mehdi
New Member
Member since: ‎09-11-2019
‎10-14-2024
Community Statistics
Posts 5
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎09-11-2019
Activity Feed
View All

Re: streamfwd app error in /var/log/splunk/streamf...

by in Deployment Architecture
‎10-14-2024 08:32 AM
‎10-14-2024 08:32 AM
Can you explain more?  Which file should be edit? Send path and file name  ... View more

Re: streamfwd app error in /var/log/splunk/streamf...

by in Deployment Architecture
‎09-27-2023 02:12 AM
‎09-27-2023 02:12 AM
hello I have this problem last week and this error occur i searched in any communities but i didn't find any solution i'm using ubuntu 64 bit i checked both interface that connect to my forwarder. both of them had this problem and error please help us if every one have solution ... View more

Re: How to speed up my search?

by in Splunk Search
‎09-23-2019 02:31 AM
‎09-23-2019 02:31 AM
I have this problem too. In all of searches that i did, rate is too slow and i can't see a complete result. for example i search this query: "index="fw251_1" | selfjoin session_id | eval dest = if(direction="inbound",src_ip,dest_ip) | stats count as "Connection Allowed" by dest | sort -"Connection Allowed" | rename dest as "Destination IP Address" | head 10" during "last 60 mins" it took about 8 hours to complete and i saw 60 millions logs. If i want to see results for above search during one day, i will wait for 1 week!!!! Why should i do for this problem? My resources like Cpu, Ram, ... are enough in my splunk server. ... View more

"Search auto-canceled" error during search query ,...

by in Security
‎09-21-2019 03:59 AM
‎09-21-2019 03:59 AM
Good day I configured Splunk to receive Cisco ASA firewall log on udp 5141 port and installed ASA add-on for parsing logs with "Cisco.ASA" source type. It's necessary to say you, i received about1000000 logs per minutes. I have problem with searching query in Splunk. when i search a simple query like: "index=fw_251" (the name of asa index that receive logs is fw_251) during 1h, Splunk can't send me all of logs and show this error: "Search auto-canceled" after several minutes. (just show me last 4 minutes of 60 minutes) and paused. Why this error occur? I monitored all of resources like ram,cpu, ... . every things is okey. Do have any suggestion for me? Thank you ... View more

Re: How do I parse CISCO ASA 5510 firewall log in ...

by in All Apps and Add-ons
‎09-11-2019 12:48 AM
‎09-11-2019 12:48 AM
Good day For this problem that Splunk couldn't parse cisco syslog, i have to install add-on on splunk server and change source type? is it the last solution? Thank you ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎10-14-2024 11:53 AM