×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
ursfischer
Engager
Member since: ‎10-17-2019
‎02-13-2026
Community Statistics
Posts 7
Solutions 0
Karma Given 1
Karma Received 1
Member Since ‎10-17-2019
View All

Re: Is it possible to have multiple hosts for one ...

by in Getting Data In
‎09-05-2023 12:19 AM
‎09-05-2023 12:19 AM
Hello there, Is there a solution for this question. We too (like many others i guess) have domains with multiple LDAP servers behind. Either we register per domain several strategies what gives us in the end about 15 strategies an more or we can solve with the DNS record for the Domain (example demo.domain.local). In my opinion Splunk will then connect to one of the multiple Servers behind this DNS record with Round Robin. What are the possibilities and how did you solve this? With so many strategies we have the problem that with an adjustment to roles with subsequent reload the whole thing with a search head cluster at the end goes very long. Clearly, the strategies here are only one part of many in a reload, and yet this would help us. ... View more

Re: Undocumented error message in _internal

by in Monitoring Splunk
‎03-31-2023 05:36 AM
‎03-31-2023 05:36 AM
Hi there, we have almost the same here in our Platform: "ERROR ILightWeightSearchStringParser [18851 TcpChannelThread] - still in inQueto=true". Any Ideas what this can be? ... View more

Re: Query for delay of data in Splunk

by in Splunk Search
‎02-10-2023 06:40 AM
‎02-10-2023 06:40 AM
well, we do have a lot of data (currently approx 10 billion events per day and more, increasing). tstats is probably not the best idea to use here, but faster than just a normal search. I will try with sampling and have a look how i can use this. An other idea is to do some saved searches for each index, store the results (_time, _indextime, index) into a summary index and then use this make some statistics. but with more than 100 indexes it will take some time, effort and Splunk resources. also i am not shure if this will make things easyier for me. ... View more

How to create a search for delay of data in Splunk...

by in Splunk Search
‎02-09-2023 05:04 AM
‎02-09-2023 05:04 AM
Hello all As a splunk in an early station 😀 I currently have the following challenge: We have many indexes and we want to do an analysis over all indexes how fast the log data is available in Splunk. As distance should be measured from writing the log (_time) to indexing time (_indextime). Also we want to exclude scatter (e.g. we currently have hosts with wrong time configuration, i.e. something like a Gaussian normal distribution). Here is an example query, which is probably wrong or could be done much better by you: | tstats latest(_time) AS logTime latest(_indextime) AS IndexTime WHERE index=bv* BY _time span=1h | eval delta=IndexTime - logTime | search (delta<1800 AND delta>0) | table _time delta Is the query approx correct so that we can answer the question what kind of deley we have over all? How could one use a Gaussian normal distribution instead of restricting the search manually? ... View more
Labels

Re: How to update KV store lookup periodically ,I...

by in Splunk Dev
‎02-02-2022 07:45 AM
‎02-02-2022 07:45 AM
hi, Did you find a solution? We also update some lookup files periodically almost the same way and the file itself  (/appl/splunk/etc/apps/APPNAME/lookups) will not update. The KV store is up to date, but the file not...  If i delete the file in the APP before the update, then the file is new created. Did you insert in your script that you delete the file in the folder bevor update or is there an other solution? Greetings,     ... View more

Re: Get Dynatrace managed data into Splunk through...

by in All Apps and Add-ons
‎10-17-2019 02:12 AM
‎10-17-2019 02:12 AM
Hi, do you already have a solution for this problem ? We have the same issue here with Dynatrace Managed and Splunk enterprise. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎02-13-2026 01:27 AM
Karma given to
View All