Hi, How can I set an alert with firing setted to send an email to me. But when It fires on the mail it has to show me a dashboard previous created is it possible? otherwise in the mail alert has to show me the result of it. In this case how the searching needs to be setted? ... View more

Hi, Searching: When a host reaches 1gb memory consumed per day fire an alert? This will has to be real-time.   ... View more

Hi questions: 1) Splunk enterprise security already has some rules from default inside? When you buy it I mean 2) where can I create rules in it? do they have to be created from splunk enterprise and exported into there or Can I create them inside that (Where) 3) do you know any free course about it to advice? 4) Risk analysis panel in it is used more for? 5) Splunk enterprise security needs one license apart other than that splunk enterprise? 6) How much does a license of that cost? 7) where can be created alarms in it?  ... View more

Hi, I have 2 sources log so much like 2 gb per day just them. What could I do to limit it? Is possible to set some filters somewhere (where?) Either is there another way to permit to send less logs from them? ... View more

Questions: 1) How much does a license from 5gb per day cost?  2) Where could that be bought? 2) When license overcomes limit of 5gb per day what does Splunk happen? It stucks logging? It permits logging the same but reduced for certain days? Nothing, logging arrives also to 10gb? ... View more

Hi, After setted a source by inputs.conf where inside is specified a sourcetype="something" and index="something". Sources come from by UFs. So the question: is insert sourcetype into that file inputs.conf enough or do I also have to create sourcetype in the GUI so I mean into settings > sourcetype. ... View more

I got to integrate an Oracle database and a SQL server 2008 to my Splunk environment as a forwarder. How can I enable audit logs in these databases and then send logs to Splunk? How do they have to be configured Splunk side and database side? ... View more

ERROR LMTracker - failed to send rows, reason='Unable to connect to license masterError connecting: Connection refused' any solution to this? ... View more

The value of env var SPLUNK_OS_USER, "splunk", does not match any user on this system; Error: Success This command can only be run by bootstart user. WHAT I NEED TO RESOLVE IT? ... View more

Where must the data retention be settled in indexer or in my case distributed environment in search head? Then seen that it must be setted in file indexes.conf but it S present just in etc/system/default but we know we don't have to edit files in default folder how can I do that? Do I create a file in local and after splunk will think to update the default folder? ... View more

What is the DMC on splunk? Why should I have need to install it? How should be installed, It is an app? The monitoring console is not the same thing as that? I'm configuring and distributed environment so in general setting should I configure it as distributed than standalone? Because if I set it to it it gives me like an error not to configure DMC in search head production ... View more

Where and how can I set the data retention on Splunk? Because I have seen there are many bow to set it like telemetry, main etc.. So it's really not clear... ... View more

I got to manage some indexers, I seek this can be done by master class server. How do i configure it? ... View more

A way to implement centralized management from web-GUI on SH of main configuration like forwarder, data retention, etc ? ... View more

why should i install the add-ons in splunk? collecting data would work the same without it? Compared to qradar SIEM they are like dsm? ... View more

collecting data works the same without kvstore installed? what is the advantage to install it in an environment splunk? what it does? ... View more

3 questions: Can I use directly syslog for everything enabling it to each machine, without getting use of universal forwarder or heavy? What is the advantage to use directly it rather than install UF for instance? What is the difference between the heavy forwarder and an indexer for example? Then must I use the add-on with a universal forwarder or I can install it without to use it? Would everything work the same? what do they used for is it like a dsm? ... View more