Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About fernanlee
fernanlee
Path Finder
Member since:
11-08-2019
06-05-2020
Community Statistics
| Posts | 12 |
| Solutions | 1 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 11-08-2019 |
Activity Feed
- Posted Re: How to thaw multiple DB within the Frozen bucket? on Deployment Architecture. 11-11-2019 03:29 PM
- Posted Re: Minimum requirements for the Splunk Fundamentals 1 course on Training + Certification Discussions. 11-11-2019 03:22 PM
- Posted Re: Application is disabled: Splunk_TA_ontap on All Apps and Add-ons. 11-11-2019 03:16 PM
- Posted Re: I can't find history of completion of Fundamentals 1 & 2 on Training + Certification Discussions. 11-11-2019 03:12 PM
- Posted Re: Frozen Index Management on Getting Data In. 11-11-2019 03:08 PM
- Posted Re: 500 Internal Server Error on Security. 11-08-2019 01:17 PM
- Posted Re: Splunk ES 6.0 failed set up - Postinstall failure on Splunk Enterprise Security. 11-08-2019 01:14 PM
- Posted Re: 500 Internal Server Error on Security. 11-08-2019 11:46 AM
- Posted Re: How to join two fields in a source with one field in another source? on Splunk Search. 11-08-2019 09:41 AM
- Posted Re: 500 Internal Server Error on Security. 11-08-2019 09:07 AM
- Posted Re: How to index .csv files with a custom time format from one of the columns? on Getting Data In. 11-08-2019 09:03 AM
- Posted Re: Splunk ES 6.0 failed set up - Postinstall failure on Splunk Enterprise Security. 11-08-2019 08:56 AM
Topics I've Started
No posts to display.
11-11-2019
03:29 PM
No, because that data was indexed before and you paid for that "index process". Don't worry about that.
... View more
11-11-2019
03:22 PM
Hello roberteves.
I encorage you to use a Centos Linux VM with 2GB ram and 200GB for HDD will be enough.
In the Splunk Fundamentals Course I, you will learn and practice with very basic searches, Don't Worry!
Regards.
... View more
11-11-2019
03:16 PM
Which version of splunk are you using? in the new Splunk Version 8.0, python support for 2.7 has been deprecated.
Check this out: https://docs.splunk.com/Documentation/Splunk/latest/Python3Migration/AboutMigration
... View more
11-11-2019
03:12 PM
Hello,
In the last months the education team make some changes, some of my certifications were lost for a couple of days.
Send a email to Splunk Certification Team , just please elaborate.
Regards.
... View more
11-11-2019
03:08 PM
Yes, of course:
https://docs.splunk.com/Documentation/Splunk/7.3.1/Indexer/Restorearchiveddata#Thaw_a_4.2.2B_archive
... View more
11-08-2019
01:14 PM
Yeah, thats the issue... good luck!
... View more
11-08-2019
11:46 AM
In this kind of errors we must perform a check list to ensure everything was deploy properly.
Your HW is compliant with the minimun and recommended specifications?
Your server and OS is 64bit?
Do you have enough space in your server?
If the HW is not enough you will have a lot of problems.
Please check the following log:
$ cat SPLUNK_HOME/var/log/splunk/health.log
Did you install splunk with a noon root user?
$ ls -la $SPLUNK_HOME
Remember DIAG is your best FRIEND!
Diag provides insight into your instance:
- How is the isntance configured
- What was the condition up the point that diag ran
Gather data based on Splunk components:
- OS setting, internal lgos, configuration files, etc.
- Produces a tar.gz file and diag.log
No customer data is retrieved.
$./splunk diag
-> Check for any errors.
Did you make an Splunk upgrade?
Check the logs to verify if there was a problem during the process:
SPLUNK_HOME/var/log/splunk/migration.log.
= Notable Logs for crashes =
Check if crash*log exists or splunkd_stderr.log
Hope this help!
... View more
11-08-2019
09:41 AM
Probably a sub search will work for you.
source=mytable1
[SEARCH source=mytable2
mycolumn2=myvalue
| FIELDS mycolumn2]
... View more
11-08-2019
09:07 AM
Probably you installed a universal forwarder in the same server.
Could you please run the following command in your CentOS server:
$ ps -A | grep splunk
And show me the output please?
... View more
11-08-2019
09:03 AM
Hi!
Remeber a timestamp need two elements "date" and "time", so the first step is concatenate the LDATE and LTIME columns.
The next step is apply some of the following functions described in the following link:
https://docs.splunk.com/Documentation/Splunk/8.0.0/SearchReference/DateandTimeFunctions
Probably the mask that you are looking for is similar to "%Y%m%d%H%M%S".
... View more
11-08-2019
08:56 AM
Wich versión of Splunk Enterprise are you using for ES deployment?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
