cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
EatMoreChicken
Explorer
Member since: ‎02-03-2021
‎04-11-2022
Community Statistics
Posts 8
Solutions 0
Karma Given 7
Karma Received 2
Member Since ‎02-03-2021
Activity Feed
View All

Re: Is there a way to test index-time operations w...

by in Getting Data In
‎04-07-2022 05:14 AM
‎04-07-2022 05:14 AM
Yep, the Dev license is what I use at the moment in a dev environment. I appreciate the input, it looks like the long way is the only way at the moment sadly. 😢 ... View more

Re: Testing index-time operations without indexing...

by in Getting Data In
‎04-06-2022 10:21 AM
‎04-06-2022 10:21 AM
Whoops, meant to say "Add Data" in my original post. But yes, this is also the process I use at the moment. The only issue with this method is that I'm not able to see how the host, source, and null-queuing is affected without actually indexing the data. ... View more

Is there a way to test index-time operations witho...

by in Getting Data In
‎04-06-2022 06:46 AM
‎04-06-2022 06:46 AM
Is there a way to test index-time operations without indexing logs? For example, is there a way I can provide a sample log file and see what the timestamp, host, sourcetype, source, and output after other operations like null-queuing would be? For example, I currently use the "Add Data" section to test timestamping and line-breaking, but this doesn't show other metadata or what will be ingested after null-queuing. I also setup a quick bash command to make copies of the base log samples and have inputs continuously monitor the new files as I'm testing new sourcetypes. I feel like this is a bit inefficient. Thanks in advance for any input! ... View more

Re: Does Splunk have a precedence for what logs to...

by in Getting Data In
‎02-18-2022 06:00 AM
‎02-18-2022 06:00 AM
Just wanted to have some concrete documentation around it in the event someone else asks me. ... View more

Re: Where should I place temp files generated by m...

by in Getting Data In
‎02-11-2022 12:00 PM
1 Karma
‎02-11-2022 12:00 PM
1 Karma
Perfect, this is exactly what I was looking for! ... View more

Re: Does Splunk have a precedence for what logs to...

by in Getting Data In
‎02-11-2022 11:54 AM
‎02-11-2022 11:54 AM
Gotcha, that's exactly what I was seeing. `_internal` logs were consistently coming in after other logs, so just wanted to make sure. Would you happen to know of any Splunk docs documenting this? Just wondering. ... View more

Does Splunk have a precedence for what logs to for...

by in Getting Data In
‎02-11-2022 08:27 AM
‎02-11-2022 08:27 AM
If I had logs for the `_internal` index and logs for a `linux_os` index on a Heavy Forwarder, does the HF prioritize the `linux_os` index data prior to the `_internal` data on the host? Is there any precedence for data Splunk is monitoring?  Does Indexers have a precedence for what kind of data to index first? ... View more
Labels

Where should I place temp files generated by my sc...

by in Getting Data In
‎01-31-2022 11:50 AM
1 Karma
‎01-31-2022 11:50 AM
1 Karma
I made a custom TA in "/opt/splunk/etc/apps/myTA/". I created a script called "myTA/bin/scripts/pulldata.sh". My script makes temp files and it attempts to save in "myTA/bin/scripts/", but it has errors writing to that path. I can run the script in CLI using "./pulldata.sh" as the splunk user and it is fine to write the temp files to the "scripts" directory. I tried to use "/opt/splunk/bin/splunk cmd /opt/splunk/etc/apps/myTA/scripts/pulldata.sh", but that also has issues writing the temp files. I'm assuming that Splunk only lets the scripts write files in specific directories. Is there a specific/correct location that I should be placing these temp files? I'm thinking I can write to "/opt/splunk/var/log/splunk", but I want to see what the Splunk recommended path if for this kind of stuff . I remember seeing information about this at some point on dev.splunk.com, but can't seem to find it anymore. This is what I have been looking at: https://dev.splunk.com/enterprise/docs/developapps/createapps/appanatomy/ Thanks in advance! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎04-11-2022 10:04 AM
Karma from
View All
Karma given to