cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
FlorianScho
Explorer
Member since: ‎08-30-2021
‎01-17-2023
Community Statistics
Posts 7
Solutions 1
Karma Given 1
Karma Received 0
Member Since ‎08-30-2021
Activity Feed
View All

Re: SSL error with tcp-ssl input

by in Getting Data In
‎01-11-2023 12:31 AM
‎01-11-2023 12:31 AM
Hi,  having the exact same issue. Were you able to fix it? ... View more

Re: Reduce license usage for performance data from...

by in Getting Data In
‎11-15-2022 11:29 PM
‎11-15-2022 11:29 PM
A transforms INGEST_EVAL did the magic. INGEST_EVAL = queue=if(match(_raw, "vm-") AND (random()%100)!=0, "nullQueue", "indexQueue") ... View more

Re: How to ignore and stop indexing of timestamps ...

by in Getting Data In
‎07-12-2022 05:59 AM
‎07-12-2022 05:59 AM
Hi @krish3 , This i a very old post but maybe worth a try - did you fix the csv input? Im currently facing the same to force the timestamp of the current time and not using the timestamp written into the csv...  Regards ... View more

Re: Force splunk to get timestamp of file created

by in Getting Data In
‎07-12-2022 04:40 AM
‎07-12-2022 04:40 AM
Hi @kannu, did this fix your problem? Currently im facing the same, set DATETIME_CONFIG = Current - this inserts the file now in my configured schedule but only the headers of the CSV file..  Any suggestions? ... View more

Re: Why my csv file indexed only the header ?

by in Getting Data In
‎07-12-2022 04:36 AM
‎07-12-2022 04:36 AM
Hi @mah, did you fixed the problem? Im currently facing the same. ... View more

Reduce license usage for performance data from Add...

by in Getting Data In
‎02-01-2022 05:12 AM
‎02-01-2022 05:12 AM
Hi,  i already did some research but seems our case is a bit special: We colllect inventory and performance data from our vCenters with the Add-On for VMware (Splunk_TA_vmware) in version 4.0.2. The heavy forwarder running this TA is also the DCN.  I am not able to restrict data collection of performance data with the given options.  The interval can be set to higher or lower value but the data gathered from the worker is still the same. It collects all since the last input.  Due to the fact, that we dont need performance data every 20 seconds - i would prefer an 1 hour average event . Or if not possible 1 Events per 30 minutes with the latest values.  Is there a way to achieve this? Doesn't matter if it is by design or splunk workaround.  Example raw data: vm-44 500c714d-861b-2f53-1f7f-16d8e72c4e28 aggregated 20 0.04 0.04 2.79 2.73 389 410  ... View more

Re: Status code=responder, SSO disabled

by in Security
‎08-30-2021 04:16 AM
‎08-30-2021 04:16 AM
Hi, we also get this error in a new instance. Old configurations on other systems are working fine and ADFS seems to be configured correctly (like the working one).  EDIT: pl2345 answer resolved it! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎01-17-2023 10:30 AM
Karma given to
View All