cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
jradkowskiAAMC
Explorer
Member since: ‎04-20-2010
‎10-05-2024
Community Statistics
Posts 9
Solutions 0
Karma Given 13
Karma Received 18
Member Since ‎04-20-2010
Activity Feed
View All

Re: SplunkWeb fails to start - timeout when bindin...

by in Security
‎10-15-2010 04:44 AM
‎10-15-2010 04:44 AM
Are you running the 32bit version of Splunk? 64bit? What about other network interfaces? What is your /sbin/ifconfig output? Is this a VM or physical hardware? Lastly, are you able to install and run say Apache without issue? I ask because I've tried this several times locally and I can't replicate it... and I like a good problem so you have my attention 🙂 ... View more

Re: Application scripts not executable when deploy...

by in All Apps and Add-ons
‎07-08-2010 03:37 PM
‎07-08-2010 03:37 PM
Are you having issues with scripts not being runnable after deployed by the Deployment Server? Or are you having issues with the Deploy Server not updating the apps on the client properly? ... View more

Re: How can I re-index all the data in my environm...

by in Getting Data In
‎05-25-2010 08:47 PM
6 Karma
‎05-25-2010 08:47 PM
6 Karma
Do the following steps: 1) Disable the applications on the servers with Forwarders using the Deployment manager (or manually do so using the GUI) 2) On the Index server, stop Splunk and clean all event data for a given index: /opt/splunk/bin/splunk stop /opt/splunk/bin/splunk clean eventdata dev_tools 3) On the servers with Splunk Forwarders, stop and clean all: /opt/splunk/bin/splunk stop /opt/splunk/bin/splunk clean all 4) Start the Splunk Indexer /opt/splunk/bin/splunk start 5) Verify the index you just cleared is empty and is staying empty before proceeding. If it isn't staying empty ensure you've disabled the applications on the servers with Splunk Forwarders and make sure you didn't overlook any servers. 6) Start the Splunk forwarder servers: /opt/splunk/bin/splunk start 6) Re-enable the applications via the Deployment Manager or manually using the Agents GUI. Note: Be aware, if you "clean all" on the forwarders you will also clear out the pointers for all indexes and applications so this process is only good to completely re-index an environment environment or set of indexes a set of servers and indexer may contain. Note 2: Don't do this unless your license (and hardware) can handle the spike as you will most certainly index a lot of legacy data if your inputs are setup with wildcard inputs. ... View more

How can I re-index all the data in my environment?

by in Getting Data In
‎05-25-2010 08:44 PM
5 Karma
‎05-25-2010 08:44 PM
5 Karma
I have a datacenter with a single Splunk server indexing data from all the local servers. I just updated all the sourcetypes for the data and would like to reindex the data so the sourcetypes are properly set this time. How can I accomplish this? ... View more

Use the Deployment Manager to change Splunk Forwar...

by in Getting Data In
‎04-26-2010 06:52 PM
‎04-26-2010 06:52 PM
Currently, all agents installed on hosts default to 'changeme' and this credential is still used when the forwarder is in Lightweight mode. I am looking for a way to automate the update of this password using the Deployment Manager for Linux, Solaris and Windows agents. ... View more

Re: How do I delete all references of a host so it...

by in Getting Data In
‎04-21-2010 03:54 PM
‎04-21-2010 03:54 PM
Looks as if I asked too soon! I still had an input active on another host that was forcing itself to report as the host I wanted removed. Once I resolved that issue (issued an update via the Deployment Manager) and then did a clean on eventdata + globaldata I was able to start over again with the host missing. I am still open to ideas on how to remove a host completely from Splunk for future use as I'm sure it will happen ... View more

How do I delete all references of a host so it sto...

by in Getting Data In
‎04-21-2010 03:35 PM
4 Karma
‎04-21-2010 03:35 PM
4 Karma
I've already deleted all references to the host in question in the internal indexes using the "| delete" search command. Additionally, I tried running the "clean" CLI command for both eventdata and globaldata and the host in question is still showing up! I've confirmed the host is not sending any additional data to Splunk and would like to remove it completely. Is this possible without doing a "clean all" ? ... View more

Re: Can I run SplunkWeb on port 80 on Linux withou...

by in Security
‎04-20-2010 05:48 PM
‎04-20-2010 05:48 PM
Yeah I've already implemented a proxy in the past so I'm well aware that it's a viable solution but I am trying to minimize dependencies for Splunkweb being accessible. I definitely need to check into setcap as that is new to me and from that thread it appears that's the solution I am looking for. ... View more

Can I run SplunkWeb on port 80 on Linux without ru...

by in Security
‎04-20-2010 04:16 PM
3 Karma
‎04-20-2010 04:16 PM
3 Karma
I've seen the other questions regarding this topic and only the Solaris question & answer get close. I am looking to change the default port Splunkweb runs on from 8000 to 80 for obvious usability reasons. I start Splunk as user "splunk" so naturally the user can't start processes on port 80. Is there a work around for this outside of using a server/device to translate 8000 to 80 (ie> Apache)? Note: Having the server start up as root is out of the question due to security concerns. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎10-05-2024 12:19 PM
Karma from
Karma given to