×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
eugenekogan
Explorer
Member since: ‎10-20-2011
‎06-05-2020
Community Statistics
Posts 9
Solutions 0
Karma Given 6
Karma Received 7
Member Since ‎10-20-2011
Activity Feed
View All

Re: Does maxVolumeDataSizeMB in indexes.conf do an...

by Splunk Employee in Getting Data In
‎04-12-2012 10:30 AM
‎04-12-2012 10:30 AM
Yes. Another way to put it is that "volume" does not refer to your OS disk volumes. Rather it refers to the "volumes" as defined within indexes.conf, and things only are considered to live on a "volume" if defined as such in indexes.conf. That's probably what's misleading. ... View more

Re: Failed to resurrect x byte message!

by in Getting Data In
‎05-14-2012 12:25 PM
‎05-14-2012 12:25 PM
Forwarder is sending compressed data and the indexer is expecting uncompressed? or vice-versa? make sure outputs.conf on the forwarder and inputs.conf on the indexer are configured properly. ... View more

Re: How does the deployment server detect app chan...

by in Deployment Architecture
‎03-01-2012 02:18 PM
5 Karma
‎03-01-2012 02:18 PM
5 Karma
It basically does fschange:// on the directory containing deployment server files. You can see results of this in the _audit index, look for any actions with the /deployment-server/ in path, i.e.: index=_audit path="*deployment-apps*" You will see all file modifications that Splunk detected. Once a file in an app has been modified, Splunk calculates checksum of the whole directory. This checksum is given to agents when they download the app initially. Upon checking if something changed, the agents compare the current checksum they have with the one supplied by the server, if it doesn't match the application is downloaded and installed. ... View more

Re: Input source path case sensitive?

by in Getting Data In
‎07-03-2019 12:58 PM
‎07-03-2019 12:58 PM
While I haven't been able to find anything in the documentation, in my experience, yes, Windows paths are case-sensitive. ... View more

Re: max_content_length error

by Splunk Employee in Getting Data In
‎12-27-2013 12:33 PM
‎12-27-2013 12:33 PM
Replication occurs from the Search Head to Peer. So the replicationWhitelist or replicationBlackList are defined on the Search Head and its distsearch.conf. Do refer to the suggested Splunk documentation. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma from
Karma given to