Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About cmeo-bcit
cmeo-bcit
Explorer
Member since:
08-30-2022
11-18-2025
Community Statistics
| Posts | 6 |
| Solutions | 1 |
| Karma Given | 2 |
| Karma Received | 0 |
| Member Since | 08-30-2022 |
Activity Feed
- Karma Re: Intermediate forwarder auditing for gcusello. 11-18-2025 02:07 AM
- Posted Re: Intermediate forwarder auditing on Deployment Architecture. 11-16-2025 01:23 PM
- Posted Intermediate forwarder auditing on Deployment Architecture. 11-11-2025 07:56 PM
- Posted Add on for IIS: sourcetypes on Getting Data In. 08-14-2025 06:43 PM
- Posted Glass table editor: Cannot set coloring at all on Splunk ITSI. 11-28-2024 02:55 PM
- Posted Monitoring Splunk Cluster with ITSI on Monitoring Splunk. 11-24-2024 05:37 PM
- Posted Shut down a splunk cluster completely for planned outage on Splunk Enterprise. 04-23-2024 06:22 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
11-16-2025
01:23 PM
I've upvoted Giuseppe's Idea EID-I-1731 for this issue. In the meantime, the workarounds suggested will work for an HF only, which doesn't help if your intermediate forwarders are UF. Accepted the answer anyway because this is as good as it gets for now.
... View more
11-11-2025
07:56 PM
Consider email headers which show all the steps involved in getting the email item from where it was sent to where it is going, give or take spoofing and other whimsy. Is there a search in Splunk to display all the systems which have handled a particular event, from the original forwarder (easy), via any and all intermediate forwarders (less so...). The value of this would be to identify a possibly misconfigured system somewhere in what could be a complex chain, or where you have different intermediate forwarders depending on where you are in the network. My feeling is that this is not logged, but I could be wrong, and even so, there may be a way to assemble the path an event has taken somehow. Thanks!
... View more
Labels
08-14-2025
06:43 PM
I am wondering why the search-time configurations for this app have been deprecated. You can't do additional parsing steps if needed once you use INDEXED_EXTRACTIONS, and also you will consume a lot of extra storage for many fields that simply do not need to be indexed. I would have thought that search-time extraction would be preferable. At the very least it should continue to be available, depending on the use case. Can anyone explain the reasoning behind this decision?
... View more
Labels
11-28-2024
02:55 PM
Good morning, I am having consistent trouble with UI in the editor in both firefox and chrome in that I cannot get the Dynamic Element selector to do anything. It displays the available options but I cannot select any of them. When I click on one, e.g. Background, nothing happens and it still says Select. Has anyone seen the before and have a workaround, or know what's causing it and how to fix it? Thank you, Charles
... View more
Labels
- Labels:
-
configuration
-
troubleshooting
-
using ITSI
11-24-2024
05:37 PM
Just curious to find out if anyone has ever integrated Splunk Cluster with ITSI. Seems to me that SC certainly qualifies as a service with many dependencies, quite a few of which are not covered by the monitoring console. While comprehensive, it doesn't include many things which SC just assumes are working correctly, primary among these the networks on which everything relies. For instance, if you have flapping port on switch or a configuration problem with a switch or router, this could potentially cause many interesting issues with SC about which MC would have no clue. Anyone ever made any moves along these lines? Charles
... View more
Labels
04-23-2024
06:22 PM
Good morning, I am currently instructing the Cluster Admin course, and a student has asked a question which to my great surprise doesn't seem to covered anywhere. They have an indexer cluster and SHC on a single site, and they want to shut down everything for a planned power outage in their data centre. What is the correct sequence and commands for doing this? My own guesses are: Shut down everything that is sending data to splunk first. Place the index cluster in maintenance mode Shut down the deployment server if in use. Shutdown the SHC deployer (splunk stop) Shut down the SHC members (splunk stop?) Shut down the indexer members (? not sure which variant of the commands to use here) Shut down the cluster master last. Restart is the reverse order. Correct or not? Thank you, Charles
... View more
Labels
- Labels:
-
administration
