Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About CHAUHAN812
CHAUHAN812
Explorer
Member since:
02-20-2023
09-22-2025
Community Statistics
| Posts | 10 |
| Solutions | 0 |
| Karma Given | 5 |
| Karma Received | 0 |
| Member Since | 02-20-2023 |
Activity Feed
- Posted Re: free AI-based Splunk add-on or tool on All Apps and Add-ons. 09-15-2025 12:36 PM
- Posted free AI-based Splunk add-on or tool on All Apps and Add-ons. 09-15-2025 11:28 AM
- Posted Re: How to Change Splunk frozenTimePeriodInSecs for any of the indexes on Splunk Enterprise. 12-27-2024 07:40 AM
- Karma Re: How to Change Splunk frozenTimePeriodInSecs for any of the indexes for luizlimapg. 12-27-2024 07:37 AM
- Karma Re: How to Change Splunk frozenTimePeriodInSecs for any of the indexes for luizlimapg. 12-27-2024 07:37 AM
- Karma Re: How to Change Splunk frozenTimePeriodInSecs for any of the indexes for isoutamo. 12-27-2024 07:37 AM
- Posted Re: How to Change Splunk frozenTimePeriodInSecs for any of the indexes on Splunk Enterprise. 12-19-2024 05:33 AM
- Karma Re: How to Change Splunk frozenTimePeriodInSecs for any of the indexes for isoutamo. 12-19-2024 04:38 AM
- Posted Re: How to Change Splunk frozenTimePeriodInSecs for any of the indexes on Splunk Enterprise. 12-19-2024 04:35 AM
- Posted How to Change Splunk frozenTimePeriodInSecs for any of the indexes on Splunk Enterprise. 12-19-2024 03:02 AM
- Posted Re: Splunk Stopped sending email for Alerts and reports on Splunk Enterprise. 06-16-2023 07:02 AM
- Posted Splunk Stopped sending email for Alerts and reports? on Splunk Enterprise. 06-16-2023 06:15 AM
- Posted Re: Monitor a Remote Server Data into Splunk from the multiple specific Path on Getting Data In. 02-28-2023 09:51 AM
- Posted How to monitor a remote server data into Splunk from the multiple specific path? on Getting Data In. 02-28-2023 03:14 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
09-15-2025
12:36 PM
Thanks for your concern and you are right. I understand that AI-based add-on tools in Splunk may not always deliver perfectly accurate results, and there's a possibility of false positives. However, I'm looking for a solution that can still provide reasonably accurate detection — ideally around 70% accuracy — for identifying suspicious IPs based on traffic patterns. Are there any Splunk-compatible tools, preferably free or open-source, that can help achieve this level of detection? I'm currently exploring the Machine Learning Toolkit (MLTK), but I’d appreciate suggestions for any other effective options.
... View more
09-15-2025
11:28 AM
I'm currently looking for a free AI-based Splunk add-on or tool that can automatically detect suspicious IPs based on traffic patterns. Since a single IP may represent multiple users (due to NAT or proxy), the tool should ideally be able to handle such scenarios intelligently. I'm exploring the Splunk Machine Learning Toolkit (MLTK) at the moment. Are there any other useful AI or anomaly detection tools — preferably free or open-source — that integrate well with Splunk and can help identify suspicious IP behaviour ?
... View more
Labels
- Labels:
-
other
12-27-2024
07:40 AM
Thank you for your quick responses. I have increased the frozen time period from my indexer machine. And I am able to increase it according to my requirement.
... View more
12-19-2024
05:33 AM
Thanks, So this should be done in the indexer server right ?
... View more
12-19-2024
04:35 AM
Yes , I have an individual indexer which is installed on Linux machine. And I need to increase the frozenTimePeriodInSecs only for 2 of the indexes. So to increase the Frozen Time Period from 12 months to 13 months then I just need to update the frozenTimePeriodInSecs values to the indexes.conf file from the indexer server right ?
... View more
12-19-2024
03:02 AM
I want to increase one of my index frozen Time Period from 12 months to 13 months. I have increased the Max Size of Entire Index from the Splunk indexer > Settings. But I know this is not enough as my index frozen Time Period is set on 12 months period. So where should I update this value ? Should I need to update 'Indexes.conf' file for required indexes to the indexer server itself which is installed on Linux machine. What things I need to take care while updating this frozen Time Period.
... View more
Labels
- Labels:
-
configuration
06-16-2023
07:02 AM
Thanks for your quick reply Vatsal. Actually I already have tried with the above similar code but could not find much hint about the issue.
... View more
06-16-2023
06:15 AM
Splunk stopped sending email for Alerts, reports and Dashboards.
Checked from IT team regarding SMTP settings under server settings option and there is no issue found from their end.
Can you suggest me some solution or steps to resolve this issue.
... View more
Labels
- Labels:
-
configuration
02-28-2023
09:51 AM
We have created new index in the Splunk and modifying the input.conf file (\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\local) where we have installed the Splunk Forwarder remote server. Here we have added the newly created index with the new required folder path. For Example : [monitor://T:\New] index = new1 disabled = false But it did not work here.
... View more
02-28-2023
03:14 AM
Hello Everyone,
We are trying to monitor specific local paths on a remote server (Remote01) and send the data to Splunk, either in an existing index or a new one. We have installed a Universal Forwarder on the remote server and were able to fetch data from one folder (\\Remote01\e$\Document-DEF\Folder01) under the default index (index=main). However, we are unable to monitor a second folder (\\Remote01\e$\Document-GHI\Folder02) because the Universal Forwarder setup file only allows for one path.
We are facing the following challenges and would appreciate any guidance or advice on how to overcome them and successfully monitor both folders on the remote server in Splunk:
1. We can't create a new index for the remote server. 2. We can't get any information from the other folder we want to monitor ('Folder02'). 3. We can't get information from the remote server in the existing index.
So in short, we can monitor one folder on the remote server Remote01 but unsure how to configure the forwarder to monitor a second folder on the same Remote01 server.
Thanks in advance for your help!
... View more
Labels
- Labels:
-
indexer
-
inputs.conf
-
universal forwarder
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
09-22-2025
05:09 AM
|
