Hello, I am writing to ask from which point regarding the EPS OR Daily ingested GB/day and the number of users simultaneously access the search head. at what point should i consider a cluster search head cluster, as it will be (one-single SH ) OR (three SH + Deployer)? from your technical perspective?     ... View more

Hello Splunker, Hope you had a great day! as per the below picture :             Q1:- I need to understand the exact process of creating the TSIDX file and its content and how actually it speeds the search? Q2:- Why the size of the tsidx file is bigger than the raw data itself 35% /15%? Q3:- what is the difference between tsidx file and datamodel summary? I am expecting a long answer and more details, actually i like details! Thanks in advance!   ... View more

I Have used the below two events to test the SOURCE_KEY =     <132>1 2023-12-24T09:48:05+00:00 DCSECIDKOASV02 ikeyserver 8244 - [meta sequenceId="2850227"] {Warning}, {RADIUS}, {W-006001}, {An invalid RADIUS packet has been received.}, {0x0C744774DF59FC530462C92D2781B102}, {Source Location:10.240.86.6:1812 (Authentication)}, {Client Location:10.240.86.18:42923}, {Reason:The packet is smaller than minimum size allowed for RADIUS}, {Request ID:101}, {Input Details:0x64656661756C742073656E6420737472696E67}, {Request Type:Indeterminate} <132>1 2023-12-24T09:48:05+00:00 DCSECIDKOASV02 ikeyserver 8244 - [meta sequenceId="2850228"] {Warning}, {RADIUS}, {W-006001}, {An invalid RADIUS packet has been received.}, {0xBA42228CB3604ECFDEEBC274D3312187}, {Source Location:10.240.86.6:1812 (Authentication)}, {Client Location:10.240.86.19:18721}, {Reason:The packet is smaller than minimum size allowed for RADIUS}, {Request ID:101}, {Input Details:0x64656661756C742073656E6420737472696E67}, {Request Type:Indeterminate}   Using the below Regex: [xmlExtractionIDX] REGEX = .*?"]\s+\{(?<Severity>\w+)\},\s+\{\w+\},\s+\{(?<DeviceID>[^}]*)\},(.*) FORMAT = Severity::$1 DeviceID::$2 Last_Part::$3 WRITE_META = true   till that it's working fine then i want to add more precise extraction and want to extarct more info from the Last_Part field using the SOURCE_KEY =    [xmlExtractionIDX] REGEX = .*?"]\s+\{(?<Severity>\w+)\},\s+\{\w+\},\s+\{(?<DeviceID>[^}]*)\},(.*) FORMAT = Severity::$1 DeviceID::$2 Last_Part::$3 SOURCE_KEY = MetaData:Last_Part REGEX = Reason:(.*?)\} FORMAT = Reason::$1 WRITE_META = true   But it doesn't work now, Is there any advice to do that using SOURCE_KEY      ... View more

Hello, I hope all is well. Need your help to monitor the F5 Interface utilization throughput (performance Monitor). Any Idea! @community  #performanceMonitor ... View more

Hello, have a nice day!   I have followed the Distributed Search document and create a dshborad.xml file and push it through the deployer, and i could find it in the search heads app as below: hit Edit properties  cause the below ERROR: Also, I didn't find the dashboard under the dashboard tab to view it. =========================================================   ... View more

Hi, I want to ask where i can find the indexed data stored as per the below, i found the bucket consist of the RAW data, index file and some meta data : ... View more