About frusso

frusso · ‎01-03-2025

The following instructions seem to remedy 99% of the issues: docs.splunk.com/Documentation/Splunk/9.3.1/Admin/Shareperformancedata#How_to_opt_out Apologies for the noise.

frusso · ‎01-03-2025

Splunk installation in a secure facility. I see the following blocked attempts to phone-home in our logs and infosec is unhappy. How do I prevent Splunk from phoning home every 15 seconds? TCP_DENIED/403 3836 CONNECT beam.scs.splunk.com:443 - HIER_NONE/- text/html TCP_DENIED/403 3906 CONNECT quickdraw.splunk.com:443 - HIER_NONE/- text/html Splunk Enterprise Version:9.3.1 Build:0b8d769cb912

frusso · ‎12-16-2024

I am in the process of implementing Splunk in a fairly long-lived environment. Log directories contain date-masked log files. I would like to ignore files before today's date, and only import new files. Example: /opt/someApplication/logs/someApplication.202412160600.out I am unable to wildcard /opt/someApplication/logs/someApplication.*.out as there are logs dating back to 2017 and I'd exceed our daily license/quota by several orders of magnitude. Changing the logging format is not an option. Exclude-lists appear to be a solution, but even using regex would be incredibly burdensome. Thoughts?

Posts	3
Solutions	0
Karma Given	2
Karma Received	1
Member Since	‎12-16-2024

Online Status	Offline
Date Last Visited	‎01-03-2025 11:50 AM

Disable Splunk Enterprise phoning home?

UniForwarder - only new log files with date mask

Re: Disable Splunk Enterprise phoning home?

Disable Splunk Enterprise phoning home?

UniForwarder - only new log files with date mask

Join the Conversation

Disable Splunk Enterprise phoning home?

UniForwarder - only new log files with date mask

Re: Disable Splunk Enterprise phoning home?

Disable Splunk Enterprise phoning home?

UniForwarder - only new log files with date mask