cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
wmosher
Path Finder
Member since: ‎04-15-2011
‎06-05-2020
Community Statistics
Posts 18
Solutions 0
Karma Given 4
Karma Received 7
Member Since ‎04-15-2011
Activity Feed
View All

Re: Temporarily disable deployment server?

by in Deployment Architecture
‎11-30-2020 01:32 PM
‎11-30-2020 01:32 PM
if all you want is to know what happens when you run a command, you could just spin up a VM and run the command.  that's literally what DEV environments are for... [splunk@ClientMachine bin]$ ./splunk disable deploy-server Your session is invalid. Please login. Splunk username: admin Password: Login successful, running command... Deployment Server is disabled. [splunk@ClientMachine bin]$ ... View more

Re: Field extraction a problem with large events?

by SplunkTrust in All Apps and Add-ons
‎05-25-2012 07:00 AM
1 Karma
‎05-25-2012 07:00 AM
1 Karma
Well, I would not do index-time extraction. Perhaps a search-time regex extraction, but it's difficult to say without measurement whether it will be better than auto-kv. Theoretically, increasing this from 10,240 to 102,400 increases the amount of CPU usage by 10x (assuming an O(n) operation). Practically, this may only mean a handful of nanoseconds. One advantage to regex versus auto-kv is that you can limit the regex scope to particular sourcetypes. Raising the kv limit affects processing for every event. Best advice is "measure and compare". ... View more

Re: Splunk widget for desktop environments?

by in All Apps and Add-ons
‎02-17-2012 09:37 AM
‎02-17-2012 09:37 AM
I know nothing about how to create desktop widgets, but all it needs to do is be able to display an iFrame which must be fairly basic functionality. Then it can just load the Splunk view for display, either without authenticating, or using SSO. See http://docs.splunk.com/Documentation/Splunk/4.3/Developer/3rdParty ... View more

Re: Deployment monitor reporting indexers overload...

by Splunk Employee in Deployment Architecture
‎04-24-2012 10:17 AM
‎04-24-2012 10:17 AM
In fairness, there are a lot of people that have done a lot more work than me on it. I will pass the love it on 🙂 ... View more

Re: License usage monitoring issue

by in All Apps and Add-ons
‎01-09-2012 11:23 AM
‎01-09-2012 11:23 AM
This is pretty much an entirely new question, however if you save your search and check the box to schedule it, some alerting options will present themselves. ... View more

Re: DISTRIBUTED SEARCH: performance -vs- highavail...

by in Monitoring Splunk
‎05-12-2011 10:39 AM
‎05-12-2011 10:39 AM
Thanks gkanapathy. Good point about the license. I was just using two as an example, we are pushing for four. Since we value performance over availability (at least until it goes down, LOL) I'm assuming a single cluster of four search peers is better than two mirrored clusters of two search peers. Under option one (splitting the data among the search heads) is this best managed by load-balancing or deliberately dividing up where forwarders are sending their data? ... View more

Re: Is there a Solaris SMF manifest for Splunk?

by in All Apps and Add-ons
‎11-07-2012 01:55 PM
‎11-07-2012 01:55 PM
This is awesome stuff! Thanks for taking the time to post this. When referencing the link you provided to ezproxy, as it compares to splunk, if the machine splunk is on (as a forwarder), for /lib/svc/method, should I simply create an empty file called splunkforwarder and link this to the binary for splunk in /opt/splunkforwarder/bin? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:02 AM
Karma from
Karma given to
View All