Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About gearmstrong
gearmstrong
Path Finder
Member since:
01-09-2020
12-17-2020
Community Statistics
| Posts | 20 |
| Solutions | 3 |
| Karma Given | 0 |
| Karma Received | 1 |
| Member Since | 01-09-2020 |
Activity Feed
- Got Karma for Re: Monotonic Time Stuck and Search_Telemetry. a week ago
- Posted Re: Last Line Entry in Lookup Not Appearing in Search on Splunk Enterprise. 12-17-2020 03:37 AM
- Posted Last Line Entry in Lookup Not Appearing in Search on Splunk Enterprise. 12-16-2020 05:07 AM
- Posted Re: Indexing Performance Drop-down Indexer (ServerName) is Wrong on Splunk Enterprise. 12-14-2020 08:01 AM
- Posted Re: Indexing Performance Drop-down Indexer (ServerName) is Wrong on Splunk Enterprise. 12-14-2020 07:48 AM
- Posted Indexing Performance Drop-down Indexer (ServerName) is Wrong on Splunk Enterprise. 12-14-2020 07:34 AM
- Posted Re: Splunkd Crash Every Ten Minutes on Installation. 12-09-2020 12:23 PM
- Posted Splunkd Crash Every Ten Minutes on Installation. 12-07-2020 04:51 AM
- Posted Splunkd Crash Every Ten Minutes on Installation. 12-03-2020 11:50 AM
- Posted Splunkd Crash Every Ten Minutes on Installation. 12-03-2020 10:22 AM
- Posted Splunkd Crash Every Ten Minutes on Installation. 12-03-2020 08:59 AM
- Posted Re: Splunkd Crash Every Ten Minutes on Installation. 12-03-2020 08:50 AM
- Posted Splunkd Crash Every Ten Minutes on Installation. 12-03-2020 08:39 AM
- Posted Questions on Migration From All-in-one Stand-alone Deployment on Deployment Architecture. 11-13-2020 05:28 AM
- Posted Re: Saved Search vs. Open Search Server Error in Query on Splunk Search. 07-09-2020 11:30 AM
- Posted Re: Saved Search vs. Open Search Server Error in Query on Splunk Search. 06-24-2020 11:55 AM
- Posted Re: Saved Search vs. Open Search Server Error in Query on Splunk Search. 06-24-2020 10:09 AM
- Posted Saved Search vs. Open Search Server Error in Query on Splunk Search. 06-24-2020 09:15 AM
- Posted Re: Monotonic Time Stuck and Search_Telemetry on Splunk Search. 04-09-2020 09:44 AM
- Posted Local EventLog Collection Questions on Monitoring Splunk. 04-08-2020 05:47 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
12-17-2020
03:37 AM
*** SOLVED *** Colleague of mine discovered that in the last Field Value of the Last Line entry I had sloppily eased up on the <SHIFT> Key and the Double Quote had became a Single Quote. Things like this can be difficult to spot, working remotely on small screen systems. Something to keep in mind... and as always it's nice to have a second pair of eyes on your work! Best regards, Greg
... View more
12-14-2020
08:01 AM
I just found the answer! Apparently if you upgrade in the fashion that I did, you will need to go into General Setup for Monitoring Console (Monitoring Console-> Settings-> General Setup)... review and ensure settings do indeed reflect your current (new) Server Name and then click "Apply Changes" Button to reset config to new server.
... View more
12-09-2020
11:31 AM
I just saw the message "ERROR PipelineComponent - Monotonic time source didn't increase; is it stuck?" come in every 2-3 seconds or about 24 per minute. It did indicate a problem with my system which I am troubleshooting.
... View more
11-13-2020
06:35 AM
1) In a distributed environment, search heads and indexers are on separate [virtual] machines. You can have two servers, but one of them will be a SH and the other will be an indexer. The usual procedure in this migration is to make the standalone server become the indexer so no data migration is needed. 2) Non-clustered indexers do not need to have the same storage. They must have enough to hold whatever data they will ingest over the expected retention period, plus about 10-15% for overhead. Keeping all indexers the same will make for easier management. 3) Yes, I'm sure someone does. I am not one of those people, however. 4) You can reduce the number of CPUs or the amount of memory to save money as long as performance meets your expectations. Understand, however, that if you ask Splunk for support they may ask you to bring any under-provisioned servers to minimum specs before assisting you.
... View more
07-09-2020
11:30 AM
Answer is query was being ran from 'un-trusted' browser which is routed through Application Gateway which has very very specific firewall rules such as to block "get-psdrive" or "set-executionpolicy" but allow "get-psadforestinfo" for example. Anyway... I eventually discovered that if I ran the query on localhost browser it worked. This also explains why job created (and scheduled) in version 7.x still worked but I couldn't edit/save via 'Open in Search' option. So, my fault for not catching this before now, but I did want to share with you in case you experience similar issues maybe you can investigate whether you have any App Gateways in play! Best regards, Greg
... View more
04-17-2020
11:16 AM
First, If i know the exact configuration of your system, I will let you know correct answer.
Second, Yes, collection of event log data from remote machines can use either WMI or a universal forwarder.
Lastly, This question doesn't seem to be the part I can answer. I would like to hear what others are thinking.
Thanks
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
12-17-2020
07:54 AM
|
