×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
dladkisson
New Member
Member since: ‎04-25-2011
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎04-25-2011
Activity Feed
View All

Possible Bad Pointer in Index or Database?

by in Splunk Search
‎05-04-2011 06:39 AM
‎05-04-2011 06:39 AM
After a system reboot for updates, SplunkWeb didn't not relaunch successfully after restart. After letting it sit for a few minutes SplunkWeb did finally launch however it appears that perhaps there was a corruption in the event database. All I am feeding into it right now is Cisco IDS events using the Splunk_CiscoIPS plugin; latest versions of both the plugin and Splunk. I cannot seem to find in the documentation a way to check the event database for errors nor figure out which database may even be affected. If I start a query that overlaps the 15/20 minutes where the Splunkweb was down, the search hangs when it gets to that period. Searching outside the 'damaged' period returns results just fine. Any suggestions would be greatly appreciated. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:02 AM