About bvv

bvv · ‎04-10-2022

same here after upgrade from 7.2 > 8.1.3 > 8.2.5. 8.2.6 came out today hopefully it could be a fix but tried without luck. in my situation searches aren't running at all. Ingestion Latency and Search Scheduler Searches Skipped appear in red.

bvv · ‎02-26-2020

This stopped indexing on all indexes as well.. I might consider setting up a HF to pick up data from UF instead of sending directly to Indexer.

bvv · ‎02-26-2020

Data is not not cooked UF-->This splunk instance (both Indexer and Search Head role)

bvv · ‎02-26-2020

This will stop not just [helloworld] but all other indexes from indexing. The splunk instance itself is an Indexer and a Search Head at the same time.

bvv · ‎02-26-2020

outputs.conf [syslog:syslogGroup] server = x.x.x.x:514 props.conf [helloworld] TRANSFORMS-rsyslog = syslogRouting transforms.conf [syslogRouting] REGEX = . DEST_KEY = _SYSLOG_ROUTING FORMAT = syslogGroup This config is applied on an indexer (many tutorials use a heavy forwarder which by defaults does not index data). This works perfectly in forwarding rawdata in syslog to another system however rawdata is also being indexed. Is there a way to prevent indexing from happening? I've tried adding a nullQueue stanza to props.conf without luck.

Posts	5
Solutions	0
Karma Given	2
Karma Received	0
Member Since	‎02-26-2020

Online Status	Offline
Date Last Visited	‎04-10-2022 06:28 AM

Prevent Indexer from indexing whilst forwarding sy...

Re: New Splunk User got this error in health how t...

Re: Prevent Indexer from indexing whilst forwardin...

Re: Prevent Indexer from indexing whilst forwardin...

Re: Prevent Indexer from indexing whilst forwardin...

Prevent Indexer from indexing whilst forwarding sy...