Activity Feed
- Got Karma for Re: Indexers showing: WARN AdminHandler:AuthenticationHandler - Denied session token for user: splunk-system-user. 01-17-2023 02:27 AM
- Got Karma for Re: Indexers showing: WARN AdminHandler:AuthenticationHandler - Denied session token for user: splunk-system-user. 10-11-2021 01:45 AM
- Posted Re: Indexers showing: WARN AdminHandler:AuthenticationHandler - Denied session token for user: splunk-system-user on Getting Data In. 07-25-2020 12:15 PM
- Posted How to relocate Splunk bar chart value placement on Splunk Search. 06-19-2019 08:30 AM
- Tagged How to relocate Splunk bar chart value placement on Splunk Search. 06-19-2019 08:30 AM
- Tagged How to relocate Splunk bar chart value placement on Splunk Search. 06-19-2019 08:30 AM
- Tagged How to relocate Splunk bar chart value placement on Splunk Search. 06-19-2019 08:30 AM
- Posted Re: Why does this search cause Splunk to crash occasionally? on Splunk Search. 05-21-2019 09:42 AM
- Posted Re: splunkd died every day with the same error on Splunk Search. 05-17-2019 12:15 PM
- Posted Re: Cannot determine a latest common bundle, search may be blocked on Splunk Search. 05-17-2019 12:08 PM
- Posted Re: Why am I seeing so many corrupt buckets? on Getting Data In. 05-17-2019 12:02 PM
- Posted Re: splunkd died every day with the same error on Splunk Search. 05-15-2019 02:40 AM
- Posted Re: Splunk indexers crashing on Getting Data In. 05-14-2019 02:05 PM
- Posted rest and metadata commands not giving any output in splunk search head on Getting Data In. 03-12-2019 07:12 AM
- Tagged rest and metadata commands not giving any output in splunk search head on Getting Data In. 03-12-2019 07:12 AM
- Tagged rest and metadata commands not giving any output in splunk search head on Getting Data In. 03-12-2019 07:12 AM
- Tagged rest and metadata commands not giving any output in splunk search head on Getting Data In. 03-12-2019 07:12 AM
- Posted How do you check missing values from an input list and set an alert when values are missing? on Getting Data In. 02-14-2019 12:06 PM
- Tagged How do you check missing values from an input list and set an alert when values are missing? on Getting Data In. 02-14-2019 12:06 PM
- Tagged How do you check missing values from an input list and set an alert when values are missing? on Getting Data In. 02-14-2019 12:06 PM
Topics I've Started
Subject | Karma | Author | Latest Post |
---|---|---|---|
0 | |||
0 | |||
0 |
07-25-2020
12:15 PM
2 Karma
This happens when you keep cluster master in maintenance mode and re-add peer to cluster. Always ensure you keep cluster master out of maintenance mode when you re-add peer. You can simply fix this by going to splunkweb on Search head _ settings_distributed Search_ search peers . Select the peer which is having issues and add the admin user/password _ save
... View more
06-19-2019
08:30 AM
I have a bar chart and the value in the horizontal bars comes at the top of the bar.
What XML changes should be made to ensure the values come in the bottom of the bar?
If you see my attachment values 1189, 1170 19, 655 and 646 are coming at top of the bar
and I need those bottom of the chart in a slanting way.
... View more
05-21-2019
09:42 AM
Did you ever figure it out? Iam seeing the same behaviour. One of my indexer crashes for no reason
... View more
05-17-2019
12:15 PM
Did you get this resolved?
Can you validate and confirm if splunk was getting killed post an active session is terminated, that is, as soon as some one logs out of your splunk session or server, and if it dies after that.
... View more
05-17-2019
12:08 PM
can you login to the DS, push the latest bundle and do splunk apply cluster-bundle from the Cluster master to all your peers. Do paste the errors which you get post doing this..
Always try to check the CM bundle details and compare if the latest active bundle in the peers is same as the CM
... View more
05-17-2019
12:02 PM
Do you have any encryption agent installed on the indexers as part of any security standard to encrypt the sensitive data being indexed?
... View more
05-15-2019
02:40 AM
how did you find the macro causing issues and calling itslef. Will be helpful for me to validate the same
... View more
05-14-2019
02:05 PM
Same here. we kept it idle for one year, just like a dummy server without splunk running. We recently upgraded to 7 version and started hoping the indexer runs smooth, but still the same issue
FATAL ProcessRunner - Unexpected EOF from process runner child!
FATAL ProcessRunner - Unexpected EOF from process runner child!
... View more
03-12-2019
07:12 AM
We recently migrated from one search head to another. Copied over all the apps etc. Everything seems good. But the only problem for now is REST calls and METADATA not throwing any outputs on few apps where these calls are made. Anything specific to configure in new Searchead for ensuring it can run |metadata and |rest calls and throw us the results in Splunk Query?
... View more
02-14-2019
12:06 PM
I have a scenario wherein each heavy forwarder has syslog listeners running. I need an alert or something in the dashboard to show that a particular heavy forwarder has the following listener down.
I did the following and was able to list the Splunk heavy forwarder, listener and its associated PID:
index=operatingsys host=hf1 OR host=hf2 or host=hf3 source="/var/run/syslog/*" | rex .......... | table host listenername PID
o/p was as follows
host listenername PID
hf1 ciscolistener 123
hf1 winlistener 567
hf2 ciscolistener 345
hf2 winlistener 789
hf3 ciscolistener 654
hf3 winlistener 523
hf3 whitecoat 231
Now , I can share an input CSV list as below which is static
host listenername
hf1 ciscolistener
hf1 winlistener
hf1 whitecoat
hf2 ciscolistener
hf2 winlistener
hf2 whitecoat
hf3 ciscolistener
hf3 whitecoat
hf3 winlistener
As you see in my search output, hf2 and hf3 have whitecoat missing (meaning whitecoat listener status is down, and technically, it will not have PID assigned as it is down). I need to show that the listeners on the heavies are down in a dashboard/report, and for an alert to be generated whenever any listener is down on one of our heavy forwarders.
Open to discussion on using any different approach, if possible to wrap this up
... View more
08-06-2018
09:53 AM
We ran into same issue where one of the indexer from cluster is crashing again , again and again. It was pointing to my uid, when all I did was logging in and running splunk start to validate on what we find in crash logs. We did splunk reinstall, turning off other services on the box, splunk support etc. but we are yet to find resolution for the same. If you find anything please post it , so that we can use the same
... View more