Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About jmasat
jmasat
Observer
Member since:
06-03-2020
06-23-2020
Community Statistics
| Posts | 11 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 06-03-2020 |
Activity Feed
- Posted Re: Regex assistance - Blacklist host. on Splunk Search. 06-23-2020 11:48 AM
- Posted Re: Splunk Scripting- GUI or stanza on Splunk Enterprise. 06-23-2020 11:17 AM
- Tagged Re: Splunk Scripting- GUI or stanza on Splunk Enterprise. 06-23-2020 11:17 AM
- Posted Re: Regex assistance - Blacklist host. on Splunk Search. 06-23-2020 11:05 AM
- Posted Re: Splunk Scripting- GUI or stanza on Splunk Enterprise. 06-23-2020 10:47 AM
- Posted Re: Regex assistance - Blacklist host. on Splunk Search. 06-23-2020 10:45 AM
- Posted Regex assistance - Blacklist host. on Splunk Search. 06-23-2020 09:50 AM
- Posted Splunk Scripting- GUI or stanza on Splunk Enterprise. 06-23-2020 09:39 AM
- Posted Re: Why does search only display 24 hours of event data on Linux, but all-time on Windows? on Splunk Search. 06-04-2020 07:09 AM
- Posted Re: Why does search only display 24 hours of event data on Linux, but all-time on Windows? on Splunk Search. 06-03-2020 03:51 PM
- Posted Re: Why does search only display 24 hours of event data on Linux, but all-time on Windows? on Splunk Search. 06-03-2020 03:28 PM
- Posted Why does search only display 24 hours of event data on Linux, but all-time on Windows? on Splunk Search. 06-03-2020 06:30 AM
- Tagged Why does search only display 24 hours of event data on Linux, but all-time on Windows? on Splunk Search. 06-03-2020 06:30 AM
- Tagged Why does search only display 24 hours of event data on Linux, but all-time on Windows? on Splunk Search. 06-03-2020 06:30 AM
- Tagged Why does search only display 24 hours of event data on Linux, but all-time on Windows? on Splunk Search. 06-03-2020 06:30 AM
- Tagged Why does search only display 24 hours of event data on Linux, but all-time on Windows? on Splunk Search. 06-03-2020 06:30 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
06-23-2020
11:48 AM
Thank you for the URL- Respectfully - I had found before- but was of little help. I am looking for something that breaks regex down(with examples) So that i may understand. This site was far too esoteric.
... View more
06-23-2020
11:17 AM
DEPLOYED APPS SUCCESSFULLY This is indicated in the edit server class pane Is the server deploying? As i stated batch files are working great- Powershell is not
... View more
- Tags:
- administration
06-23-2020
11:05 AM
I agree with you statement- this however is a "burning building" that i inherited. i would personally fast fail and start the process over. The server was stood-up with no planning- targeting hosts that I do not have access to . So have to accomplish data shaping by blocking data as it is ingested .
... View more
06-23-2020
10:47 AM
i will look at the DS-- have not gone that direction yet- too new to Spunk The other tools are not available in this environment
... View more
06-23-2020
10:45 AM
I will look at the URL provided. The failing may be on my end (not a programmer in the slightest) Agreed the host logs may be useful (at sometime) for the moment I need to band-aid a poor install Many issues - example - data regularly exceeds the 100000 per second limit... Regardless - Blacklist = \.(?:log)$ ( this was to blacklist all logs being ingested from splunkd source
... View more
06-23-2020
09:50 AM
Team, I would like assistance with creating regex,specifically to blacklist 1 host name - happens to be the spunk server- very noisy. Alternately would like direction to site or resource that could help with creation of regex and debugging. I have had no luck- too many hours to quantify. This was the best so far- but even as submitted (results all green) regex did not work. http://regjex.com/
... View more
Labels
- Labels:
-
regex
06-23-2020
09:39 AM
Team, i wish to utilize Powershell scripts, deployed to remote clients via the GUI interface - or CLI Whichever can be made to work. 1. The CLI (Inputs.conf) works if created and maintained on each client 2. The remote script GUI only seems to work for bat files. 3. The V3 modular input only seems to work for localhost History: i have successfully utilized powershell scripts with in the inputs.conf (placed on each forwarder) example : script = . "C:\Program Files\Splunk\etc\apps\My-App\bin\script.ps1 ( I chose to use the full path as the env variable does not seem to stick-- set or setx does not seem to matter) The downfall of this is the script/ inputs.conf has to be updated manually on each client. i have successfully utilized batch from the GUI (settings > data inputs >remote scripts) $SPLUNK_HOME/etc/apps/_server_app_W64_NETWORK_INFO/bin/netstat.bat Attempts with .ps1 scripts does not work. Tried utilizing the Powershell v3 Modular Input that method only targets the local host (server)
... View more
Labels
- Labels:
-
administration
-
configuration
06-04-2020
07:09 AM
Could the issue be related to bucket settings (Hot>Warm>Cold>Frozen)
I last ran search @ 1700 last night host=Linuxhostname - returned the 6.2 and 6.3 (24 hours) results (Modifiers were for last 30 days)
I Ran same search @ 0600 It returned 6.3 and 6.4 (Time modifiers set for 30 days)
Could the issue be bucket freeze?
I ran index=_internal sourcetype=splunkd component=BucketMover
and saw 27 moves to cold or freeze--- mostly freeze
Based on the fact that until yesterday- Linux hosts were overrunning indexer with 10,000,000 inputs per 8 hours This was due to Issues with the Linux UNIX addon , which has now been disabled.
/
Question is thawing buckets en-masse advisable?
I have been googling-- but want to not use a "poke and hope" method to thaw.
I have seen different methods- including this.
https://splunkonbigdata.com/2019/02/27/retrieving-data-from-archive-state/
Thoughts please
... View more
06-03-2020
03:51 PM
The searches are generic - time/day/range filters applied (60 min, 1 day, 30 days, all-time)
host=* displays all Windows data as expected and returns 1 day of Linux data
host=Linuxhostname returns 1 day of Linux data
host=windowshostname returns all data as expected
"Time window settings" different from MS to Linux?
Where is that setting?
... View more
06-03-2020
03:28 PM
The searches are generic:
host=* (all variations of day, date range) returns one day of Linux and all of the expected windows
Host=linuxhostname (all variations of day,date range) returns one day of Linux regardless of day/date/range
host= windowshostname (all variations of day,date range) returns all data as expected
Where are the "time windows settings"?
... View more
06-03-2020
06:30 AM
There are approximately 1.5 Billion ingested entries from 40 forwarders.
Performing a search with any criteria on Windows hosts lists all events as all-time.
Performing the same search on Linux hosts only returns 24 hours of data, regardless of time/date ranges supplied. Each day the data only covers the last 24.
What settings could be causing this?
... View more
Labels
- Labels:
-
other
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-23-2020
03:09 PM
|
