Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About faol
faol
Explorer
Member since:
04-20-2015
06-05-2020
Community Statistics
| Posts | 7 |
| Solutions | 0 |
| Karma Given | 2 |
| Karma Received | 4 |
| Member Since | 04-20-2015 |
Activity Feed
- Karma Re: With no fixup tasks pending, why are the Clustering UI states replication and search factors are not met? for bpaul_splunk. 06-05-2020 12:49 AM
- Got Karma for Searches are terminating with Unknown sid and The search job “xxxxxxxxxx.xxxxx” was canceled remotely or expired.. 06-05-2020 12:49 AM
- Got Karma for With no fixup tasks pending, why are the Clustering UI states replication and search factors are not met?. 06-05-2020 12:49 AM
- Got Karma for With no fixup tasks pending, why are the Clustering UI states replication and search factors are not met?. 06-05-2020 12:49 AM
- Karma Re: Why Does Search Head Cluster Replication Fail with large lookup table for bpaul_splunk. 06-05-2020 12:47 AM
- Got Karma for Why am I getting error "No credentials for IPS...were found!" resulting in no data received from new sensors added to the Splunk Add-on for Cisco IPS?. 06-05-2020 12:47 AM
- Posted With no fixup tasks pending, why are the Clustering UI states replication and search factors are not met? on Deployment Architecture. 06-15-2018 01:47 PM
- Tagged With no fixup tasks pending, why are the Clustering UI states replication and search factors are not met? on Deployment Architecture. 06-15-2018 01:47 PM
- Tagged With no fixup tasks pending, why are the Clustering UI states replication and search factors are not met? on Deployment Architecture. 06-15-2018 01:47 PM
- Tagged With no fixup tasks pending, why are the Clustering UI states replication and search factors are not met? on Deployment Architecture. 06-15-2018 01:47 PM
- Tagged With no fixup tasks pending, why are the Clustering UI states replication and search factors are not met? on Deployment Architecture. 06-15-2018 01:47 PM
- Posted Searches are terminating with Unknown sid and The search job “xxxxxxxxxx.xxxxx” was canceled remotely or expired. on Splunk Search. 04-06-2018 12:23 PM
- Tagged Searches are terminating with Unknown sid and The search job “xxxxxxxxxx.xxxxx” was canceled remotely or expired. on Splunk Search. 04-06-2018 12:23 PM
- Tagged Searches are terminating with Unknown sid and The search job “xxxxxxxxxx.xxxxx” was canceled remotely or expired. on Splunk Search. 04-06-2018 12:23 PM
- Posted Why did searches stop returning results after enabling the Distributed Management Console on a Splunk App for Enterprise Security search head? on Splunk Enterprise Security. 10-21-2015 04:58 PM
- Tagged Why did searches stop returning results after enabling the Distributed Management Console on a Splunk App for Enterprise Security search head? on Splunk Enterprise Security. 10-21-2015 04:58 PM
- Tagged Why did searches stop returning results after enabling the Distributed Management Console on a Splunk App for Enterprise Security search head? on Splunk Enterprise Security. 10-21-2015 04:58 PM
- Tagged Why did searches stop returning results after enabling the Distributed Management Console on a Splunk App for Enterprise Security search head? on Splunk Enterprise Security. 10-21-2015 04:58 PM
- Tagged Why did searches stop returning results after enabling the Distributed Management Console on a Splunk App for Enterprise Security search head? on Splunk Enterprise Security. 10-21-2015 04:58 PM
- Posted What is the difference between the two threads limits referenced in splunkd.log? on Monitoring Splunk. 08-03-2015 12:17 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 2 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 |
06-15-2018
01:47 PM
2 Karma
When checking on my replication and search factors on my cluster master, it states they are not met. There are a number of different indexes containing various combinations of buckets which do not meet either the replication factor, or search factor, or both. When I click on the "Bucket Status" button on the "Indexes" tab, there are no pending fixup tasks. How do I get my cluster to meet its replication and search factors again?
... View more
04-06-2018
12:23 PM
1 Karma
When running a search which takes longer than a couple of seconds to complete, I suddenly see the following error messages.
Unknown sid.
The search job “1522944681.58347” was canceled remotely or expired.
These messages are displayed approximately one second after the search starts running. If I check the $SPLUNK_HOME/var/run/splunk/dispatch directory, I can see the search artifact getting created, and being reaped right after the search is cancelled. This does not seem to be affecting saved searches which run on a schedule. This is also a standalone Splunk instance running version 6.5.2. What is the cause of this?
... View more
10-21-2015
04:58 PM
After enabling the Distributed Management Console on an Enterprise Security (ES) search head, searches stop returning results. The following additional behaviors were also experienced.
Navigation to the Settings menu in the UI is slow but works.
When trying to access the Search UI, Splunk does not respond.
Running a search from the command line does not return results.
The “Scheduled time” value in “Settings > Searches, reports, and alerts” contains dates from the past.
Large gaps in time (more than 24 hours in some cases) were seen in the scheduler.log and splunkd.log files.
Why is this happening?
... View more
08-03-2015
12:17 PM
I set the maxThreads parameter in my server.conf file based upon the documentation http://docs.splunk.com/Documentation/Splunk/6.2.4/admin/Serverconf . After restarting Splunk, I see the number I set in the splunkd.log file in the following line.
08-03-2015 11:59:17.433 -0700 INFO loader - Limiting REST HTTP server to xxxx threads
I also noticed another setting which sets the maximum number of threads which has a different value.
08-03-2015 11:59:14.046 -0700 INFO loader - Maximum number of threads (approximate): yyyy
What is the difference between these, and how can I increase the latter?
... View more
07-21-2015
03:00 PM
From can I see, Splunk continues to run but I would like to know what happens to the cold data which meets the criteria to be frozen? Once the frozen directory is made accessible, does Splunk continue to freeze the data, or was it already removed from the index?
... View more
07-14-2015
05:12 PM
Replication is failing with the following error.
07-12-2015 21:08:45.859 +0000 WARN ConfReplicationThread - Error pushing configurations to captain=https://server_name:8089, consecutiveErrors=1: Error in acceptPush, uploading lookup_table_file="/opt/splunk/etc/apps/SA-EndpointProtection/lookups/localprocesses_tracker.csv": Non-200 status_code=413: Content-Length of 1567337721 too large (maximum is 838860800)
Is there a way to allow the replication to occur even though the file is too large?
... View more
04-20-2015
09:57 AM
1 Karma
I have the Splunk Add-on for Cisco IPS installed and am receiving data from some Cisco IPS devices. I can add additional connections configured which is successful, but I do not receive any data from them. I see a number of the following error messages in sdee_get.log.
Mon Apr 13 16:35:50 2015 - No credentials for IPS xxx.xxx.xxx.xxx were found!
I have confirmed the credentials are entered correctly, and that they are properly created in the app.conf file. Why can't the Add-on get them?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:03 AM
|
