cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
shaktik
Explorer
Member since: ‎10-06-2017
‎06-05-2020
Community Statistics
Posts 4
Solutions 1
Karma Given 1
Karma Received 1
Member Since ‎10-06-2017
Activity Feed
View All

How are the Splunk Quick-Start CloudFormation (AWS...

by in All Apps and Add-ons
‎06-03-2020 02:51 PM
‎06-03-2020 02:51 PM
Has anyone used the Splunk Quick-Start CloudFormation templates and what was your experience like? Also, how do these 2 templates differ? splunk-enterprise.template.yaml (existing VPC??) & splunk-enterprise-master.template.yaml (new VPC??) Resources: https://aws-quickstart.s3.amazonaws.com/quickstart-splunk-enterprise/doc/splunk-enterprise-on-the-aws-cloud.pdf https://github.com/aws-quickstart/quickstart-splunk-enterprise ... View more
Labels

Re: Logs from rsyslog server stopped indexing

by in Getting Data In
‎10-13-2017 11:36 AM
1 Karma
‎10-13-2017 11:36 AM
1 Karma
The issue was related to logrotate not being configured properly, so there was no space left on the syslog server. ... View more

Re: Logs from rsyslog server stopped indexing

by in Getting Data In
‎10-12-2017 07:02 AM
‎10-12-2017 07:02 AM
Sorry for the confusion but the logs stopped and have not started back up again. I have added a picture of what time logs stopped coming in for more clarity. ... View more

Logs from rsyslog server stopped indexing

by in Getting Data In
‎10-11-2017 02:55 PM
‎10-11-2017 02:55 PM
My setup is FW, WAF and Web-proxy logs being pushed to my Rsyslog Fwd which has a UF installed to push to my indexers. So my logs that were coming from the Rsyslog server stopped mysteriously around 3am a few nights back, but the UF installed on that server is still sending out metrics logs but no firewall logs. I can't figure what the issue is. Whats even weirder is that all the logs didn't stop at one time but over a course of few hours, the logs had been coming in consistently for a few weeks now. And this new deployment had been running about a 4-5 weeks. There was a sharp increase in logs that came in the day of and after that the logging levels dropped to almost none with only the UF metrics getting indexed but no other logs. • Host OS: Red Hat Linux 7.3 • Syslog software used: rsyslogd 7.4.7 • Splunk Software used: Splunk Universal Forwarder 6.6.3 for Linux • Configuration changes to get syslog data from sources was done in /etc/rsyslog.d/rsyslog-splunk.conf. • Logrotation for syslog data was configured in /etc/logrotate.d/rsyslog-splunk Any ideas? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma from
View All
Karma given to
View All