Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About skippylou
skippylou
Communicator
Member since:
07-08-2010
06-05-2020
Community Statistics
| Posts | 72 |
| Solutions | 0 |
| Karma Given | 6 |
| Karma Received | 41 |
| Member Since | 07-08-2010 |
Activity Feed
- Got Karma for Re: Can inputs.conf be reloaded without restarting splunkd?. 12-01-2020 09:08 AM
- Karma Re: User Role - Saved Search Permissions for gkanapathy. 06-05-2020 12:45 AM
- Karma Expanding Splunk installation from a single indexer to a multi-indexer + dedicated search head environment.. for Brian_Osburn. 06-05-2020 12:45 AM
- Karma Re: How do I set up SSL forwarding with new, self-signed certificates and authentication? for hexx. 06-05-2020 12:45 AM
- Karma Re: How to configure Static weekly report on dashboard for Paolo_Prigione. 06-05-2020 12:45 AM
- Karma Re: Why does "Ask a Question" page merge some lines? for dwaddle. 06-05-2020 12:45 AM
- Karma Searchhead pooling and scheduled searches. for nocostk. 06-05-2020 12:45 AM
- Got Karma for Re: User Role - Saved Search Permissions. 06-05-2020 12:45 AM
- Got Karma for User Role - Saved Search Permissions. 06-05-2020 12:45 AM
- Got Karma for Re: sourcetype in props.conf not always working. 06-05-2020 12:45 AM
- Got Karma for Re: sourcetype in props.conf not always working. 06-05-2020 12:45 AM
- Got Karma for Re: sourcetype in props.conf not always working. 06-05-2020 12:45 AM
- Got Karma for Re: sourcetype in props.conf not always working. 06-05-2020 12:45 AM
- Got Karma for Re: sourcetype in props.conf not always working. 06-05-2020 12:45 AM
- Got Karma for Passing results to next command one at a time and using event results in parameters. 06-05-2020 12:45 AM
- Got Karma for Passing results to next command one at a time and using event results in parameters. 06-05-2020 12:45 AM
- Got Karma for What perms/capabilities needed to create an app. 06-05-2020 12:45 AM
- Got Karma for Re: What perms/capabilities needed to create an app. 06-05-2020 12:45 AM
- Got Karma for Cloning and shutting down an indexer. 06-05-2020 12:45 AM
- Got Karma for Cloning and shutting down an indexer. 06-05-2020 12:45 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 2 | |||
| 2 | |||
| 1 | |||
| 2 | |||
| 1 | |||
| 1 | |||
| 0 | |||
| 2 | |||
| 0 | |||
| 1 |
04-12-2011
05:19 PM
Upgraded from 4.1.7.
... View more
04-12-2011
04:34 PM
However if I copy this file: $SPLUNK_HOME/etc/apps/search/local/data/ui/views/dashboard.xml. It has a single set of RT entries, removing those does stop the updating for me.
... View more
04-12-2011
04:20 PM
Yep, put a copy in here: $SPLUNK_HOME/etc/apps/search/local/data/ui/views/dashboard_live.xml. Removed 3 occurrences of earliest and 3 adjacent latest. Changed a label for 'Earliest Event'. Navigated to a different app and back, did not take the label changes or RT changes.
... View more
04-12-2011
01:26 PM
Hrm..I copied the dashboard_live.xml file over to the local dir, removed the rt earliest/latest instances and restarted splunk. It still is updating in real-time.
... View more
04-11-2011
07:31 PM
2 Karma
With the 4.2 upgrade it brought along with it the real-time updating of the metadata on the main screen/dashboard for the global summary, hosts/source/sourcetypes.
Is there any way to disable this and go back to how it polls once on navigating to the front page the first time and not continuously updating?
Thanks,
Scott
... View more
04-09-2011
02:11 PM
1 Karma
From support:
"only admin role can create an App"
... View more
04-09-2011
02:10 PM
Thanks for the clarification. I meant I was going to go the cloned to two distinct lb groups, not feed from the primary downstream - but I understand what you describe as an option like that if I wanted to go that route.
... View more
04-08-2011
04:30 PM
Thanks, I think my best bet at this point is the latter of what you meantion, cluster to two lb sets.
... View more
04-08-2011
02:45 PM
Thanks for the answer. I guess in my mind I think of cloned as two things having exact where autolb would be the spread amongst the members with at least one member getting a copy. All in all, I'll have to move to the combo of the two. Thanks again.
... View more
04-08-2011
01:53 PM
2 Karma
So originally I thought the way cloning would work between two indexers was that data from a forwarder setup to clone would send identical events to each indexer - this part does work fine. However, when I bring down one indexer for a few minutes on a restart or whatnot, I thought the forwarders would send to the indexer that was up, while keeping track of what needed to be sent to the second indexer when it came back online.
It appears the indexer that was down never gets the data that it missed while it was down once it comes back online. Does cloning work in that as long as one of the indexers is online that is good enough for those events? Doesn't seem right as I would think cloned should be identical, but it appears that's what I'm seeing.
Is the only way around this to clone to two sets of autolb'ed indexers (ie. using four total indexers)? Or what I'm seeing I shouldn't be seeing?
Thanks,
Scott
... View more
- Tags:
- highavailability
03-31-2011
11:46 AM
Have a look here:
http://www.splunk.com/base/Documentation/latest/Admin/MoreaboutSplunkFree
You should be able to go over the 500MB indexing limit up to 3 times in a 30 day period before search is disabled.
Regarding not getting any results back, perhaps your searching over a time period that does not have logs indexed for? Meaning you may have last hour or last day, but the logs in that directory are from prior to that.
Try setting 'All Time' if not already next to the search bar and do a search for * or something that you know is in there.
Hope that helps,
Scott
... View more
03-29-2011
06:31 PM
1 Karma
What permissions/capabilities are needed for a regular user account that is a member of a role that is derived essentially from the user role to be able to view the 'Create App' button in Manager -> Apps and/or if anything else is needed for them to start creating their own app from within the web gui?
Thanks,
scott
... View more
- Tags:
- app
03-03-2011
03:57 PM
Thanks for the answer, looks like this should allow the variable usage - but couldn't test successfully and then found your comments in a different ticket about map/<4.2/distributed_mode not being supported, so guessing that is why. I'll give this a try once 4.2 is released. Thanks!
... View more
03-02-2011
09:01 PM
2 Karma
Trying to get a search working where instead of the whole result set passing to the next command as one, they would pass over one at a time as a sort of a loop fashion. Then also use that value as a parameter value in a next command.
Here is a simple example.
Let's say I have this search:
"blah"
| top host
| fields + host
| throttle name=mytest period=300
| sendemail to=somebody sendresults=true
Let's say this returns two hostnames which pass through the AlertThrottle app throttle command, that then sets the suppression state and fires an email. The email contains the two hostnames from the result set.
I'd like to have each hostname pass through to the throttle command individually and also use the hostname to populate the "name=" value in the throttle portion. So that after the single search it is equivalent to:
hostname1 -> | throttle name=$host period 300 | sendemail to=somebody sendresults=true
hostname2 -> | throttle name=$host period 300 | sendemail to=somebody sendresults=true
So each result (two hostnames) generates a separate email and also using that hostname as a parameter value.
Are both of those two conditions even possible?
Thanks,
Scott
... View more
- Tags:
- search
02-03-2011
09:49 PM
Gotcha, thanks. Yes, my goal was to limit even administrator users on the search head from querying it. This was a situation where the peers are "owned" by different groups, but that one index on one of the peers both groups would need access to.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:02 AM
|
Karma given to
