Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About mehal
mehal
New Member
Member since:
10-04-2012
06-05-2020
Community Statistics
| Posts | 15 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 10-04-2012 |
Activity Feed
- Posted Re: Distributed Search Question. on Deployment Architecture. 10-15-2012 11:18 PM
- Posted Distributed Search Question. on Deployment Architecture. 10-14-2012 11:33 PM
- Tagged Distributed Search Question. on Deployment Architecture. 10-14-2012 11:33 PM
- Posted Re: Question on Indexed data getting deleted on Getting Data In. 10-12-2012 11:42 AM
- Posted Re: Question on Indexed data getting deleted on Getting Data In. 10-12-2012 12:48 AM
- Posted Question on Indexed data getting deleted on Getting Data In. 10-12-2012 12:32 AM
- Tagged Question on Indexed data getting deleted on Getting Data In. 10-12-2012 12:32 AM
- Tagged Question on Indexed data getting deleted on Getting Data In. 10-12-2012 12:32 AM
- Posted Re: CSV TImestamp Problem on Getting Data In. 10-08-2012 03:22 PM
- Posted Re: CSV TImestamp Problem on Getting Data In. 10-08-2012 03:15 PM
- Posted Re: CSV TImestamp Problem on Getting Data In. 10-08-2012 03:10 PM
- Posted CSV TImestamp Problem on Getting Data In. 10-07-2012 10:38 PM
- Tagged CSV TImestamp Problem on Getting Data In. 10-07-2012 10:38 PM
- Posted Re: ** Urgent ** - Question on how to specify DIRECTORY on unix system to index data from the files within directory on Splunk Search. 10-07-2012 01:04 PM
- Posted Re: ** Urgent ** - Question on how to specify DIRECTORY on unix system to index data from the files within directory on Splunk Search. 10-07-2012 12:47 PM
- Posted ** Urgent ** - Question on how to specify DIRECTORY on unix system to index data from the files within directory on Splunk Search. 10-06-2012 10:50 PM
- Tagged ** Urgent ** - Question on how to specify DIRECTORY on unix system to index data from the files within directory on Splunk Search. 10-06-2012 10:50 PM
- Posted Re: Splunk Forwarder and Receiver Problem on Getting Data In. 10-05-2012 01:44 PM
- Posted Re: Splunk Forwarder and Receiver Problem on Getting Data In. 10-05-2012 10:38 AM
- Posted Splunk Forwarder and Receiver Problem on Getting Data In. 10-04-2012 11:07 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
10-15-2012
11:18 PM
Hi Kristian.kolb,
Your point made sense and now i have almost distributed data across all indexers in random fashion. Will again index the data on 8 indexers and hopefully that will sort out my problem.
Thanks for the big big help.
Mehal
... View more
10-12-2012
11:42 AM
not to indexes.conf but i have added can delete role in admin.. Also my data is of 1987. so timestamp is of 1987 when indexed.
... View more
10-08-2012
03:22 PM
Year is 4 digits long. example 1999
quarter is 1 digit long. example 3
month is max 2 digits long example 12 or 4
dayofmonth is max 2 digits long example 5 or 23
CRSdeptTime is 4 digits long example 0930 [09 hours 30 min]
... View more
10-08-2012
12:51 AM
from the search view ( flashtimeline ) you can search with index=_internal and search for some of yours files as search arguments (probably using wildcards to make things easier)
... View more
10-05-2012
01:44 PM
Yes, I tried following that but doesn't helping me much.
I did below to inputs.conf and outputs.conf files :
In SplunkForwarder:
I edited outputs.conf with following
[monitor://mnt/cloudstorage/unzipped_data]
_TCP_ROUTING = *
index = _internal
sourcetype=airtime_csv
edited inputs.conf with following
[tcpout:splunkindexer]
server = ipaddress:9997
In Splunk:
I edited outputs.conf with following
Edited inputs.conf with below
[splunktcp:9997]
and nothing for outputs.conf
But not working out.Also do we change above files in /etc/system/local directory or /etc/system/default directory ?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:03 AM
|
