Activity Feed
- Posted Re: Splunk app for infrastructure script error on Security. 01-11-2023 09:05 AM
- Karma I see this error in my search head Low Level HTTP request failure err=failed method=POST path=/ for btshivanand. 04-28-2022 06:26 AM
- Karma Set token from search on ITSI glass table for gpugliese. 02-16-2022 12:36 AM
- Karma Re: How to specify Google Maps URL for map tiles in Splunk? for ikislukhin_splu. 06-05-2020 12:47 AM
- Karma ERROR BucketMover for abhayneilam. 06-05-2020 12:47 AM
- Karma bucketmover permission denied archiving for freeborn. 06-05-2020 12:47 AM
- Karma Re: Deployment Server: deploying in baby steps for Brandon_ganem1. 06-05-2020 12:46 AM
- Karma Re: Best practices to deploy the S.o.S app in a distributed search environment for hexx. 06-05-2020 12:46 AM
- Karma Error when upgrading from Splunk Enterprise 5.0.5 to 6.0. for amgoldschmidt. 06-05-2020 12:46 AM
- Karma fail to connect with java sdk for perseger. 06-05-2020 12:46 AM
- Karma OpenSSL security bug for mpavlas. 06-05-2020 12:46 AM
- Karma Re: Dashboard single and rangemap for ziegfried. 06-05-2020 12:46 AM
- Karma What is: ERROR BucketMover - sizeBytes=xxx candidateBytes=yyy for rune_hellem. 06-05-2020 12:46 AM
- Karma Re: Forwarder keeps crashing for MuS. 06-05-2020 12:46 AM
- Karma Re: App to monitor forwarder -> indexer connection? for Genti. 06-05-2020 12:45 AM
- Posted Why doesn't the eval token for correcting hostname work in the following dashboard? on Dashboards & Visualizations. 09-20-2018 05:22 AM
- Tagged Why doesn't the eval token for correcting hostname work in the following dashboard? on Dashboards & Visualizations. 09-20-2018 05:22 AM
- Tagged Why doesn't the eval token for correcting hostname work in the following dashboard? on Dashboards & Visualizations. 09-20-2018 05:22 AM
- Posted Re: Errors like "ERROR ProccessTracker - (child_4707__Fsck) Fsck" on Security. 01-15-2016 12:27 AM
- Posted Re: Errors like "ERROR ProccessTracker - (child_4707__Fsck) Fsck" on Security. 01-14-2016 05:04 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
01-11-2023
09:05 AM
Hi @aalaa, just in case, you didn't figured it out yet. Most likely is the problem, that your language of ubuntu is not set to english. The installer script checks, if the lib is installed and fails, if there is no "installed" in the output. So switch your os language to english and it should work. All the best Christoph
... View more
09-20-2018
05:22 AM
Hi everybody,
I have the following problem:
On the first dashboard, there are a lot of panels, which should link to a more detailed view about a special host. On most of the charts, the link does work. But on one panel, the $click.name2$ Value is not "host" but "send: host" or "received: host". I have found a way to correct it on this panel, so I thought, I could change the host in the detail view:
<init>
<eval token="form.tok_host"> replace($form.tok_host$, ".*?([^\s]+)$", "\1")</eval>
</init>
I even tried 'form.tok.host' instead of $form.tok_host$ .
But seems like, this just sets the token to blank. Does anybody know an answer to this problem?
Greetings
Christoph
... View more
01-15-2016
12:27 AM
Sorry for asking, but is there any difference? I'm not responsible for the storage, I'm just the admin for Splunk. What have to be done to make it work again, so I can contact my colleague for correction.
Thanks!
... View more
01-14-2016
05:04 AM
I found some new and strange thing. When I use df -h . on my filesystem:
Filesystem Size Used Avail Use% Mounted on
indizes 500G 164G 337G 33% [...]/indizes
Using REST-API | rest splunk_server=[...] /services/server/status/partitions-space | table available, capacity, fs_type, updated
It's really strange. It should be 345000 in the available cell...
... View more
12-30-2015
06:46 AM
Yes, the user running splunkd has write access to the directory.
Disk space is also available.
[indizes]$ df -h .
Filesystem Size Used Avail Use% Mounted on
indizes 500G 152G 349G 31% [...]/indizes
But we had a short problem, where the filesystem was only 150G and was used 100%. But now, we resized the volume and restarted splunk.
... View more
12-30-2015
12:45 AM
The last few days, I got a lot of ERROR messages.
12-30-2015 09:26:37.537 +0100 ERROR ProcessTracker - (child_4707__Fsck) Fsck - idx=_internal bkt='[***]indizes/_internaldbcolddb/db_1450751023_1450751018_1407' Failed to write: (but will ignore per SPL-52537 hack) bloomfilter || size manifest || .finalized
12-30-2015 09:26:37.537 +0100 ERROR ProcessTracker - (child_4707__Fsck) BucketBuilder - process=recover-metadata failed with exit_code=214 (exited with code 214)
12-30-2015 09:26:29.663 +0100 ERROR ProcessTracker - (child_4706__Fsck) Fsck - idx=_internal bkt='[***]indizes/_internaldb/colddb/db_1450751025_1450750016_1183' Failed to write: (but will ignore per SPL-52537 hack) bloomfilter || size manifest || .finalized
12-30-2015 09:26:29.663 +0100 ERROR ProcessTracker - (child_4706__Fsck) BucketBuilder - process=recover-metadata failed with exit_code=214 (exited with code 214)
12-30-2015 09:26:24.514 +0100 ERROR ProcessTracker - (child_4705__Fsck) Fsck - idx=_internal bkt='[***]indizes/_internaldb/colddb/db_1450751068_1450750585_1186' Failed to write: (but will ignore per SPL-52537 hack) bloomfilter || size manifest || .finalized
12-30-2015 09:26:24.514 +0100 ERROR ProcessTracker - (child_4705__Fsck) BucketBuilder - process=recover-metadata failed with exit_code=214 (exited with code 214)
12-30-2015 09:26:21.364 +0100 ERROR ProcessTracker - (child_4704__Fsck) Fsck - idx=_internal bkt='[***]indizes/_internaldb/colddb/db_1450751355_1450751015_1187' Failed to write: (but will ignore per SPL-52537 hack) bloomfilter || size manifest || .finalized
12-30-2015 09:26:21.364 +0100 ERROR ProcessTracker - (child_4704__Fsck) BucketBuilder - process=recover-metadata failed with exit_code=214 (exited with code 214)
I checked permissions on those directories - they are ok.
Does anybody know, where exactly the problem is?
... View more
09-15-2015
05:48 AM
Thanks' alot. This will help.
... View more
09-09-2015
06:23 AM
Hi,
I already found some questions to this, but none of them was a solution to my problem.
Can I run the Cluster Master and the Deployment Server on the same instance?
The Cluster Master will push the configuration to the peers and the Deployment Server send the configuration to all the forwarders. Will they impede each other or is this a possible way to go?
Best
Christoph
... View more
03-19-2014
01:57 AM
We have on Server with 3 forwarders installed. One of those are not working anymore. It keeps crashing shortly after restarting:
[build 182037] 2014-03-19 09:44:40
Received fatal signal 6 (Abort).
Cause:
Unknown signal origin (si_code=-1).
Crashing thread: archivereader
Registers:
PC: [0xFFFFFFFF796DCB68] __lwp_kill + 8 (/lib/sparcv9/libc.so.1)
nPC: [0xFFFFFFFF796DCB6C] __lwp_kill + 12 (/lib/sparcv9/libc.so.1)
Y: [0x0000000000000000]
G1: [0x00000000000000A3]
G2: [0x0000000101208A4C]
G3: [0x0000000000000000]
G4: [0x0000000000000000]
G5: [0xFFFFFFFFFF7FFFFF]
G6: [0x0000000000000000]
G7: [0xFFFFFFFF7A60D200]
O0: [0x0000000000000000]
O1: [0x0000000000000006]
O2: [0xFFFFFFFF7BE08334]
O3: [0xFFFFFFFF7964C178]
O4: [0x0000000000000005]
O5: [0xFFFFFFFF7984EC60]
O6: [0xFFFFFFFF740F2471]
O7: [0xFFFFFFFF7967443C]
OS: SunOS
Arch: SPARC
Backtrace:
[0xFFFFFFFF7967443C] raise + 16 (/lib/sparcv9/libc.so.1)
[0xFFFFFFFF7964C178] abort + 208 (/lib/sparcv9/libc.so.1)
[0xFFFFFFFF7964C464] _assert + 116 (/lib/sparcv9/libc.so.1)
[0x0000000100382DA4] _ZN17ArchiveCrcChecker21seekAndComputeSeekCrcEv + 740 (/pkg/PRSL/fPRSLFB/splunkforwarder/bin/splunkd)
[0x0000000100386E1C] _ZN17ArchiveCrcChecker5writeEPKcm + 492 (/pkg/PRSL/fPRSLFB/splunkforwarder/bin/splunkd)
[0x0000000101101274] _ZN17ArchiveCrcChecker5writeEPKvm + 12 (/pkg/PRSL/fPRSLFB/splunkforwarder/bin/splunkd)
[0x0000000100634758] _ZN14ArchiveContext7processERK8PathnameP13ISourceWriter + 688 (/pkg/PRSL/fPRSLFB/splunkforwarder/bin/splunkd)
[0x0000000100635188] _ZN14ArchiveContext9readFullyEP13ISourceWriterRb + 1080 (/pkg/PRSL/fPRSLFB/splunkforwarder/bin/splunkd)
[0x0000000100385840] _ZN16ArchiveProcessor20haveReadAsNonArchiveE14FileDescriptorlPK3Str + 512 (/pkg/PRSL/fPRSLFB/splunkforwarder/bin/splunkd)
[0x0000000100388E78] _ZN16ArchiveProcessor4mainEv + 4048 (/pkg/PRSL/fPRSLFB/splunkforwarder/bin/splunkd)
[0x00000001009BA560] _ZN6Thread8callMainEPv + 128 (/pkg/PRSL/fPRSLFB/splunkforwarder/bin/splunkd)
[0xFFFFFFFF796D8AFC] _thr_slot_offset + 1160 (/lib/sparcv9/libc.so.1)
SunOS / tpm2s120 / 5.10 / Generic_148888-01 / sun4u
Last few lines of stderr (may contain info on assertion failure, but also could be old):
Assertion failed: (file_offset_t)_seekPtr >= dp->curPos(), file /opt/splunk/p4/splunk/branches/6.0.0/src/pipeline/input/ArchiveProcessor.cpp, line 1044
2014-03-17 15:38:48.849 +0100 splunkd started (build 182037)
Assertion failed: (file_offset_t)_seekPtr >= dp->curPos(), file /opt/splunk/p4/splunk/branches/6.0.0/src/pipeline/input/ArchiveProcessor.cpp, line 1044
2014-03-17 15:46:00.719 +0100 splunkd started (build 182037)
Assertion failed: (file_offset_t)_seekPtr >= dp->curPos(), file /opt/splunk/p4/splunk/branches/6.0.0/src/pipeline/input/ArchiveProcessor.cpp, line 1044
2014-03-19 09:44:11.873 +0100 splunkd started (build 182037)
Assertion failed: (file_offset_t)_seekPtr >= dp->curPos(), file /opt/splunk/p4/splunk/branches/6.0.0/src/pipeline/input/ArchiveProcessor.cpp, line 1044
Last errno: 0
Threads running: 29
argv: [splunkd -p 8090 start]
Thread: "archivereader", did_join=0, ready_to_run=Y, main_thread=N
First 4 bytes of Thread token @104399bfc:
00000000 00 00 00 1c |....|
00000004
terminating...
Does anybody got an idea, what the problem is?
... View more
