The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Forums: Posted by ASW3382
| Topic | Author | Replies | Latest Post |
|---|---|---|---|
|
Old topic new tune?
In: SplunkAdministration
(Not tagged)
Anyone? A simple search outputting name of server and amount indexed would be helpful...
Oh and I have run: index=_internal todaysBytesIndexed LicenseManager-Audit source=*license_audit.log ... I am currently running the free version. I considered the pay for a while but didn't need any of the ... |
2
|
22 months ago... | |
|
Splunk misreporting indexed events?
In: SplunkAdministration
(Not tagged)
ahhh now those were interesting, took 4 minutes a piece to run about but gave me a neat graph ;) I need ...
ya it just says localhost. Oh and if it helps I am only monitoring 6 hosts. oh I assumed since the numbers were so high it was counting the indexes themselves, counting events ... I run a fairly small network, about 70 users, I have exceeded the 500MB limit 3 times. Once by about ... |
6
|
47 months ago... | |
|
Logging Advise
In: SplunkAdministration
(Not tagged)
Oh I log everything, I am still in the trial stages of Splunk. Something that I have found exceedingly ...
|
2
|
47 months ago... | |
|
Trying to index IIS log files, having some issues
In: SplunkAdministration
(Not tagged)
I havent run snare on an IIS server, does it support them?
But if you are just testing, Dump the ...
|
7
|
47 months ago... | |
|
Wrong Host Reported
In: SplunkAdministration
(Not tagged)
Any movement on this araitz? I doublechecked my DNS settings just to be sure and cant find any weirdness. ...
If I tag it then What happens when my fortigate sends logs then? As I showed above my PTR records ... oops, that nslookup for fortigate10 should look like: Server: DNS.domain.tld Address: X.X.10.107 Name: ... sorry that post was clear as mud, let me simplify. X.X.30.111 with a fqdn as www.domain.tld, but splunk ... I have logs coming from a syslog-ng client on a X.X.30.111 address. which an nslookup will show the ... |
7
|
47 months ago... | |
|
FIFO Queues
In: SplunkAdministration
(Not tagged)
if the license wasn't $5K there wouldn't be a problem ;) 30 days isn't log enough for me to get a good ...
ya I am thinking of using netcat to push the files out. If not I am sure I could whip up a perl script ... Ok I got it working, a lot of tweaking, your script you copied and pasted is wrong, your (5000) should ... Cool, we will see if that works. I was under the impression that TCP did not work with the free server, ... I am running Splunk on a windows server. I am using a FIFO queue because I dont know how to create ... Ok, I am having a hard time justifying purchasing the pro product here when I cant do something as simple ... I have created a fifo queue using the only instructions I could find on the net regarding it. found ... |
10
|
47 months ago... | |
|
How to monitor logs in other machine?
In: SplunkPreview
(Not tagged)
//It would be nice to have a client that can be deployed to a group of macnines with a preset configuration. ...
|
8
|
48 months ago... | |
|
Bugs
In: SplunkPreview
(Not tagged)
Along these lines, a password change to the current logged on account causes crawl link to break until ...
Found the default U/P here //www.splunk.com/doc/print/3.2.6/admin// spoke too soon, fixed the local browser issue, problem with IE. Still having issues with u/p or maybe just ID10T errors as it seem other people are runing the preview just fine. I installed on ... |
3
|
48 months ago... | |
|
Windows Mass Deployment
In: SplunkAdministration
(Not tagged)
Sorry, just saw your post today :) Did you get this all done? I don't have a script yet. But if you ...
Also with splunk, (newbie here), I am assuming the upgrades are just a matter of pushing the data to ... Well I can only speak for my environments, pretty small so far >1000 nodes. But my app pushes have ... I handle all my inventory checks with a 3rd party inventory software, Spiceworks. GPO works well for ... You can push them out via GPO easily. You can then set the instance (I am guessing as a forwarder) ... |
9
|
48 months ago... | |
|
Splunk not firing
In: SplunkAdministration
(Not tagged)
//Turns out I need the 'http://' in front of that and it works fine.//
Bah you IE users ;)
j/k ...
The installer should have opened a browser, if it didn't I would guess that the installation had issues. ... Clicking splunk in the start menu just starts the service. If you want the webgui you need to open ... |
7
|
48 months ago... | |
|
AD Guide
In: SplunkAdministration
(Not tagged)
OK here is precisely what I was looking for and found. I will document here for fellow newbies.
Below ...
I use other applications to monitor many boxes via WMI calls. Of course this is a kind of round robin ... Ok this was great and all until I hit the hitch that receiving is only enabled in the enterprise version. Am ... Perfect thanks! in my 'obtuseness' I did not understand that from the documentation. I will have to ... I am new to splunk and it seems to be a fantastic product in my demoing of it. However, I am running ... |
6
|
48 months ago... |