Forums: Posted by gfoden
| Topic | Author | Replies | Latest Post |
|---|---|---|---|
|
Upgrading from one version to another
In: SplunkAdministration
(Not tagged)
I remember reading an article on the Splunk website about how to upgrade a Splunk installation to a ...
|
gfoden
Posts |
1
|
7 months ago... |
|
Deployment server
In: SplunkAdministration
(Not tagged)
I noticed that the deployments.conf file has been removed in the bundles in version 3.2 and that the ...
|
gfoden
Posts |
1
|
9 months ago... |
|
Transaction Processor
In: SplunkPreview
(Not tagged)
Any news on grouping log files with transam using several ids? So if files logA and logB use transactionid1 ...
That's a bit disappointing as I thought that that was the main advantage of the transaction processor: ... Sorry just bumping this up to see if you can answer my question. I still can't find anything in the ... This is a great feature to be added (I didn't find that the whole metaevents features was really that ... |
gfoden
Posts |
6
|
10 months ago... |
|
Configuring Dashboards
In: SplunkGeneral
(Not tagged)
I kind of understand the configuration of the dashboards in prefs.conf
Each dashboard is defined as ...
I would like to be able to restrict the list of hosts or possibly sources that a role will see, when ... I would like to be able to restrict the list of hosts or possibly sources that a role will see, when ... I would like to be able to restrict the list of hosts or possibly sources that a role will see, when ... I'm trying to create a different dashboard to the default. I understand that you can create saved searches ... |
araitz
Posts |
5
|
10 months ago... |
|
Transaction processor
In: SplunkAdministration
(Not tagged)
Hi,
Just a few comments:
I'm now understanding the behaviour of the transam but if you "pipe" results ...
Hi, Just a few comments: I'm now understanding the behaviour of the transam but if you "pipe" results ... Hi, I've been trying to use the transam command in the preview version of Splunk. How should this command ... |
araitz
Posts |
4
|
10 months ago... |
|
Deployment clients
In: SplunkGeneral
(Not tagged)
Still no luck after removing the hyphen. In splunk/etc/modules/ there are two folders distributedDeployment ...
OK I'm finding the documentation on deployment servers very confusing: I opted for the deployment model ... So if the client receives two bundles for the two classes it belongs to, which configuration takes priority ... Hi, Can you please explain which directory deployment clients download their bundles to? Say a client ... |
araitz
Posts |
6
|
10 months ago... |
|
Search fields and distributed system
In: SplunkAdministration
(Not tagged)
Ok the wrong name being assigned to the field is my fault: the stanza was missing the = sign after FORMAT. ...
I wanted to try search fields to start with as I understand there are more features such as the meta ... In a forwarder/indexer configuration, I was assuming that the definition of additional search fields ... |
araitz
Posts |
3
|
10 months ago... |
|
Is there a way to enforce a specific dashboard to a user?
In: SplunkGeneral
(Not tagged)
I would be interested in this too. I am not too sure what this "drop down with all the dashboards" is, ...
|
gfoden
Posts |
2
|
10 months ago... |
|
SAN storage, Hot/Cold/Frozen databases and access speeds
In: SplunkAdministration
(Not tagged)
Thanks Alex. Again this would be interesting to us in order to estimate performance and hardware requirements. ...
So when you say pulling back, you mean reading 50000 (which happens to be the default maxresults value) ... Thanks for your help Alex. Could you just explain what you mean by "pulling back". As I don't know ... Actually sorry, it appears that you even suggest using NAS storage for the cold and frozen databases ... Hi, I remember reading somewhere, possibly here on Splunkbase that a recommended storage design for ... |
gfoden
Posts |
7
|
10 months ago... |
|
Management port
In: SplunkAdministration
(Not tagged)
That is an issue of concern for me then. As I wish to install forwarders on web servers. Do you have ...
In terms of security, should such a port be open on an internet-facing device? I read this in the documentation regarding the management port: 8089 - Splunkd management port. Used ... |
araitz
Posts |
5
|
10 months ago... |
|
Duplicate events?
In: SplunkAdministration
(Not tagged)
If a bug may be behind this, I should point out that I changed the datastore location before.
There's ...
I'm very surprised to see that whenever Splunkweb announces a number of events, below, I see exactly ... |
gfoden
Posts |
2
|
10 months ago... |
|
Disable local copy on Splunk forwarder via CLI
In: SplunkGeneral
(Not tagged)
When configuring data forwarding to an indexer on a Splunk forwarder, it appears to be possible to do ...
|
araitz
Posts |
1
|
10 months ago... |
|
Multi-core processors and Splunk
In: SplunkGeneral
(Not tagged)
I remember reading that since version 3, Splunk can take advantage of multi-core processors and that ...
|
araitz
Posts |
1
|
11 months ago... |
|
Restrict memory on a Splunk forwarder
In: SplunkAdministration
(Not tagged)
Regarding the commands that turn the instance into a forwarder, where is the part of the splunk script ...
|
araitz
Posts |
9
|
11 months ago... |
|
Resilient deployment
In: SplunkGeneral
(Not tagged)
I understand that data can be cloned onto two indexers if high availability is required but is there ...
|
araitz
Posts |
1
|
11 months ago... |
|
Transitive meta events
In: SplunkGeneral
(Not tagged)
Cheers. That's something to look forward to in version 3.2. I didn't notice this in the preview thou...
I find it a much more flexible and user-friendly tool than the metaevents. This might have been specific ... Won't this be a bit of an issue as all the processing power will be used at search time: for example ... I've been implementing meta events into some of our data. My main concern is that, having a distributed ... I kind of get the idea behind the meta events (I think) as in this feature builds a new event (meta-event) ... Thanks for your answer (and of course Happy New Year with a bit of delay) Are metaevents the current ... I've finally managed to create meta events from my log data. However, I haven't quite figured out how ... |
araitz
Posts |
12
|
11 months ago... |
|
Unexpected Splunkweb error
In: SplunkSearchAndAlert
(Not tagged)
The error does go away indeed. So no escape characters can be present in log files? I have a number ...
Ok the error occurs whenever the indexer attempts to return anything from this specific file following ... Ok the error occurs whenever the indexer attempts to return anything from this specific file following ... When searching for a specific keyword in some log data, a certain keyword search (bloomberg) produces ... |
araitz
Posts |
8
|
11 months ago... |
|
Deleting data from a specific source?
In: SplunkAdministration
(Not tagged)
thanks for that
Is there any way of deleting data from a specific source (for example a file) that has already been ... |
araitz
Posts |
2
|
11 months ago... |
|
64-bit Operating System?
In: SplunkGeneral
(Not tagged)
By how much should you expect throughput to go up on a 64-bit OS such as a Linux kernel 2.6 as opposed ...
|
araitz
Posts |
1
|
12 months ago... |
|
Splunk forwarders and priority
In: SplunkGeneral
(Not tagged)
It is interesting to know, all the same. Thanks. Indeed, some form of prioritization would be interesting ...
If an indexing host becomes overloaded due to more data than it can handle being sent to it and the ... |
araitz
Posts |
2
|
12 months ago... |