The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Forums: Posted by rotten
| Topic | Author | Replies | Latest Post |
|---|---|---|---|
|
Using Apache HTTP server to redirect port 80 to Splunk's port
In: SplunkAdministration
(Not tagged)
Do you have modproxy installed and loaded in Apache? Are there any errors in the apache log?
We ...
Splunk has its own built-in web server. You can set up a transparent proxy in Apache to forward the ... |
5
|
22 months ago... | |
|
Checking Splunk logins
In: SplunkAdministration
(Not tagged)
Sorry about that. Try index=_audit . I think it used to be in _internal in Splunk 3.x, but in Splunk ...
You'll want to search the audit log in the _internal index for entries like this: 04-27-2010 10:09:00.706 ... |
4
|
22 months ago... | |
|
polling an http source
In: SplunkAdministration
(Not tagged)
I just did a quick scripted input. While I was at it, I filtered out some HTML junk that was in there ...
I'm sure I've read somewhere on the splunk sites - documentation, forums, blogs, or something, tips ... |
2
|
22 months ago... | |
|
Monitor *NIX by distributed search
In: SplunkAdministration
(Not tagged)
Are you saying:
"""
'sourcetype' searches don't seem to work in a distributed search for the unix ...
|
2
|
22 months ago... | |
|
4.1 LDAP Issues
In: SplunkAdministration
(Not tagged)
Does that mean it will break the changes I put into 4.1 to get it to work? Will I have to undo the ...
|
2
|
22 months ago... | |
|
Running Splunk on Port 80
In: SplunkAdministration
(Not tagged)
I second the idea of using iptables. Then you can run Splunk as a non-root user (because it won't ...
|
4
|
23 months ago... | |
|
Ownership of the splunk directory on Solaris
In: SplunkAdministration
(Not tagged)
If the admins won't let you become the splunk user, maybe they will put an ACL on the tree to give you ...
|
2
|
23 months ago... | |
|
Admin password in free edition
In: SplunkAdministration
(Not tagged)
Put a transparent proxy (using Apache) in front of it, and put authentication in Apache.
|
4
|
23 months ago... | |
|
Pointers for getting started on making a performance dashboard?
In: SplunkAdministration
(Not tagged)
One thing that can save a lot of time is to format your data in key-value pairs. Splunk parses these ...
|
5
|
24 months ago... | |
|
Indexing on search head - how?
In: SplunkAdministration
(Not tagged)
Another thing to check for is to disable the sample app.
Moving your indexes.conf won't help. The defaults will just kick in. What you can do is set "disabled ... |
12
|
24 months ago... | |
|
Multiple Indexes for Performance
In: SplunkAdministration
(Not tagged)
Thanks!
We've set up the buckets so we get only one fresh one every day or so. (dbinspect over the ...
Some of our data is rarely searched, and some is frequently searched. Would moving the frequently searched ... There are obvious reasons for wanted multiple indexes when you have different access requirements, different ... |
4
|
24 months ago... | |
|
Upgrade splunk version on multiple hosts
In: SplunkAdministration
(Not tagged)
I've been using cssh for stuff like this for years. Here is a man page to it: http://linux.die.net/man/1/cssh ...
|
4
|
24 months ago... | |
|
color mapping
In: SplunkRequest
(Not tagged)
Can we map the colors of the lines in graphs to a specific values? Sort of a lookup/translation table ...
|
1
|
25 months ago... | |
|
Date Ranges and Reporting
In: SplunkRequest
(Not tagged)
When I select a Date Range, why can't Splunk remember the date range I just picked, so the next time ...
|
–
|
25 months ago... | |
|
Use custom index in Apps
In: SplunkApplications
(Not tagged)
I second the ER. Organizing classes of data by index is something we are just starting to do. Then ...
|
4
|
26 months ago... | |
|
sourcetype confusion
In: SplunkAdministration
(Not tagged)
Answers to my questions determined by further experimentation:
1) The props.conf and transforms.conf ...
So you don't force the sourcetype in props.conf. You refer the source to a transform, and then force ... I am having the darndest time getting sourcetypes to map correctly. (Splunk 4.0.5) When I can, assigning ... |
3
|
26 months ago... | |
|
Siteminder logs.
In: SplunkGeneral
(Not tagged)
Thanks. The moosebreath blog post is very interesting. We are running a newer version of Siteminder ...
logrotate would have to restart siteminder, otherwise I think siteminder would just follow the log rather ... I submitted this question as a support ticket. I thought I'd also ask the Splunk user community in ... |
4
|
27 months ago... | |
|
Sun T5120/T5220
In: SplunkAdministration
(Not tagged)
So I guess we have two problems with different metrics and capabilities:
1) How fast can you index ...
I find this hard to believe (sorry!). Sun has several different classes of processors that perform ... |
7
|
28 months ago... | |
|
New Splunk user, lots of things not working. Help!
In: SplunkAdministration
(Not tagged)
This should question should be in a Splunk FAQ. I think it is one of the deficiencies of the documentation ...
|
7
|
28 months ago... | |
|
How to conform to a strict log-retention policy?
In: SplunkAdministration
(Not tagged)
Could this user set up an automated search that used the delete operator to enforce a data 'retention' ...
|
16
|
29 months ago... |