The OS kernel bug in 2012 caused a "livelock" in the "futex" code (the code responsible for handling user-land mutexes in multithreaded programs) The most common thing affected on servers seems to have been java processes. However, like java splunk is very multithreaded so it can be victimized as well So the issue with leap second was never with Splunk, but rather with *nix distributions, most of which are likely no longer in use. From the perspective of Splunk, there isn't anything in our code to fix and we don't expect issues. Even in 2012, it wasn't our bug, we just worked around it. We recommend working with your OS vendors on upgrading tkem as needed. A few possibly useful links https://bugzilla.redhat.com/show_bug.cgi?id=836803 , https://lkml.org/lkml/2012/7/1/176. Please google for your OS context, https://blogs.oracle.com/java-platform-group/entry/the_2015_leap_second_s, https://access.redhat.com/articles/15145, ... ... View more

The OS kernel bug in 2012 caused a "livelock" in the "futex" code (the code responsible for handling user-land mutexes in multithreaded programs) The most common thing affected on servers seems to have been java processes. However, like java splunk is very multithreaded so it can be victimized as well So the issue with leap second was never with Splunk, but rather with *nix distributions, most of which are likely no longer in use. From the perspective of Splunk, there isn't anything in our code to fix and we don't expect issues. Even in 2012, it wasn't our bug, we just worked around it. We recommend working with your OS vendors on upgrading tkem as needed. A couple of possibly useful links https://bugzilla.redhat.com/show_bug.cgi?id=836803 , https://lkml.org/lkml/2012/7/1/176. Please google for your OS context ... View more

You can track the Splunk releases by subscribing to http://www.splunk.com/page/release_rss ... View more

The autocomplete issue is now in http://docs.splunk.com/Documentation/Splunk/6.2.2/ReleaseNotes/KnownIssues#Highlighted_issues. That and the above SPL are now fixed in 6.2.3 ... View more

Also in some cases logging directly on the node itself and doing this seem to work curl -k -u USER:LOGIN --request DELETE "https://localhost:mgmt_port/services/cluster/slave/buckets/BUCKET_ID" -d bucket_id='BUCKET_ID' ... View more

This happens also when the queues are full and the indexers are overloaded. ... View more

FWIW, the foreach command is now available as at http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Foreach ... View more

Splunk has a foreach command http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Foreach ... View more

You can go to www.splunk.com and click on the Support pull down menu and then on the support portal which is the last item. You will need your authorized credentials to log into the support portal. ... View more

Thanks for taking the time to respond. We restored the btree files from a snapshot -- but it had no apparent effect. We backed up all of the original files in the root home directory first, and ran Splunk's file check utility afterward, but Splunk seemed to take little notice of the change. - sheilatabuena You have restarted the Splunk instance after restore? ./splunk fsck --all --repair should fix. If not, renaming the splunk_private_db folder in the fishbucket directory and restarting the instance will hopefully generate btree files in a new directory ... View more

Looks like your BTree is corrupted somehow. did you have a hard system crash around this time? Please check your $SPLUNK_HOME/var/lib/splunk/fishbucket/splunk_private_db. If you have a 'snapshot' directory in there, you can try to restore it to the snapshot: stop splunkd cp $SPLUNK_HOME/var/lib/splunk/fishbucket/splunk_private_db/snapshot/btree* $SPLUNK_HOME/var/lib/splunk/fishbucket/splunk_private_db restart splunkd ... View more

An enhancement request has been filed but no commit yet ... View more

Have you checked audit and scheduler logs and see if there any errors related to the jobs or saved searches? The python.log messages could be red herrings especially if the Mobile message is not relevant and it also does not work on any other devices. ... View more

For simple XML, in 5.0.3.1 and above, you can set the config as below in $SPLUNK_HOME/etc/system/local/web.conf [settings] simple_xml_force_flash_charting = true For Advanced XML, change layoutPanel="graphArea"> in etc/apps/search/default/data/ui/views/charting.xml to FlashChart. Hope This Helps! ... View more