Splunk Configuration that you Would Like to Do, bu...

muebel · ‎10-26-2010

Splunk is very flexible... maybe too flexible? What is that one thing that you have been wanting to do, maybe have been meaning to do, but haven't been able to make the time to do it, or figure out how to do it. It could be something weird, something that might not have a solid "business case" behind it, but you think would be sweet to have.

lrhazi · ‎10-26-2010

Create a nightly, or hourly, report of hosts that we did not hear from in a while, since an hour for example.
Create a regular report of repetitive events which would be candidates to redirecting to NULL queue.

ftk · ‎10-26-2010

Oh and Splunk internally is working on a forwarder monitoring app to be released soon.

ftk · ‎10-26-2010

For your first bullet: http://answers.splunk.com/questions/3004/alerting-on-forwarder-up-down-events and http://answers.splunk.com/questions/798/how-do-i-tell-if-a-forwarder-is-down and http://answers.splunk.com/questions/8261/newbe-question-how-do-i-list-machines-reporting-to-my-splun...

christopherutz · ‎10-26-2010

"Create a nightly, or hourly, report of hosts that we did not hear from in a while, since an hour for example." I can see this being extremely useful. Despite numerous monitoring checks every once and a while we end up with a LWF not running and users screaming because results are inconsistent.

Splunk Configuration that you Would Like to Do, but Haven't had the Time?

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!