About dctopper

dctopper · ‎12-27-2017

I'm seeing the same message, however; it is appearing on my IDX cluster peers. It corresponds to a spike in CPU processing on the affected node. Seen in splunkd.log: WARN PeriodicReapingTimeout - Spent 57296ms reaping search artifacts in ./var/run/splunk/dispatch WARN TcpInputProc - Stopping all listening ports. Queues blocked for more than 300 seconds bucket replication errors follow as peers try to stream to the affected node... What might be causing the Timeout?

dctopper · ‎02-18-2014

Exactly what I needed - thanks again!

dctopper · ‎02-14-2014

Hi, I've run into a problem: Splunk ingests Window's security events in such a way that field names may occur more than once and have different values assigned. (e.g., 'Security_ID' can equate to any of the following: alpha-numeric account SID, actual account name, or even account group) I want to compose a search that compares the SIDs from two different events and gives results if a match is found. Something like: Search for two events, A & B, occurring within 5 seconds of each other, where A possesses an alpha-numeric SID that exactly matches an alpha-numeric SID listed in event B. The alpha-numeric value is not known in advance. Any insight on how to do this? Your help is much appreciated! -Dave

dctopper · ‎08-01-2013

Awesome. Thank you.

dctopper · ‎08-01-2013

Hello, I'd like to forward the SetupAPI.dev.log to Splunk, but I'm not sure what stanza to put into the inputs.conf file. Any ideas? Thanks

Posts	5
Solutions	0
Karma Given	7
Karma Received	0
Member Since	‎08-01-2013

Online Status	Offline
Date Last Visited	‎01-21-2021 06:43 PM

Comparing Field Names and Values

Windows Splunk forwarder inputs other than WinEven...

Re: What is meant by "Spent X ms reaping search ar...

Re: Comparing Field Names and Values

Comparing Field Names and Values

Re: Windows Splunk forwarder inputs other than Win...

Windows Splunk forwarder inputs other than WinEven...