cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
mahars01
Explorer
Member since: ‎03-16-2020
‎09-22-2022
Community Statistics
Posts 5
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎03-16-2020
Activity Feed
View All

Re: Splunk indexer filtering

by in Getting Data In
‎09-20-2022 08:29 AM
‎09-20-2022 08:29 AM
I had already thought of that. Unfortunately that's not going to work on my scenario. ... View more

Re: Splunk indexer filtering

by in Getting Data In
‎09-20-2022 06:16 AM
‎09-20-2022 06:16 AM
I am talking about filtering the data before it gets indexed. I donot want to index irrelevant data. I know you can use sed in props.conf and sed does have that kind of feature that gives u the matched event and the one before that. Just not sure how to use that to only index the ones i need and discard the rest. ... View more

How to filter relevant data from a noisy applicati...

by in Getting Data In
‎09-19-2022 07:25 PM
‎09-19-2022 07:25 PM
I have a very noisy app log. I want to use Splunk's indexer to filter only relevant data and index them. Basically I need to match a string 'Error', only forward the matched line and the line preceding that one for indexing. In other words, I need to do a grep and a grep -B1 for the string Error. Then, I only want to index those events using Splunk's indexer filtering. How do I do that?   Example: I have this log data INFO: Task1 INFO: OK INFO: Task 2 ERROR: exception xyz   Here, I only want to capture and index this: INFO: Task 2 ERROR: exception xyz ... View more
Labels

Re: Getting search disk quota error and dispatch d...

by in Splunk Enterprise
‎03-17-2020 11:39 AM
‎03-17-2020 11:39 AM
Thank you. I was able to fix it by making up some space in the filesystem and deleting some huge saved searches. It looks like Splunk creates these RemoteStorageRetrieveIndexes_* directories when the disk space falls below desired value. ... View more

Getting search disk quota error and dispatch direc...

by in Splunk Enterprise
‎03-16-2020 06:58 PM
1 Karma
‎03-16-2020 06:58 PM
1 Karma
Hello I have this dispatch directory getting filled by by RemoteStorageRetrieveIndexes_* directory getting created multiple times in a minute. I am not sure where this is coming from. I checked all the saved searches, alerts. I even recursively grepped the entire splunk config directory but found nothing defined by this name. I think this is causing issue with search disk quota being exhausted. What could be creating this directory? It only started happening recently. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎09-22-2022 01:23 PM
Karma from
View All