Splunk on Big Data

https://www.youtube.com/watch?v=luLb1Y0gsSg

https://www.youtube.com/watch?v=UiIHp4G3A0k

Returns true if the event matches the search string X.  Find below the skeleton of the usage of the function "searchmatch" with EVAL :                               ...

Effective Usage of "STRPTIME" and "STRFTIME"  Below is the effective usage of the "strptime" and "strftime" function which are used with eval command in SPLUNK :   1. strptime() :            ...

Advantage of Using "Splunk Light" for the Splunkers in the Organization     We have been using SPLUNK Enterprise version for quite a long time and we know the real power of it giving Big...

There are many ways to achieve the above scenario:        1. Using "mvcount and split"             index="_internal"        | head 4        | eval Var="www.google.com"        | eval Result=(mvcount(split(Var,"."))-1)...

While logging to any Splunk Instance through web browser If you encounter the below error on the screen:   IOError: Disc quota exceeded: '/opt/splunk/var/run/splunk/session-'   First of all you must do the following : 1. ssh...

There are many ways to achieve the above scenario :    1. Using "steamstats"               index="_internal" sourcetype=splunkd      | table log_level, splunk_server      | head 4     | streamstats count |...

received event for unconfigured/disabled index='xxxx' with source='source::yyyy' host='host::zzzz' sourcetype='sourcetype::stash' ( 1 missing total ) Please find below some of the short cuts being used in the below article : SH   = Search...

Could not send data to output queue (parsingQueue), retrying... You can increase the file descriptors, etc. but you will probably still have performance issues. I am sure that the forwarder is consuming...