cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
edbolton
Explorer
Member since: ‎03-05-2012
‎06-05-2020
Community Statistics
Posts 8
Solutions 2
Karma Given 9
Karma Received 2
Member Since ‎03-05-2012
Activity Feed
View All

Re: Sourcefire estreamer

by in Splunk Search
‎09-24-2013 08:31 AM
‎09-24-2013 08:31 AM
You need to export the envrionment variable SPLUNK_HOME in your shell. KeyError: 'SPLUNK_HOME' ... View more

Re: Splunk for SOURCEfire Dependencies

by in All Apps and Add-ons
‎07-31-2012 08:12 AM
‎07-31-2012 08:12 AM
OpenSSL 1.0 and IO::Socket::SSL 1.76 seem to be working. ... View more

Re: Best practice for load-balancing Splunk for SO...

by in Knowledge Management
‎07-25-2012 07:10 AM
‎07-25-2012 07:10 AM
"Is it possible to make an intermediate forwarder the eStreamer client and then load-balance the events over multiple indexers?" Yes. ... View more

Splunk for SOURCEfire Dependencies

by in All Apps and Add-ons
‎07-13-2012 01:17 PM
‎07-13-2012 01:17 PM
What are the perl et al dependencies for the Splunk for SOURCEfire app? They don't seem to be documented anywhere. ... View more

Best practice for load-balancing Splunk for SOURCE...

by in Knowledge Management
‎06-18-2012 01:45 PM
‎06-18-2012 01:45 PM
What is the best practice for using this app in a load-balanced cluster? Is it possible to make an intermediate forwarder the eStreamer client and then load-balance the events over multiple indexers? ... View more

Re: Splunk backup and restore procedure?

by in Monitoring Splunk
‎05-10-2012 01:26 PM
2 Karma
‎05-10-2012 01:26 PM
2 Karma
You don't need to stop Splunk to backup the configs. As far as the configs go, create a git repo in $SPLUNK_BACKUP (off box, hopefully) then add this cron job however often you want the configs backed up (hourly, daily, decade-ly) rsync -vaz $SPLUNK_HOME/etc/ $SPLUNK_BACKUP/; cd $SPLUNK_BACKUP; git commit -a -m "Configs as of $(date)"; Then you can revert back to whatever version of your configs you want by looking through git log for the date you want to revert to, running git checkout $COMMIT , copying it to your indexer(s), and bouncing splunkd ... View more

Re: CEF output to Arcsight - where can I find 'rto...

by in Splunk Search
‎05-04-2012 01:16 PM
‎05-04-2012 01:16 PM
I'm very interested in doing this in my environment, has there been any movement on the UI/formal support? ... View more

Re: Splunk Server: RHEL or Win2008

by in Getting Data In
‎05-03-2012 10:27 AM
‎05-03-2012 10:27 AM
@lawndart Be aware that there are some SplunkBase Apps (notably SOURCEfire) which are currently unsupported on Windows. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All
Karma given to