Questions tagged [splunk]

Splunk is a tool for collecting, monitoring, and analyzing log files from servers, applications, or other sources.

The primary features of Splunk include:

Collecting logs from multiple sources into a single location to allow for use without needing to access individual servers.
Parsing of logs with arbitrary formats, including free-form logs with no defined fields
Advanced querying of logs, including
- combining results from different sources
- filtering based on identified field values and pattern matching
- analyzing records using statistical and mapping functions

The name "Splunk" comes from a rewriting of spelunking, a cave exploring hobby.

Splunk is available as both an enterprise application that runs on your servers (with a free tier) and a host service known as Splunk Storm.

Useful links

71 questions

votes

16 answers

Alternatives to Splunk?

I'm pretty impressed with Splunk, especially version 4. Pretty graphs, alerting (Enterprise only), and fast, accurate, searching. It's a great product. However, the cost just way too high to consider for full production use for our company. All we…

asked Sep 05 '09 at 11:14

MichaelGG

1,739
8
25
30

votes

2 answers

Splunk is fantastically expensive: What are the alternatives?

Possible Duplicate: Alternatives to Splunk? This has been discussed, but it has been several months, so it may be time to revisit it: Earlier discussion RE Splunk alternatives For the record, Splunk rocks. But the pricing is simply beyond what we…

syslog datacenter splunk

asked Feb 23 '11 at 20:28

Jonesome Reinstate Monica

5,347
9
54
80

votes

4 answers

Monitoring production server

We have 3 dedicated server, splitted in several VPS using openVZ. We're using munin to monitor the VPS with the production sites, and monit on some one of the VPS to make sure it restarts the service when failing. Thing is we need a much better way…

centos monitoring nagios splunk

asked Sep 18 '09 at 16:08

Adam Benayoun

1,138
2
14
26

votes

4 answers

Thoughts on Free Splunk

I am considering implementing Splunk at my company but am leery about the financial investment. I noticed there is a free version of Splunk that seem to be good enough. Can anyone tell me if you are using the free version at your company? Do you…

splunk

asked Apr 20 '10 at 21:54

dan_vitch

votes

6 answers

Is anybody using Splunk in a large-scale production environment?

I've been watching the videos at splunk.com and really it's hard to believe that one can get all those features for free, there's still that "where's the catch?" in the back of my head. So it'd be great if anybody that is actually using it Splunk on…

log-files splunk

asked Jun 10 '09 at 16:34

Nano Taboada

votes

5 answers

Would you use Splunk?

I'm watching the video at http://www.splunk.com and as someone who is newer to IT management this seems like a great solution to get me started. But I have concerns. I just moved from cPanel and I don't want to end up reliant on another heavy…

ubuntu splunk

asked Aug 16 '10 at 18:06

Ben

3,630
17
62
93

votes

2 answers

Splunk UniversalForwarder fails with " DetermineContextForAllProducts failed witht: 0x65b"

I am attempting to deploy the Splunk UniversalForwarder as an SCCM application using an MSI Deployment Type to a small group of testing servers and am encountering an uncharacteristically confusing issue with the MSI installer. The Deployment Type…

windows-server-2008-r2 sccm msi splunk sccm-2012-r2

asked Mar 23 '15 at 20:05

user62491

votes

1 answer

Using the Augeas INI lens without a header

I am using the IniFile module with augeas to create a Splunk management lens. This works well for all files containing section headers like a normal INI file but there are a couple files that don't follow this scheme, just using the name=value…

puppet splunk augeas

asked Jun 18 '12 at 18:44

Tim Brigham

15,465
7
72
113

votes

5 answers

thought on real time web analytics

we have a few web servers and am planning to create a dashboard to show the real time stats ip address,geo-location and other custom data based on database lookups. Splunk sort of fits perfectly but wondering if there are any open source alternative…

splunk piwik graylog

asked Apr 20 '12 at 05:07

Linus

votes

1 answer

Splunk File & Directory Data Inputs

I've installed Splunk (4.1.5(85165) on windows) and have uploaded some logs without any issues. I now want to monitor a linux server, but I'm having problems adding the datasource and always get the message: Encountered the following error while…

splunk

asked Oct 14 '10 at 10:12

Mr Shoubs

votes

3 answers

Azure NSG not allowing traffic

I am having an odd issue. I have a Windows server in Azure which I have installed Splunk on and I can't get to the web UI. I created it from the default template and I have deleted it and tried to recreate it. I have made an NSG rule to allow port…

azure azure-networking splunk network-security-group

asked Jan 02 '18 at 23:47

frpm

votes

1 answer

Will Splunk update the index if an already indexed file is edited?

Our Splunk server indexes the audit logs from its clients. Once a week we audit these logs through a Splunk search. My question is, if someone edits the entries in a log file that is already indexed, would Splunk re-index the edited file and…

splunk

asked Dec 07 '17 at 10:19

Sreeraj

votes

4 answers

Running a reverse proxy in front of Splunk 4.x

So, I have previously installed Splunk 3.x behind a reverse proxy and downloaded the latest version (4.0.6 at time of typing) expecting it to be as easy to use as before. Sadly this was not the case. There appears to be some elements which are not…

monitoring reverse-proxy splunk

asked Nov 16 '09 at 09:08

sgerrand

votes

1 answer

How do I exclude messages from indexing on Splunk Cloud?

I see from this question and answer on Splunk's own Q&A site that it's possible to exclude certain messages from indexing on a Splunk instance. I have a Splunk Cloud instance where the only way of configuring such things is through the GUI. I don't…

splunk

asked May 31 '16 at 09:32

Flup

7,688
1
31
43

votes

4 answers

Using Puppet to incrementally add lines to a file, from multiple classes

I am trying to use Puppet to automatically configure Splunk monitoring. This involves adding a list of file paths to a Splunk configuration file (inputs.conf). Each role (webserver, db, etc.) in our application has its own Puppet module, which…

puppet splunk

asked Dec 06 '12 at 12:37

Mike Ryan

2 3 4 5 Next