As you might know indexes are where your data in splunk is stored. An index contains of time-based buckets (directories). Over time a bucket – the indexed data – is rolling from hot (when data is still written to the bucket) to warm (data is read-only) to cold. When you want to backup Splunk you need the data in a consistent state – in a warm bucket.
In today’s article about Splunk monitoring we want to monitor the Splunk license usage. You want to keep an eye on the license usage, as 5 warnings of the daily indexing volume using the enterprise license or 3 warnings using the free license will cause a license violation.
A license violation will deactivate Splunk searches but not the indexing process. So you will not be able to query your data – but at least never loose it.
Alright, XenServer 6.2 has been released a few days ago. There seem to be no well-known update issues – so time to get the job done…
I’m using MRemoteNG to manage and create my RDP connections. In the last months, every now and then, I was unable to connect RDP sessions. When using mstsc.exe instead the RDP connection was established correctly.
Today, after upgrading to Splunk 6.1 I realized, that some GeoIP data in dashboards was missing. By using the lookup search command to get the country from an IP address like :
| stats count | eval ip=”22.214.171.124″ | lookup geoip clientip as ip
I got an error message, which showed that the lookup was somehow not working.