skipped searches and why

Quickly identify high amounts of skipped searches in your cluster or standalone SH(s):

Adjust “[your splunk SH(s)]” to the SH(s) you want to check obviously ;)

Continue Reading →

find blocking queues

Blocked queues are (obviously) bad for your environment so here a search to identify those:

Example result:

Continue Reading →

identify knowledge objects, permissions and extractions

The following will: list all knowledge objects for your SH (or given search peer(s)) each objects name, type, app, permissions, sharing (e.g. global, app, private) and owner if props-extract: the props stanza, props type¬†(e.g if its Inline or Transforms), props sourcetype and props value (e.g. the regex) if transforms-extract: the state (tf_disabled), format (tf_format), tf_fields […]

Continue Reading →

count all events for 1 or multiple index(es)

Total count of all events for 1 or more index(es) Approach 1 (fastest)

or

does *not* support time ranges in the time picker tested on: splunk v6.6 Approach 2 (fast – especially when tsidx are *not* reduced)

supports time ranges in the time picker tested on: splunk v6.6 Approach 3 (slow – […]

Continue Reading →