What happens when the same username exists in Splunk as well as through LDAP?
Local user accounts created in Splunk store passwords in which file?
In this example, ifuseACKis set to true and themaxQueueSizeis set to 7MB, what is the size of the wait queue on this universal forwarder?
The following stanza is active in indexes.conf:
[cat_facts]
maxHotSpanSecs = 3600
frozenTimePeriodInSecs = 2630000
maxTota1DataSizeMB = 650000
All other related indexes.conf settings are default values.
If the event timestamp was 3739283 seconds ago, will it be searchable?