Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

New free license Splunk install running *NIX to see host entries in my syslog server's /var/log

noahjscales
Explorer
‎07-22-2010 09:39 PM

Hi.

I have a new 4.1.4 free license install running on a VM. On the same server running Splunk, I have a /var/log that is filled with syslog entries forwarded from other machines and captured by a syslog daemon on the same server.

I would like the *NIX app to load the /var/log data in so that I can see the entries differentiated by host in the app. I could ask Splunk to monitor the /var/log directory, or something, but that might not give me the links on the homepage of the *NIX app that I had when I ran *NIX under the enterprise license.

I understand that I am supposed to run a manual search but I don't know how to configure *NIX to find the log files, et cetera, under the free version. I think I will need to "bulk load" the /var/log data, because there's just so much of it.

Tags (4)
0 Karma
Reply

noahjscales
Explorer
‎07-24-2010 03:04 AM

It looks like the four Data Inputs created by *NIX, including the Files and Directory Data Input for the /var/log directory, were disabled inside the Manager. So a quick click on 'enable' for each got me halfway there. I had a few custom logs sitting in the directory, so I modified the whitelist regex to include patterns for the names of the files, and now I'm all set!

Reply

noahjscales
Explorer
‎07-24-2010 03:02 AM

NEVER MIND! The Data inputs created for the *NIX app were disabled for some reason.

Reply
Get Updates on the Splunk Community!

Index This | Why did the turkey cross the road?

November 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...