Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

New free license Splunk install running *NIX to see host entries in my syslog server's /var/log

noahjscales
Explorer
‎07-22-2010 09:39 PM

Hi.

I have a new 4.1.4 free license install running on a VM. On the same server running Splunk, I have a /var/log that is filled with syslog entries forwarded from other machines and captured by a syslog daemon on the same server.

I would like the *NIX app to load the /var/log data in so that I can see the entries differentiated by host in the app. I could ask Splunk to monitor the /var/log directory, or something, but that might not give me the links on the homepage of the *NIX app that I had when I ran *NIX under the enterprise license.

I understand that I am supposed to run a manual search but I don't know how to configure *NIX to find the log files, et cetera, under the free version. I think I will need to "bulk load" the /var/log data, because there's just so much of it.

Tags (4)
0 Karma
Reply

noahjscales
Explorer
‎07-24-2010 03:04 AM

It looks like the four Data Inputs created by *NIX, including the Files and Directory Data Input for the /var/log directory, were disabled inside the Manager. So a quick click on 'enable' for each got me halfway there. I had a few custom logs sitting in the directory, so I modified the whitelist regex to include patterns for the names of the files, and now I'm all set!

Reply

noahjscales
Explorer
‎07-24-2010 03:02 AM

NEVER MIND! The Data inputs created for the *NIX app were disabled for some reason.

Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...