Getting Data In

Community Activity

Multiple indexes/Custom app I am writing an app for my team to use. Let's call the app xyz. The app will make use of various inputs, saved search... by Branden Builder in Getting Data In 09-20-2010 0 2	0	2
Appending to a whitelist We're using the unix app to monitor our linux machines. One of the files we need to monitor is /var/log/secure. The u... by Peter_B Explorer in Getting Data In 09-20-2010 2 2	2	2
Timestamp Problem Hi, I'm using Splunk to index logs which timestamp is in the format Y2010M09D17H10N07S00. As Splunk couldn't understa... by liviab Explorer in Getting Data In 09-20-2010 2 5	2	5
Practical limit for monitor inputs? 20000+ directories? We have a configuration that's been idling for over two days, and instead of processing locations that the tailing pr... by parallaxed Path Finder in Getting Data In 09-20-2010 2 14	2	14
Filter input data Hello, We are looking at deploying splunk for our application servers log files, these log files are about 3GB per d... by iokoluke New Member in Getting Data In 09-17-2010 0 2	0	2
Problem with Event Duplication I have splunk set up on a few redhat boxes, and I am getting duplicate events from them. One event will list the hos... by muebel SplunkTrust in Getting Data In 09-17-2010 0 2	0	2
Show Source and save as CSV truncate large events? I have records that consist of fairly large (200+ lines, > 20 Kb per record) XML documents. When I export the result... by pde Path Finder in Getting Data In 09-17-2010 0 2	0	2
Getting syslog data into splunk lightweight forwarder Hi, I'm new to splunk, so my question might be lame. I am trying to setup a splunk lightweight forwarder, my problem ... by ultra Explorer in Getting Data In 09-17-2010 0 1	0	1
Wrong fields on receiver instance One Splunk instance is forwarding data to a receiver, however the receiver is indexing the data and getting the wrong... by Caio_Santos Path Finder in Getting Data In 09-16-2010 0 2	0	2
setting maximum input/log entry size So I have the following in inputs.conf: [udp://10005] connection_host = index = serverlogs sourcetype = syslog disab... by tedder Communicator in Getting Data In 09-16-2010 0 3	0	3
finding out if my forwarded data is placed in the receiver I'm forwarding data from a windows splunk instance to a freebsd. I checked the index that i'm forwarding data to, so ... by Caio_Santos Path Finder in Getting Data In 09-15-2010 0 1	0	1
Alternative ways to assigning sourcetype? I am checking out a sample application where an eventtype's search contains "sourcetype=..." . I having difficulty d... by dleung Splunk Employee in Getting Data In 09-14-2010 1 4	1	4
Which index does the forwarded data go??? How do I know which index forwarded data goes to receiver instance ? I'm not sure about that, but i've created 2 inde... by Caio_Santos Path Finder in Getting Data In 09-14-2010 1 2	1	2
Splunk usage monitor How do I monitor how often my users are using Splunk? by devilears New Member in Getting Data In 09-14-2010 0 1	0	1
Input Type=... Question Good Morning, I have a question that I would love to be answered if possible.  I have written the following xml c... by Ant1D Motivator in Getting Data In 09-14-2010 0 11	0	11
International character code recognition Hi there, I would like to know how to handle international character code in Splunk. The environment I have here i... by melonman Motivator in Getting Data In 09-14-2010 0 6	0	6
Appending vs overwriting tailed log files I've been testing Splunk for several months now, and am consistently having problems with duplicate events appearing ... by chjpcert Explorer in Getting Data In 09-14-2010 1 8	1	8
"Lost Log" Search? So we know about lost forwarders, but how about lost logs? I recently discovered that some of my Windows systems were... by rgcox1 Communicator in Getting Data In 09-13-2010 0 4	0	4
Events chunked into 256 lines Hi all, I have the following output from a Perl script that runs every 5 mins: 09-13-2010 16:21:20 - Inventory Rep... by Nicholas_Key Splunk Employee in Getting Data In 09-13-2010 1 2	1	2
Why are my files being re-indexed? I'm noticed tons of duplicate events and the following message in splunkd.log correlates with the time I started seei... by SK110176 Path Finder in Getting Data In 09-13-2010 1 1	1	1
Setting up Splunk receiver through TCP/IP Hey everybody, I'm going through some problems trying to set my receiver splunk instance. I performed exactely the w... by Caio_Santos Path Finder in Getting Data In 09-13-2010 1 2	1	2
syslog data missing Folks, Im trying to troubleshoot an issue where syslog data seems to stop for a couple of days, then pick up again. ... by Genti Splunk Employee in Getting Data In 09-13-2010 1 6	1	6
sourcetype in props.conf not always working Going through other splunk answers questions I couldn't get anything that I think should be working to work here. Es... by skippylou Communicator in Getting Data In 09-13-2010 0 8	0	8
f5 - upload logs to splunk i downloaded the following logs to my workstation running xp and i have splunk running on it. how do i import them i... by cookdg New Member in Getting Data In 09-13-2010 0 3	0	3
filtering content on index At a high level... how would one filter the content itself being indexed. Example: i was indexing ..say.. xml docs ... by hiddenkirby Contributor in Getting Data In 09-13-2010 2 1	2	1