Discussions
| Thread Info | |||||
|---|---|---|---|---|---|
|
I'm having a problem trying to monitor the .bash_history file. I've set up a monitor for /home with a whitelist of "....
by
Peter_B
Explorer
in
Getting Data In
04-26-2010
|
1
|
5
| ||
|
|
I am seeing the following errors over and over again in my splunkd.log file. I'm not sure where to go to resolve this...
by
srich
Explorer
in
Getting Data In
05-20-2010
|
1
|
3
| ||
|
|
Possible Duplicate: Juniper Netscreen TCP Syslog messages not breaking properly
Hi, I have an SSG20 sending s...
by
mikaelwitt
New Member
in
Getting Data In
05-28-2010
|
0
|
4
| ||
|
|
I know the forwarder will buffer its data if the receiver goes down for some reason.Where is the data stored(director...
by
skibum
Engager
in
Getting Data In
05-14-2010
|
2
|
6
| ||
|
|
Is there any way to check for forwarders that have not connected recently and include a "sourcetype, source or host" ...
by
Chris_R_
Splunk Employee
in
Getting Data In
05-28-2010
|
0
|
1
| ||
|
|
I have a dir of text files named like such scriptcalled_201005211317_stdout.txt
how do i index them on that date? ...
by
hiddenkirby
Contributor
in
Getting Data In
05-21-2010
|
0
|
8
| ||
|
|
I have a saved search that notifies me when a forwarder goes up or down based on various TcpInputProc and TcpOutputPr...
by
Lowell
Super Champion
in
Getting Data In
05-26-2010
|
4
|
1
| ||
|
|
All, I noticed discussions on how to prevent Splunk from stripping priority levels from UDP Syslog messages.
Will ...
by
scornish
Engager
in
Getting Data In
05-27-2010
|
3
|
1
| ||
|
|
Is there a way to pass the result of a savedsearch to a script? For example, if the search returns:
suser duser sh...
by
ubko
Explorer
in
Getting Data In
05-26-2010
|
2
|
2
| ||
|
|
Some events flow into the Splunk instance via syslog sockets.
For a brief period of time, the sourcetypes that cam...
by
sdwilkerson
Contributor
in
Getting Data In
05-27-2010
|
1
|
3
| ||
|
|
I have a .csv file that I'm indexing. There is no timestamp information in the .csv file, but there is a date in the ...
by
lyndac
Contributor
in
Getting Data In
05-26-2010
|
2
|
5
| ||
|
|
strptime() format expression examples
Below are some sample date formats with strptime() expressions that handle t...
by
hiddenkirby
Contributor
in
Getting Data In
05-26-2010
|
0
|
8
| ||
|
|
Splunk always seems to get this wrong. I have the following in a vain effort to correct this
TIME_PREFIX=^
TIME...
by
parallaxed
Path Finder
in
Getting Data In
04-23-2010
|
2
|
10
| ||
|
|
Is there a way to set tags based off a wild card value?
IE I have the following hosts and I want to apply the 'tes...
by
Yancy
Path Finder
in
Getting Data In
05-25-2010
|
0
|
2
| ||
|
|
I am expecting to see each record as an event, but the result is not as expected. Some records are displayed as indiv...
by
msenthilganesh
New Member
in
Getting Data In
05-26-2010
|
0
|
1
| ||
|
|
If we have an indexer configured w/a raid 5 or raid 6 array is this going to negatively affect performance?
by
Chris_R_
Splunk Employee
in
Getting Data In
03-05-2010
|
2
|
4
| ||
|
|
I am currently running a eval version of Splunk 4.0.9 on a Windows 2008 64Bit Host. Our purchase of Splunk has been a...
by
littlejef
Engager
in
Getting Data In
05-24-2010
|
1
|
1
| ||
|
Hi, we are currently testing a Palo Alto app sec firewall and are sending some test logs over to the central indexer ...
by
balbano
Contributor
in
Getting Data In
05-25-2010
|
0
|
6
| ||
|
|
I would like to deploy Light Forwarders at our remote locations to act as a syslog server. Can light forwarder be con...
by
Genti
Splunk Employee
in
Getting Data In
05-25-2010
|
2
|
2
| ||
|
|
I've found how to get data from a remote users Security Log but we are after a centralised area to keep these logs. I...
by
wdc
New Member
in
Getting Data In
05-25-2010
|
0
|
3
| ||
|
|
I am revisiting splunk to see if it will meet our goals. Right now I am working on the initial index of our data gath...
by
ASW3382
New Member
in
Getting Data In
05-24-2010
|
0
|
4
| ||
|
|
Our indexer and all forwarders are running 4.1.2. Recently we developed a need to send events from our forwarders in ...
by
Jaci
Splunk Employee
in
Getting Data In
05-21-2010
|
1
|
3
| ||
|
|
What is the relationship between size of logs received by Splunk indexing servers versus indexing volume? On the load...
by
Genti
Splunk Employee
in
Getting Data In
05-24-2010
|
0
|
1
| ||
|
|
I have a deployment server app with a single inputs.conf file.
[tcp://localhost:9997]
sourcetype = tcp-raw
index =...
by
Jaci
Splunk Employee
in
Getting Data In
05-14-2010
|
1
|
2
| ||
|
I have the following in inputs.conf:
[udp://32004]
host = custom_host
connection_host = n...
by
jeff
Contributor
in
Getting Data In
05-18-2010
|
3
|
3
|
