Getting Data In

Discussions

Thread Info

Trouble setting up forwarders on Windows 2008 using Service Account

I'm in a Windows environment, trying to set up forwarding to my indexer, all on Windows 2008 servers. So, I made s...

by Engager in

Issues Triggering Alert Scripts on Windows XP

I’m currently running Splunk on my Windows XP SP3 and I'm trying to get a couple scripts to run after an alert trigge...

by Splunk Employee in

Powering Down a Splunk Indexer for Maintenance

Hi all, Basically for example's sake; lets say i have 45 web server clients logging to a Splunk Indexer and it is the...

by Engager in

Splunk listens for syslog but no logs show up in the console

I am running Splunk on Windows 7 64 bit and configured data adapters for syslog on TCP and UDP. I can see via Wiresha...

by New Member in

Sidewinder firewall

I want to get logs and data from my sidewinder firewall running 7.0.0.06. How do I do it?

by New Member in

Monitor logs on a Unix Server from Windows Machine

I installed Splunk on my Windows XP machine and I'm trying to setup the "Source" to "Monitor a file or directory" whi...

by Engager in

ERROR WinEventLogChannel - initOld: Failed to initialize checkpoint for Windows Event Log channel 'Security' Host is no longer forwarding WinEventLog:Security to the Linux indexer.

All of a sudden my 4.0.9 Splunk server is no longer forwarding the WinEventLog:Security logs onto my 4.1.4 Linux inde...

by Splunk Employee in

batch upload not working - files not being consumed

I am trying batch upload like this from a light forwarder. But the files are not being consumed (there are only 2 sma...

by New Member in

Is it possible to use macros to restrict search terms?

I have a long list of hosts/sources/sourcetypes I want to restrict a user to. Can I define a macro, then reference th...

by Splunk Employee in

How to receive alert when number of kbps of indexed data exceeds a certain value

Hi, Is there a way to have this search do following: get me all sources that related to windows (win*) - then calc...

by Explorer in

AIX errpt timestamp

I know that Splunk can parse all different types of timestamps, but I've got a funky one. Here's the situation: AI...

by Builder in

Index monitoring issues

Hi, My instance of Splunk is monitoring a server log file that is updated at periods throughout the day. Splunk ha...

by Motivator in

WMI: filter remote Eventlogs by Host Groups

I would like to know wether it is possible to filter remote windows eventlog based on the groups inside wmi.conf. I h...

by Explorer in

Filtering out WinEventLog events for a single user

We have a monitoring system (WhatsUpGold) that periodically logs in to our windows machines and checks various condit...

by Super Champion in

What is/isn't getting monitored and why?

Is there a way to see what files are being read by the various monitor/fschange stanzas in input.conf?

by Explorer in

Forwarding not working, troubleshooting tips?

Receiving splunk server inputs.conf: [splunktcp://7900] Sending splunk server outputs.conf: [tcpout] defaul...

by Influencer in

Force index-time host extraction to lower-case

Is there a way to extract the hostname from an event, but force it to lower-case in the process? Extracting the ho...

by Motivator in

How can I receive syslog (udp/514) events with a non-root splunkd?

The operating system won't allow a non-root user to bind to ports < 1024. How can I get my splunkd, running as user s...

by SplunkTrust in

Renaming sources for charting purposes

Hello, I have a chart that show event counts split by source name. For our analysis, it is very important that we see...

by Path Finder in

inputs.conf and multiple windows AD DC entries

for each [WinEventLog: ] stanza in inputs.conf, can you specify more than one entry for evt_dc_name? Because what if ...

by Engager in

route and rewrite

I was wondering if it were possible to do a mask on events in addition to sending them to a separate index. Since ...

by Path Finder in

Filtering wmi events on a heavy forwarder.

I have a bunch of light forwarders sending data to a central heavy forwarder which sends the data to the main indexer...

by Path Finder in

Forwarder with primary & fail-over indexer?

Is there a way with the basic Forwarder to configure it to send events to server A if its up, and to server B only if...

by Explorer in

Does pkgrm stop a splunk forwarder in a clean way on Solaris?

Hi To update our splunk forwarders we use puppet. Puppet first removes the splunk package and then installs the n...

by Motivator in

wrong HOST value

Hi, I have a forwarder sending a syslog file to the receiver. The syslog has entries like: Jul 27 09:50:21 ip-...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Trouble setting up forwarders on Windows 2008 using Service Account

Issues Triggering Alert Scripts on Windows XP

Powering Down a Splunk Indexer for Maintenance

Splunk listens for syslog but no logs show up in the console

Sidewinder firewall

Monitor logs on a Unix Server from Windows Machine

ERROR WinEventLogChannel - initOld: Failed to initialize checkpoint for Windows Event Log channel 'Security' Host is no longer forwarding WinEventLog:Security to the Linux indexer.

batch upload not working - files not being consumed

Is it possible to use macros to restrict search terms?

How to receive alert when number of kbps of indexed data exceeds a certain value

AIX errpt timestamp

Index monitoring issues

WMI: filter remote Eventlogs by Host Groups

Filtering out WinEventLog events for a single user

What is/isn't getting monitored and why?

Forwarding not working, troubleshooting tips?

Force index-time host extraction to lower-case

How can I receive syslog (udp/514) events with a non-root splunkd?

Renaming sources for charting purposes

inputs.conf and multiple windows AD DC entries

route and rewrite

Filtering wmi events on a heavy forwarder.

Forwarder with primary & fail-over indexer?

Does pkgrm stop a splunk forwarder in a clean way on Solaris?

wrong HOST value

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

Re-ingest Windows logs across enterprise

SC4S Syslog server update fails during download wi...

Event break multiline PowerShell Transcript Log

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Getting Data In

Are you a member of the Splunk Community?

Discussions