Getting Data In

Community Activity

How do I filter or search on the results of a long running scheduled search job? I have a saved search that I scheduled to run every night, since the search takes a few minutes to run and I view the... by jkeglovitz Explorer in Getting Data In 09-03-2010 0 3	0	3
VMware ESX - Snapshot ESX environment with Splunk in a VM: Splunk 4.1.4 RHEL4 64bitconfigured as indexer$SPLUNK_DB on SAN (in VMware conte... by meno Path Finder in Getting Data In 09-03-2010 1 1	1	1
Difficulty in Timestamp Recongnition Hi there, I am trying to have splunk know the right timestamp in the following event. COR_00000001,Com1,LOC_0000000... by melonman Motivator in Getting Data In 09-03-2010 1 3	1	3
Windows LightFwdr NOT forwarding IIS logs !? I presently have 4 windows boxes lightforwarding to linux indexer. Forwarder is configured to forward IIS logs, howev... by john_loch Explorer in Getting Data In 09-03-2010 1 4	1	4
Does Splunk use the MS Visual C++ Runtime library? Does Splunk uses the Visual C++ Runtime Library? Since installing the Splunk agent, I have seen no less than two po... by mctester Communicator in Getting Data In 09-02-2010 0 1	0	1
Can I configure the windows installer to not start Splunk right after it's installed? I would like to make sure that the splunkd and splunkweb services aren't automatically started by the Splunk Windows ... by hexx Splunk Employee in Getting Data In 09-02-2010 4 3	4	3
Converting Active Directory Time Fields AD stores certain fields like: pwdLastSet in a large integer format. How can I convert these to a human readable t... by ogdin Splunk Employee in Getting Data In 09-02-2010 1 4	1	4
Trouble setting up forwarders on Windows 2008 using Service Account I'm in a Windows environment, trying to set up forwarding to my indexer, all on Windows 2008 servers. So, I made sur... by gsawyer1 Engager in Getting Data In 09-02-2010 0 5	0	5
Issues Triggering Alert Scripts on Windows XP I’m currently running Splunk on my Windows XP SP3 and I'm trying to get a couple scripts to run after an alert trigge... by maverick Splunk Employee in Getting Data In 09-02-2010 3 4	3	4
Powering Down a Splunk Indexer for Maintenance Hi all, Basically for example's sake; lets say i have 45 web server clients logging to a Splunk Indexer and it is the... by dalgibbard Engager in Getting Data In 09-02-2010 0 5	0	5
Splunk listens for syslog but no logs show up in the console I am running Splunk on Windows 7 64 bit and configured data adapters for syslog on TCP and UDP. I can see via Wiresha... by local_graph_2 New Member in Getting Data In 09-01-2010 0 6	0	6
Sidewinder firewall I want to get logs and data from my sidewinder firewall running 7.0.0.06. How do I do it? by wrightp New Member in Getting Data In 09-01-2010 0 2	0	2
Monitor logs on a Unix Server from Windows Machine I installed Splunk on my Windows XP machine and I'm trying to setup the "Source" to "Monitor a file or directory" whi... by jerry_john Engager in Getting Data In 09-01-2010 1 2	1	2
ERROR WinEventLogChannel - initOld: Failed to initialize checkpoint for Windows Event Log channel 'Security' Host is no longer forwarding WinEventLog:Security to the Linux indexer. All of a sudden my 4.0.9 Splunk server is no longer forwarding the WinEventLog:Security logs onto my 4.1.4 Linux inde... by Ellen Splunk Employee in Getting Data In 09-01-2010 2 1	2	1
batch upload not working - files not being consumed I am trying batch upload like this from a light forwarder. But the files are not being consumed (there are only 2 sma... by skattamu New Member in Getting Data In 09-01-2010 0 5	0	5
Is it possible to use macros to restrict search terms? I have a long list of hosts/sources/sourcetypes I want to restrict a user to. Can I define a macro, then reference t... by hulahoop Splunk Employee in Getting Data In 09-01-2010 1 6	1	6
How to receive alert when number of kbps of indexed data exceeds a certain value Hi, Is there a way to have this search do following: get me all sources that related to windows (win*) - then calcul... by DyJohnnY Explorer in Getting Data In 09-01-2010 0 2	0	2
AIX errpt timestamp I know that Splunk can parse all different types of timestamps, but I've got a funky one. Here's the situation: AIX ... by Branden Builder in Getting Data In 08-31-2010 1 6	1	6
Index monitoring issues Hi, My instance of Splunk is monitoring a server log file that is updated at periods throughout the day. Splunk has ... by Ant1D Motivator in Getting Data In 08-31-2010 0 5	0	5
WMI: filter remote Eventlogs by Host Groups I would like to know wether it is possible to filter remote windows eventlog based on the groups inside wmi.conf. I h... by Daniel Explorer in Getting Data In 08-31-2010 0 6	0	6
Filtering out WinEventLog events for a single user We have a monitoring system (WhatsUpGold) that periodically logs in to our windows machines and checks various condit... by Lowell Super Champion in Getting Data In 08-30-2010 1 2	1	2
What is/isn't getting monitored and why? Is there a way to see what files are being read by the various monitor/fschange stanzas in input.conf? by drawks Explorer in Getting Data In 08-30-2010 2 2	2	2
Forwarding not working, troubleshooting tips? Receiving splunk server inputs.conf: [splunktcp://7900] Sending splunk server outputs.conf: [tcpout] defaultGroup... by twinspop Influencer in Getting Data In 08-30-2010 0 11	0	11
Force index-time host extraction to lower-case Is there a way to extract the hostname from an event, but force it to lower-case in the process? Extracting the host... by southeringtonp Motivator in Getting Data In 08-28-2010 6 2	6	2
How can I receive syslog (udp/514) events with a non-root splunkd? The operating system won't allow a non-root user to bind to ports < 1024. How can I get my splunkd, running as user ... by dwaddle SplunkTrust in Getting Data In 08-27-2010 11 2	11	2