Getting Data In

Community Activity

What is/isn't getting monitored and why? Is there a way to see what files are being read by the various monitor/fschange stanzas in input.conf? by drawks Explorer in Getting Data In 08-30-2010 2 2	2	2
Forwarding not working, troubleshooting tips? Receiving splunk server inputs.conf: [splunktcp://7900] Sending splunk server outputs.conf: [tcpout] defaultGroup... by twinspop Influencer in Getting Data In 08-30-2010 0 11	0	11
Force index-time host extraction to lower-case Is there a way to extract the hostname from an event, but force it to lower-case in the process? Extracting the host... by southeringtonp Motivator in Getting Data In 08-28-2010 6 2	6	2
How can I receive syslog (udp/514) events with a non-root splunkd? The operating system won't allow a non-root user to bind to ports < 1024. How can I get my splunkd, running as user ... by dwaddle SplunkTrust in Getting Data In 08-27-2010 11 2	11	2
Renaming sources for charting purposes Hello, I have a chart that show event counts split by source name. For our analysis, it is very important that we see... by ericrobinson Path Finder in Getting Data In 08-27-2010 2 2	2	2
inputs.conf and multiple windows AD DC entries for each [WinEventLog: ] stanza in inputs.conf, can you specify more than one entry for evt_dc_name? Because what i... by gsawyer1 Engager in Getting Data In 08-26-2010 0 1	0	1
route and rewrite I was wondering if it were possible to do a mask on events in addition to sending them to a separate index. Since th... by caphrim007 Path Finder in Getting Data In 08-25-2010 0 2	0	2
Filtering wmi events on a heavy forwarder. I have a bunch of light forwarders sending data to a central heavy forwarder which sends the data to the main indexer... by aaronzabell Path Finder in Getting Data In 08-25-2010 0 7	0	7
Forwarder with primary & fail-over indexer? Is there a way with the basic Forwarder to configure it to send events to server A if its up, and to server B only if... by dnolan Explorer in Getting Data In 08-25-2010 1 4	1	4
Does pkgrm stop a splunk forwarder in a clean way on Solaris? Hi To update our splunk forwarders we use puppet. Puppet first removes the splunk package and then installs the new... by chris Motivator in Getting Data In 08-25-2010 0 3	0	3
wrong HOST value Hi, I have a forwarder sending a syslog file to the receiver. The syslog has entries like: Jul 27 09:50:21 ip-10-... by sunnykkim Engager in Getting Data In 08-25-2010 1 3	1	3
websphere logs indexing more then they should A websphere server, in particular the websphere_trlog appear to be getting over indexed by a huge amount Checking ht... by Chris_R_ Splunk Employee in Getting Data In 08-24-2010 0 4	0	4
Performance impact of fschange on C:\windows\* ? Has anyone put into production an input stanza that runs an fschange on all of C:\windows? A) what is the performanc... by Jason Motivator in Getting Data In 08-24-2010 1 5	1	5
Rest api for Splunk 4.0.3 I am trying to figure how to use the rest api. I can't find much documentation on it for 4.0.3. by adickerson New Member in Getting Data In 08-24-2010 0 1	0	1
Splunk audit log in syslog output I have my splunk instance set up to receive data on a TCP port, sourcetype it, then output it with to a Splunk receiv... by adamw Communicator in Getting Data In 08-24-2010 3 5	3	5
Summary indexing Hi all, Quick question about summary indexing: I have this configuration in the savedsearches.conf [esxtop_Group_C... by Nicholas_Key Splunk Employee in Getting Data In 08-22-2010 0 1	0	1
Problem with routing/forwarding to a specific index. I have a bunch of light forwarders sending data to a central heavy forwarder which then sends the data to the main in... by aaronzabell Path Finder in Getting Data In 08-20-2010 0 6	0	6
Monitoring of specific files and folders Hi, I like to monitor certain folders(for eg. C:\myfolder) and its subfolders/files on a windows server. I've enable... by remy06 Contributor in Getting Data In 08-20-2010 0 3	0	3
Unable to capture correct timestamp? hi, I'm trying to configure splunk to display the time based on the event. The event's timestamp format is somethin... by remy06 Contributor in Getting Data In 08-20-2010 0 2	0	2
How to disable splunk-regmon.exe? The process splunk-regmon.exe is running 95%-99% CPU (Splunk 3.1.4, WinXP SP3 as a VM in VMware Fusion 3.1.1). How do... by danrand Explorer in Getting Data In 08-19-2010 0 2	0	2
When should I restore from backup? What events should I be watching for in my Splunk logs? Does anyone have a list of specific error codes that would i... by pdevlin Explorer in Getting Data In 08-19-2010 1 2	1	2
Indexer is slowing down I'm having problems with indexing a particular log source, which is slowing down. It started off strong but continue... by carmackd Communicator in Getting Data In 08-19-2010 1 6	1	6
Search App - Earliest Event not Updated when events are archived Hello all, Not sure if anyone has encountered this before, but I have events that are purged off but when I am in th... by silvermail Path Finder in Getting Data In 08-19-2010 0 3	0	3
Time stamp separated by a tab Hello guys, Been trying to get this to work but to no avail... I have a CSV file that goes like this: pid hostname... by silvermail Path Finder in Getting Data In 08-19-2010 0 3	0	3
IDS and unauthorized device detection. Splunk is currently indexing the logs for all of my companies switches and routers. It's a mishmash of Dell and Cisco... by aaronzabell Path Finder in Getting Data In 08-18-2010 0 2	0	2