Getting Data In

Thread Info

Trouble Indexing Multiple sourcetypes from a Single monitor

I have a set of logs that no longer appear to be being indexed. I had originally configured the monitor as follows......

by Explorer in

How to Force Event Timezone Settings per Host

Hi Guys, We have built a small Splunk app to retrieve and index web usage info from multiple SQL databases. My Spl...

by Explorer in

What are the possible return values from the Splunk init script?

I have a Splunk forwarder instance that appears to be returning a value of 2 during start up. I am curious as to ...

by Explorer in

hostname from non-default udp input does not get converted into DNS entry ...

Server is running 4.1. This does not seem to be an issue for default udp (that is, udp/514) messages. [udp://95...

by Engager in

splunk-optimize.exe WIndows Security Events

I have a test Windows forwarder set up that is generating over 22,000 events relating to the splunk-optimize.exe proc...

by Explorer in

Create Australian locale?

We need to get Splunk to display date formats using the Australian format of dd/mm/yyyy rather than the US format whi...

by Champion in

I'm testing splunk, and when I edit my logfiles, splunk doesn't notice the changes. Why?

I have a test logfile I fed into Splunk: Apr 13 10:41:16 support05 kernel: [1815783.556088] usb 2-1: new full spee...

by Splunk Employee in

is there a way to tail a file to index any new changes?

I let splunk monitor a directory of files. I found when any file got changed splunk will reindex all events in the fi...

by Explorer in

How to monitor a file within a VM?

How do you configure Splunk to monitor files within a VM? I installed Splunk within a VM and added a data input to mo...

by Engager in

Why are my udp syslog input events getting merged?

Odd behaviour with some udp syslog input from a Panorama device (palo alto management device) and ArcSight connector ...

by Splunk Employee in

How would I read in a log entry with uncommon time formats?

Log entries have timestamps with Taiwan years. Taiwan year = current year-1911, so this year is 99. By default Splunk...

by Splunk Employee in

Newbie getting set up (monitoring several computers-long post)

I'm a fairly new admin and extremely new at looking at reports/data. I have an issue with my server that I can't trac...

by New Member in

Some of my data does not have the correct sourcetype. Can I change it?

Is there a way to export the data that isn't correct then re-import it using the correct sourcetype? If not, is there...

by Splunk Employee in

Audit Windows Cleartext passwords

Is there a search I can execute that will show me all the passwords that have been sent across the network in clearte...

by New Member in

Splunking mutiline logfiles

How do I setup multiline log files in splunk, specifically we have a set of logs which are irregular, Log entries do ...

by Path Finder in

How can I index the same file to different indexes?

I have a file that I need to index twice. Specifically, I need it sent/indexed to two different indexes. How could I ...

by Splunk Employee in

Why is the svchost.exe process thrashes the CPU whenever Splunk is running?

I have Splunk 4.0.10 64bit version running in Windows 2008 R2 64bit. I noticed that when Splunkd service is turned on...

by Splunk Employee in

Can I get a listing of all of the endpoints registered with Splunkweb?

I've heard there are some REST endpoints that allow you to refresh objects (such as new dashboards, nav menus, etc......

by Splunk Employee in

Changing sourcetype for FWSM

Hi, I just installed cisco_firewall_addon for version 4.1 of splunk and I am having some issues. I have an ASA and a ...

by Explorer in

Syslog-ng logs show as host=localServer, rather than remote?

Hello, System type: Linux We have splunk running on our centralized syslog-ng server. We then have other server...

by Engager in

How do wildcards/whitelist/blacklist interact in inputs.conf?

Would someone confirm the following observations regarding data input configuration via inputs.conf? when using wi...

by Splunk Employee in

Search by host (all indexed data Hosts list)

Hi, I have syslog_ng server (sles 10). Everything is logged in this way: /var/log/HOSTS/xx-yy/hostname or ip/lo...

by Explorer in

Monitor problem?

I just installed Splunk 4.1 (configured to run on system accounts) and the first thing i did was add an input monitor...

by Path Finder in

Is alwaysOpenFile still available in version 4.1?

Does anyone know if alwaysOpenFile still works in inputs.conf as of Splunk 4.1. It still shows up in the 4.1 docs, bu...

by Super Champion in

What is the best way to add timestamps to a large log file without timestamps?

I have a file with ~6M events that gets FTP'd to Splunk on a daily basis. Unfortunately I don't have control of the o...

by Splunk Employee in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Trouble Indexing Multiple sourcetypes from a Single monitor

How to Force Event Timezone Settings per Host

What are the possible return values from the Splunk init script?

hostname from non-default udp input does not get converted into DNS entry ...

splunk-optimize.exe WIndows Security Events

Create Australian locale?

I'm testing splunk, and when I edit my logfiles, splunk doesn't notice the changes. Why?

is there a way to tail a file to index any new changes?

How to monitor a file within a VM?

Why are my udp syslog input events getting merged?

How would I read in a log entry with uncommon time formats?

Newbie getting set up (monitoring several computers-long post)

Some of my data does not have the correct sourcetype. Can I change it?

Audit Windows Cleartext passwords

Splunking mutiline logfiles

How can I index the same file to different indexes?

Why is the svchost.exe process thrashes the CPU whenever Splunk is running?

Can I get a listing of all of the endpoints registered with Splunkweb?

Changing sourcetype for FWSM

Syslog-ng logs show as host=localServer, rather than remote?

How do wildcards/whitelist/blacklist interact in inputs.conf?

Search by host (all indexed data Hosts list)

Monitor problem?

Is alwaysOpenFile still available in version 4.1?

What is the best way to add timestamps to a large log file without timestamps?

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...

Getting Data In

Are you a member of the Splunk Community?

Discussions