Getting Data In

Community Activity

How to receive alert when number of kbps of indexed data exceeds a certain value Hi, Is there a way to have this search do following: get me all sources that related to windows (win*) - then calcul... by DyJohnnY Explorer in Getting Data In 09-01-2010 0 2	0	2
AIX errpt timestamp I know that Splunk can parse all different types of timestamps, but I've got a funky one. Here's the situation: AIX ... by Branden Builder in Getting Data In 08-31-2010 1 6	1	6
Index monitoring issues Hi, My instance of Splunk is monitoring a server log file that is updated at periods throughout the day. Splunk has ... by Ant1D Motivator in Getting Data In 08-31-2010 0 5	0	5
WMI: filter remote Eventlogs by Host Groups I would like to know wether it is possible to filter remote windows eventlog based on the groups inside wmi.conf. I h... by Daniel Explorer in Getting Data In 08-31-2010 0 6	0	6
Filtering out WinEventLog events for a single user We have a monitoring system (WhatsUpGold) that periodically logs in to our windows machines and checks various condit... by Lowell Super Champion in Getting Data In 08-30-2010 1 2	1	2
What is/isn't getting monitored and why? Is there a way to see what files are being read by the various monitor/fschange stanzas in input.conf? by drawks Explorer in Getting Data In 08-30-2010 2 2	2	2
Forwarding not working, troubleshooting tips? Receiving splunk server inputs.conf: [splunktcp://7900] Sending splunk server outputs.conf: [tcpout] defaultGroup... by twinspop Influencer in Getting Data In 08-30-2010 0 11	0	11
Force index-time host extraction to lower-case Is there a way to extract the hostname from an event, but force it to lower-case in the process? Extracting the host... by southeringtonp Motivator in Getting Data In 08-28-2010 6 2	6	2
How can I receive syslog (udp/514) events with a non-root splunkd? The operating system won't allow a non-root user to bind to ports < 1024. How can I get my splunkd, running as user ... by dwaddle SplunkTrust in Getting Data In 08-27-2010 11 2	11	2
Renaming sources for charting purposes Hello, I have a chart that show event counts split by source name. For our analysis, it is very important that we see... by ericrobinson Path Finder in Getting Data In 08-27-2010 2 2	2	2
inputs.conf and multiple windows AD DC entries for each [WinEventLog: ] stanza in inputs.conf, can you specify more than one entry for evt_dc_name? Because what i... by gsawyer1 Engager in Getting Data In 08-26-2010 0 1	0	1
route and rewrite I was wondering if it were possible to do a mask on events in addition to sending them to a separate index. Since th... by caphrim007 Path Finder in Getting Data In 08-25-2010 0 2	0	2
Filtering wmi events on a heavy forwarder. I have a bunch of light forwarders sending data to a central heavy forwarder which sends the data to the main indexer... by aaronzabell Path Finder in Getting Data In 08-25-2010 0 7	0	7
Forwarder with primary & fail-over indexer? Is there a way with the basic Forwarder to configure it to send events to server A if its up, and to server B only if... by dnolan Explorer in Getting Data In 08-25-2010 1 4	1	4
Does pkgrm stop a splunk forwarder in a clean way on Solaris? Hi To update our splunk forwarders we use puppet. Puppet first removes the splunk package and then installs the new... by chris Motivator in Getting Data In 08-25-2010 0 3	0	3
wrong HOST value Hi, I have a forwarder sending a syslog file to the receiver. The syslog has entries like: Jul 27 09:50:21 ip-10-... by sunnykkim Engager in Getting Data In 08-25-2010 1 3	1	3
websphere logs indexing more then they should A websphere server, in particular the websphere_trlog appear to be getting over indexed by a huge amount Checking ht... by Chris_R_ Splunk Employee in Getting Data In 08-24-2010 0 4	0	4
Performance impact of fschange on C:\windows\* ? Has anyone put into production an input stanza that runs an fschange on all of C:\windows? A) what is the performanc... by Jason Motivator in Getting Data In 08-24-2010 1 5	1	5
Rest api for Splunk 4.0.3 I am trying to figure how to use the rest api. I can't find much documentation on it for 4.0.3. by adickerson New Member in Getting Data In 08-24-2010 0 1	0	1
Splunk audit log in syslog output I have my splunk instance set up to receive data on a TCP port, sourcetype it, then output it with to a Splunk receiv... by adamw Communicator in Getting Data In 08-24-2010 3 5	3	5
Summary indexing Hi all, Quick question about summary indexing: I have this configuration in the savedsearches.conf [esxtop_Group_C... by Nicholas_Key Splunk Employee in Getting Data In 08-22-2010 0 1	0	1
Problem with routing/forwarding to a specific index. I have a bunch of light forwarders sending data to a central heavy forwarder which then sends the data to the main in... by aaronzabell Path Finder in Getting Data In 08-20-2010 0 6	0	6
Monitoring of specific files and folders Hi, I like to monitor certain folders(for eg. C:\myfolder) and its subfolders/files on a windows server. I've enable... by remy06 Contributor in Getting Data In 08-20-2010 0 3	0	3
Unable to capture correct timestamp? hi, I'm trying to configure splunk to display the time based on the event. The event's timestamp format is somethin... by remy06 Contributor in Getting Data In 08-20-2010 0 2	0	2
How to disable splunk-regmon.exe? The process splunk-regmon.exe is running 95%-99% CPU (Splunk 3.1.4, WinXP SP3 as a VM in VMware Fusion 3.1.1). How do... by danrand Explorer in Getting Data In 08-19-2010 0 2	0	2