Getting Data In

Community Activity

Unable to capture correct timestamp? hi, I'm trying to configure splunk to display the time based on the event. The event's timestamp format is somethin... by remy06 Contributor in Getting Data In 08-20-2010 0 2	0	2
How to disable splunk-regmon.exe? The process splunk-regmon.exe is running 95%-99% CPU (Splunk 3.1.4, WinXP SP3 as a VM in VMware Fusion 3.1.1). How do... by danrand Explorer in Getting Data In 08-19-2010 0 2	0	2
When should I restore from backup? What events should I be watching for in my Splunk logs? Does anyone have a list of specific error codes that would i... by pdevlin Explorer in Getting Data In 08-19-2010 1 2	1	2
Indexer is slowing down I'm having problems with indexing a particular log source, which is slowing down. It started off strong but continue... by carmackd Communicator in Getting Data In 08-19-2010 1 6	1	6
Search App - Earliest Event not Updated when events are archived Hello all, Not sure if anyone has encountered this before, but I have events that are purged off but when I am in th... by silvermail Path Finder in Getting Data In 08-19-2010 0 3	0	3
Time stamp separated by a tab Hello guys, Been trying to get this to work but to no avail... I have a CSV file that goes like this: pid hostname... by silvermail Path Finder in Getting Data In 08-19-2010 0 3	0	3
IDS and unauthorized device detection. Splunk is currently indexing the logs for all of my companies switches and routers. It's a mishmash of Dell and Cisco... by aaronzabell Path Finder in Getting Data In 08-18-2010 0 2	0	2
Translating an event into a table Hi all, is there a way to translate this event into a table? This is what I get with my search string: index="vmware... by Nicholas_Key Splunk Employee in Getting Data In 08-18-2010 0 5	0	5
Can't get sourcetype right Hi. Seems like a lot of people have a question similar to this, but maybe I am missing something simple. I'm monit... by Branden Builder in Getting Data In 08-18-2010 1 6	1	6
Override source (tcp:xxxx) of a tcp input using transforms Looks like MetaData:Source should be used, but despite many variations and \| extract reload=t, I can't seem to get th... by parallaxed Path Finder in Getting Data In 08-18-2010 0 4	0	4
Central Syslog-NG server, extra headers, and field extraction We run a central Syslog-NG server, which all the logs for the servers and devices we care about get sent to. We use ... by edgustaf Explorer in Getting Data In 08-17-2010 3 4	3	4
Excluding folders with monitor input I have a folder containing logs as below. I want to exclude all directories not named DONTINDEX_* and index the conte... by erga00 Path Finder in Getting Data In 08-17-2010 3 6	3	6
maxDist value varies (in forwarders) I've noticed that the maxDist value in the props.conf on various lightweight forwarders varies. I've never explicit... by rotten Communicator in Getting Data In 08-17-2010 1 1	1	1
Cisco Firewall addon data source Can the Cisco Firewall addon be restricted to only analyze data from a specific source or sourcetype? I have reports... by timbCFCA Path Finder in Getting Data In 08-17-2010 0 2	0	2
how to make a temporary backup/restore of Splunk on Windows server ? We've been having severe Splunk performance issues on the following system: Windows 2008 R2 Enterprise 64 with a 2 C... by ruiaires Path Finder in Getting Data In 08-17-2010 0 3	0	3
IIS on a Indexer? I would like to install IIS on a Splunk Indexer. Is there any way that this would cause any issues? by muebel SplunkTrust in Getting Data In 08-17-2010 1 1	1	1
fschange with recurse=true - unexpected results from whitelist I'm trying to monitor the xml files that define a Solaris service. These files live under /var/svc/manifest/.../*.xml... by jbidinger Explorer in Getting Data In 08-16-2010 1 5	1	5
Why does "splunk train cmd classify" say "Parameters must be in the form '-parameter value' I tried "splunk train sourcetype filename sourcename" and received the same error. Then I found this answer and got... by mpatnode Path Finder in Getting Data In 08-16-2010 1 2	1	2
Browser session timing out quickly and inconsistently Hello All I have Splunk 4.1.4 (splunk-4.1.4-82143-Linux-i686.tgz) installed (on Linux i686 box). I'm currently f... by kris2000 Explorer in Getting Data In 08-16-2010 2 6	2	6
On Windows, can I use different credentials to pull WinEvents via WMI? Does Splunk have the ability to use different sets of credentials for different monitoring on Windows? It appears o... by maverick Splunk Employee in Getting Data In 08-16-2010 0 1	0	1
TcpInputProc errors after turning on autoLB on forwarders We recently started turning on 'autoLB' for our lightweight forwarders. We use the default value of 30 seconds for t... by mfrost8 Builder in Getting Data In 08-15-2010 0 4	0	4
Indexes + data retirement + Earliest Event So looking at the Indexes page in Manager, I can tell that one of my indexes has hit the size limit and is successful... by skippylou Communicator in Getting Data In 08-14-2010 4 1	4	1
Filter Origin from LEA_OPSEC Input Hi all, I have posted a similar question before, but I think I was not specific enough. What I mean is, when gettin... by simuvid Splunk Employee in Getting Data In 08-14-2010 0 2	0	2
Rename sourcetype for only one app We are standardizing some sourcetype names and had the idea to provide a "compatibility" app in which users could run... by christopherutz Path Finder in Getting Data In 08-13-2010 1 3	1	3
Volume of SYSLOG traffic coming into splunk? Does anyone know how to determine the volume of SYSLOG traffic coming into Splunk over a 30, 60, and 90 day period? by leonardw Explorer in Getting Data In 08-13-2010 1 6	1	6