Getting Data In

Community Activity

Sidewinder firewall I want to get logs and data from my sidewinder firewall running 7.0.0.06. How do I do it? by wrightp New Member in Getting Data In 09-01-2010 0 2	0	2
Monitor logs on a Unix Server from Windows Machine I installed Splunk on my Windows XP machine and I'm trying to setup the "Source" to "Monitor a file or directory" whi... by jerry_john Engager in Getting Data In 09-01-2010 1 2	1	2
ERROR WinEventLogChannel - initOld: Failed to initialize checkpoint for Windows Event Log channel 'Security' Host is no longer forwarding WinEventLog:Security to the Linux indexer. All of a sudden my 4.0.9 Splunk server is no longer forwarding the WinEventLog:Security logs onto my 4.1.4 Linux inde... by Ellen Splunk Employee in Getting Data In 09-01-2010 2 1	2	1
batch upload not working - files not being consumed I am trying batch upload like this from a light forwarder. But the files are not being consumed (there are only 2 sma... by skattamu New Member in Getting Data In 09-01-2010 0 5	0	5
Is it possible to use macros to restrict search terms? I have a long list of hosts/sources/sourcetypes I want to restrict a user to. Can I define a macro, then reference t... by hulahoop Splunk Employee in Getting Data In 09-01-2010 1 6	1	6
How to receive alert when number of kbps of indexed data exceeds a certain value Hi, Is there a way to have this search do following: get me all sources that related to windows (win*) - then calcul... by DyJohnnY Explorer in Getting Data In 09-01-2010 0 2	0	2
AIX errpt timestamp I know that Splunk can parse all different types of timestamps, but I've got a funky one. Here's the situation: AIX ... by Branden Builder in Getting Data In 08-31-2010 1 6	1	6
Index monitoring issues Hi, My instance of Splunk is monitoring a server log file that is updated at periods throughout the day. Splunk has ... by Ant1D Motivator in Getting Data In 08-31-2010 0 5	0	5
WMI: filter remote Eventlogs by Host Groups I would like to know wether it is possible to filter remote windows eventlog based on the groups inside wmi.conf. I h... by Daniel Explorer in Getting Data In 08-31-2010 0 6	0	6
Filtering out WinEventLog events for a single user We have a monitoring system (WhatsUpGold) that periodically logs in to our windows machines and checks various condit... by Lowell Super Champion in Getting Data In 08-30-2010 1 2	1	2
What is/isn't getting monitored and why? Is there a way to see what files are being read by the various monitor/fschange stanzas in input.conf? by drawks Explorer in Getting Data In 08-30-2010 2 2	2	2
Forwarding not working, troubleshooting tips? Receiving splunk server inputs.conf: [splunktcp://7900] Sending splunk server outputs.conf: [tcpout] defaultGroup... by twinspop Influencer in Getting Data In 08-30-2010 0 11	0	11
Force index-time host extraction to lower-case Is there a way to extract the hostname from an event, but force it to lower-case in the process? Extracting the host... by southeringtonp Motivator in Getting Data In 08-28-2010 6 2	6	2
How can I receive syslog (udp/514) events with a non-root splunkd? The operating system won't allow a non-root user to bind to ports < 1024. How can I get my splunkd, running as user ... by dwaddle SplunkTrust in Getting Data In 08-27-2010 11 2	11	2
Renaming sources for charting purposes Hello, I have a chart that show event counts split by source name. For our analysis, it is very important that we see... by ericrobinson Path Finder in Getting Data In 08-27-2010 2 2	2	2
inputs.conf and multiple windows AD DC entries for each [WinEventLog: ] stanza in inputs.conf, can you specify more than one entry for evt_dc_name? Because what i... by gsawyer1 Engager in Getting Data In 08-26-2010 0 1	0	1
route and rewrite I was wondering if it were possible to do a mask on events in addition to sending them to a separate index. Since th... by caphrim007 Path Finder in Getting Data In 08-25-2010 0 2	0	2
Filtering wmi events on a heavy forwarder. I have a bunch of light forwarders sending data to a central heavy forwarder which sends the data to the main indexer... by aaronzabell Path Finder in Getting Data In 08-25-2010 0 7	0	7
Forwarder with primary & fail-over indexer? Is there a way with the basic Forwarder to configure it to send events to server A if its up, and to server B only if... by dnolan Explorer in Getting Data In 08-25-2010 1 4	1	4
Does pkgrm stop a splunk forwarder in a clean way on Solaris? Hi To update our splunk forwarders we use puppet. Puppet first removes the splunk package and then installs the new... by chris Motivator in Getting Data In 08-25-2010 0 3	0	3
wrong HOST value Hi, I have a forwarder sending a syslog file to the receiver. The syslog has entries like: Jul 27 09:50:21 ip-10-... by sunnykkim Engager in Getting Data In 08-25-2010 1 3	1	3
websphere logs indexing more then they should A websphere server, in particular the websphere_trlog appear to be getting over indexed by a huge amount Checking ht... by Chris_R_ Splunk Employee in Getting Data In 08-24-2010 0 4	0	4
Performance impact of fschange on C:\windows\* ? Has anyone put into production an input stanza that runs an fschange on all of C:\windows? A) what is the performanc... by Jason Motivator in Getting Data In 08-24-2010 1 5	1	5
Rest api for Splunk 4.0.3 I am trying to figure how to use the rest api. I can't find much documentation on it for 4.0.3. by adickerson New Member in Getting Data In 08-24-2010 0 1	0	1
Splunk audit log in syslog output I have my splunk instance set up to receive data on a TCP port, sourcetype it, then output it with to a Splunk receiv... by adamw Communicator in Getting Data In 08-24-2010 3 5	3	5