Getting Data In

Community Activity

Windows Vs Linux - host and serverName variable in system/local/ (host in searches) I'm getting frustrated with one server ending up in my index with both "hostname" and "hostname.domainname" depending... by Joffer Path Finder in Getting Data In 07-25-2010 1 2	1	2
New free license Splunk install running *NIX to see host entries in my syslog server's /var/log Hi. I have a new 4.1.4 free license install running on a VM. On the same server running Splunk, I have a /var/log th... by noahjscales Explorer in Getting Data In 07-24-2010 0 2	0	2
Sourcetype aliasing We are upgrading from splunk 3 to 4. We previously had sourcetypes with "-" in them. It looks like these aren't suppo... by mmattek Path Finder in Getting Data In 07-22-2010 1 3	1	3
Splunk Index Size We are currently performing a POC using Splunk 4.1.3 to index Blue Coat proxy data. Our test Splunk license is for 20... by morningwood Explorer in Getting Data In 07-22-2010 1 5	1	5
how to get splunk to read the correct date and time from events? Hi, How do I get splunk to show the date and time correctly based on the event?For example if I have the following e... by remy06 Contributor in Getting Data In 07-22-2010 2 1	2	1
Multi-character delimiters? I have data coming in in the format "data1","data2","data3" from F5. however, some events contain " and some contain... by Jason Motivator in Getting Data In 07-21-2010 6 7	6	7
Windows Event Log Collection on 11000 devices We are evaluating Splunk 4, and one of the interests from our managment team is to know if Splunk can assist us with ... by rictersmith Engager in Getting Data In 07-21-2010 3 7	3	7
Forcing source or sourcetype just isn't working! I've tried everything and it seems I still can't get my stanzas in props.conf and transforms.conf to overwride source... by Jason Motivator in Getting Data In 07-21-2010 1 3	1	3
Are there any plans to resurrect the Nagios check_splunk plugin? There used to be a Splunk2Nagios application that came with Splunk, and it worked very well. When 4.x was released i... by pheezy Explorer in Getting Data In 07-21-2010 5 4	5	4
What is the best way to index data from a distributed location I need to add a new data input from a mount, but I have a distributed architecture (one forwarder / search head and t... by mctester Communicator in Getting Data In 07-20-2010 0 1	0	1
monitoring changes to a remote filesystem Hi there -- I completed installing the latest version of Splunk on two systems where the first is the server, and th... by kaplan71 New Member in Getting Data In 07-20-2010 0 2	0	2
Full text retrieval: improve performance Hi All! I'm trying to push Splunk to a Customer to index huge amount of data (almost 4.5GB/10M events per day). Th... by marcoscala Builder in Getting Data In 07-19-2010 2 4	2	4
Some events are merged when overiding multiple sourcetypes from single source I am forwarding a single source (file) from kiwisyslog with LFW to the indexer, so got 1 sourcetype [kiwisyslog] The... by Starlette Contributor in Getting Data In 07-19-2010 2 5	2	5
fschange filters for windows I tried searching for documentation on how to implement filters for directories ( in fschange) Could someone let me... by heterodyned Path Finder in Getting Data In 07-19-2010 1 3	1	3
Time Stamps 1 day early? I've got a log file which tracks some call statistics. For some reason, about half of these, Splunk has them as bein... by empath Explorer in Getting Data In 07-17-2010 1 4	1	4
Total space for index I see alot in the docs, etc. that show how to set limits on buckets, etc. I can't seem to find out if there is a way... by skippylou Communicator in Getting Data In 07-17-2010 1 5	1	5
Can't access data after DB migration I backed up all my data, moved it to a larger secondary drive. Uninstalled and re-installed splunk on top of the back... by antinym New Member in Getting Data In 07-15-2010 0 3	0	3
Why is my scripted input excluded from the results? I am running a scripted input that outputs the "apachectl -S" configuration. I have set the proper permissions, test... by Simeon Splunk Employee in Getting Data In 07-15-2010 1 1	1	1
Record snmptrap log file to other and clear the original log file Hello, my problem is that I want to use splunk to copy the log from snmptrapd.log file to another file and clear the ... by sony_1688 New Member in Getting Data In 07-15-2010 0 1	0	1
Pulling Apache access logs on Windows server Hi, I have a windows 2003 server with apache installed. I will like to monitor its access logs on my splunk server r... by remy06 Contributor in Getting Data In 07-15-2010 0 1	0	1
double host name and timestamps Hi All, I have been trying to get Splunk to strip off the timestamp and host of forwarded events but do not understa... by bbear Explorer in Getting Data In 07-14-2010 1 3	1	3
overlapping directives in inputs.conf I have a tree of files on a forwarder that looks something like the following: /foo/able/ /foo/baker/ /foo/charlie/ ... by mfrost8 Builder in Getting Data In 07-14-2010 1 2	1	2
how to get fifo to be sourceType=syslog? Greetings experts, I am using syslog-ng and Splunk on the same box. I have configure syslog-ng to pipe the incoming ... by bbear Explorer in Getting Data In 07-14-2010 1 3	1	3
Splunk Indexer stripping out fields when receiving data from SplunkLF Client Apparently my indexer is stripping out the syslog-ng flag fields ([INFO], [WARNING], and [CRIT]) when indexing syslog... by balbano Contributor in Getting Data In 07-14-2010 0 9	0	9
Search head configured as a forwarder? I'm trying to setup a Splunk search head. I'm really trying to convert an existing light-weight forwarder server to ... by mfrost8 Builder in Getting Data In 07-14-2010 1 4	1	4