Getting Data In

Community Activity

how to get fifo to be sourceType=syslog? Greetings experts, I am using syslog-ng and Splunk on the same box. I have configure syslog-ng to pipe the incoming ... by bbear Explorer in Getting Data In 07-14-2010 1 3	1	3
Splunk Indexer stripping out fields when receiving data from SplunkLF Client Apparently my indexer is stripping out the syslog-ng flag fields ([INFO], [WARNING], and [CRIT]) when indexing syslog... by balbano Contributor in Getting Data In 07-14-2010 0 9	0	9
Search head configured as a forwarder? I'm trying to setup a Splunk search head. I'm really trying to convert an existing light-weight forwarder server to ... by mfrost8 Builder in Getting Data In 07-14-2010 1 4	1	4
Splunk not starting upon Windows command-line msiexec install Here's an odd one. Anyone run into this before? I am at a client and have put together a package based on this answe... by Jason Motivator in Getting Data In 07-14-2010 0 3	0	3
time start and time end im doing a username search and i want two fields in my results table to be the time the user sarted the connection an... by riderofyamaha Explorer in Getting Data In 07-14-2010 0 5	0	5
Remote File Monitoring Is there any way to monitor the attributes of files such as 'Date Created' or 'Modified Date' rather than modify the ... by micah1683 Engager in Getting Data In 07-14-2010 1 1	1	1
Configure interval for forwarding Windows Event Logs to Forwarder I installed Splunk on a Windows DC and configured it as Light Forwarder to send the events to a linux based Splunk In... by klkumar10 Explorer in Getting Data In 07-14-2010 0 1	0	1
How do I Monitor a UNC path? From server1, I have access to the desired UNC path, and this same user is running splunk, so I know access is not an... by seanlon11 Path Finder in Getting Data In 07-13-2010 1 4	1	4
Reset SplunkLightForwarder How may I reset a SplunkLightForwarder so that it will start from scratch and re-forward all data again? (v4.1.3) by broller25 Explorer in Getting Data In 07-11-2010 2 2	2	2
reindexing tossed data from too low a maxTotalDataSizeMB setting Hello: If an index is kept small due to a low default setting, how can I have splunk reindex a large pool of data on... by b1nki3 Explorer in Getting Data In 07-09-2010 0 1	0	1
Will Splunk re-start processing of a file if it is renamed? I am monitoring a directory with contains files that are rotated. Example: A file, today.logs is currently being p... by Brian Engager in Getting Data In 07-09-2010 1 1	1	1
Forwarder tcpout_connections blocked This configuration is two 3.4.2 forwarders -> two 4.1.2 indexers. Forwarders have two UDP inputs & two seperate assig... by Chris_R_ Splunk Employee in Getting Data In 07-09-2010 0 2	0	2
A few events from a single log source file are getting stuck together at indexing - why? I am indexing a log file of about 50,000 single line events and for the most part the events are indexed fine. This r... by pj Contributor in Getting Data In 07-08-2010 0 2	0	2
Indexing Queues Blocked if Network Is Not Reachable, why? My Indexer is receiving data from a Forwarder but also sending data to non Splunk device. This external device becam... by mzorzi Splunk Employee in Getting Data In 07-08-2010 2 5	2	5
Where are TCP and UDP inputs indexed? When I configure network inputs (TCP or UDP), I provide the port number and sourcetype, but there is nowhere to speci... by lguinn2 Legend in Getting Data In 07-07-2010 1 5	1	5
How to use timezone in Multi-Timezone system? Hi, There are several questions about timezone configuration. I know that splunk use the timezone information in r... by dianbo_1 Path Finder in Getting Data In 07-07-2010 0 3	0	3
multiple inputs parser error When i try and run a multiple input search running 4.1.2 on windows 7 im getting an error message that causes search ... by riderofyamaha Explorer in Getting Data In 07-07-2010 0 3	0	3
SplunkLightweightForwarder app require inputs.conf? Or can i enable "applicationx" with its own inputs.conf. only the lightweightforwarder and the "applicationx" apps a... by hiddenkirby Contributor in Getting Data In 07-07-2010 0 3	0	3
BIND IP Causing issues with RTSearch... We have done an interface binding (to IP: index1_IP) on one of our indexers. This was done on one of the indexer (in... by balbano Contributor in Getting Data In 07-07-2010 0 4	0	4
Indexing does not start on HP-UX 11.31 I have a fresh install of 4.1.2 on a HP-UX 11v3 box and it automatically paused indexing. I've moved the indexes over... by mattgates Explorer in Getting Data In 07-06-2010 0 1	0	1
Why does Splunk complain about a missing parenthetical? This is a very vague question. I have received a query from a partner who has observed Splunk erroring out complaini... by hulahoop Splunk Employee in Getting Data In 07-06-2010 2 3	2	3
Size limit on for an event? Part 2 Hi, I searched the Splunk>answers and saw someone had asked the question before. But my situation is a little differe... by alextsui Path Finder in Getting Data In 07-06-2010 1 5	1	5
Integrating a series of flat values into Splunk Hello all, I'm on the fish for ideas or anybody who has previous experience with this. Essentially, we have two tab... by srw46 Path Finder in Getting Data In 07-05-2010 1 3	1	3
Does SEDCMD work line-by-line or on the entire event? Out of the box, the unix sed command operates on a line-by-line basis. Is this the same for the SEDCMD setting in pr... by Lowell Super Champion in Getting Data In 07-02-2010 2 5	2	5
time stamping problem using TIME_PREFIX I have events that get written to a log file with the timestamp being included in this format <date>7/2/2010 1:13... by cpenkert Path Finder in Getting Data In 07-02-2010 0 4	0	4