Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
erga00

Excluding folders with monitor input

I have a folder containing logs as below. I want to exclude all directories not named DONTINDEX_* and index the conte...
by erga00 Path Finder in Getting Data In 08-17-2010
3 6
3
6
rotten

maxDist value varies (in forwarders)

I've noticed that the maxDist value in the props.conf on various lightweight forwarders varies. I've never explicit...
by rotten Communicator in Getting Data In 08-17-2010
1 1
1
1
timbCFCA

Cisco Firewall addon data source

Can the Cisco Firewall addon be restricted to only analyze data from a specific source or sourcetype? I have reports...
by timbCFCA Path Finder in Getting Data In 08-17-2010
0 2
0
2
ruiaires

how to make a temporary backup/restore of Splunk on Windows server ?

We've been having severe Splunk performance issues on the following system: Windows 2008 R2 Enterprise 64 with a 2 C...
by ruiaires Path Finder in Getting Data In 08-17-2010
0 3
0
3
muebel

IIS on a Indexer?

I would like to install IIS on a Splunk Indexer. Is there any way that this would cause any issues?
by SplunkTrust SplunkTrust in Getting Data In 08-17-2010
1 1
1
1
jbidinger

fschange with recurse=true - unexpected results from whitelist

I'm trying to monitor the xml files that define a Solaris service. These files live under /var/svc/manifest/.../*.xml...
by jbidinger Explorer in Getting Data In 08-16-2010
1 5
1
5
mpatnode

Why does "splunk train cmd classify" say "Parameters must be in the form '-parameter value'

I tried "splunk train sourcetype filename sourcename" and received the same error. Then I found this answer and got...
by mpatnode Path Finder in Getting Data In 08-16-2010
1 2
1
2
kris2000

Browser session timing out quickly and inconsistently

Hello All I have Splunk 4.1.4 (splunk-4.1.4-82143-Linux-i686.tgz) installed (on Linux i686 box). I'm currently f...
by kris2000 Explorer in Getting Data In 08-16-2010
2 6
2
6
maverick

On Windows, can I use different credentials to pull WinEvents via WMI?

Does Splunk have the ability to use different sets of credentials for different monitoring on Windows? It appears o...
by maverick Splunk Employee Splunk Employee in Getting Data In 08-16-2010
0 1
0
1
mfrost8

TcpInputProc errors after turning on autoLB on forwarders

We recently started turning on 'autoLB' for our lightweight forwarders. We use the default value of 30 seconds for t...
by mfrost8 Builder in Getting Data In 08-15-2010
0 4
0
4
skippylou

Indexes + data retirement + Earliest Event

So looking at the Indexes page in Manager, I can tell that one of my indexes has hit the size limit and is successful...
by skippylou Communicator in Getting Data In 08-14-2010
4 1
4
1
simuvid

Filter Origin from LEA_OPSEC Input

Hi all, I have posted a similar question before, but I think I was not specific enough. What I mean is, when gettin...
by simuvid Splunk Employee Splunk Employee in Getting Data In 08-14-2010
0 2
0
2
christopherutz

Rename sourcetype for only one app

We are standardizing some sourcetype names and had the idea to provide a "compatibility" app in which users could run...
by christopherutz Path Finder in Getting Data In 08-13-2010
1 3
1
3
leonardw

Volume of SYSLOG traffic coming into splunk?

Does anyone know how to determine the volume of SYSLOG traffic coming into Splunk over a 30, 60, and 90 day period?
by leonardw Explorer in Getting Data In 08-13-2010
1 6
1
6
jeffa

Pad thousandths of a second in timestamp with leading zeros

I have two sourcetypes where the thousandth of a second portion of the timestamp is not padded w/ leading zeros if th...
by jeffa Path Finder in Getting Data In 08-13-2010
2 13
2
13
snowmizer

fschange not picking up changes for all subfolders

I would like to setup file system change monitoring on my Windows server (using fschange) where my users private fold...
by snowmizer Communicator in Getting Data In 08-13-2010
0 2
0
2
dhaffner

Can I block a sourcetype from being indexed?

We have a huge sudden input of a specific sourcetype and it is overloading the license. Can we somehow block it or s...
by dhaffner Path Finder in Getting Data In 08-13-2010
1 5
1
5
jbanda

splunk for F5 app: getting data to splunk

I installed the splunk for F5 app, and I'm trying to figure out how to get data from our 2 LTMs running ASM into splu...
by jbanda Path Finder in Getting Data In 08-13-2010
1 2
1
2
rv6abob

Forwarder interface for file info

I understand there is an interface on a forwarder to find out the status of files that are being forwarded. Can that ...
by rv6abob Engager in Getting Data In 08-11-2010
0 1
0
1
mgherman

Sourcetype Aliases

According to the documentation for Splunk version 3.x there is the ability to alias a sourcetype, however it does not...
by mgherman Explorer in Getting Data In 08-10-2010
0 1
0
1
wilsona

Cisco Firewall add-on

Hi, I cannot seem to get the cisco firewall add-on working with splunk for windows. Error is "TypeError: 'NoneType...
by wilsona New Member in Getting Data In 08-10-2010
0 3
0
3
woodchuck

configuring sourcetype with props transforms and inputs

hello everyone, I know there are many similar posts to this, and i have read a lot but i cant seem to get it to work...
by woodchuck New Member in Getting Data In 08-09-2010
0 2
0
2
ericjan

How to define the source type by the prefix of filename ?

I have the following log structure. Splunk is configured to monitor /var/logs directory, and the host is defined by p...
by ericjan New Member in Getting Data In 08-09-2010
0 2
0
2
Saltie06

Log4J SocketAppender & LoggingEvent

Is there a way to deserialize the LoggingEvent produced by Log4J when using the socket appender? Splunk appears to re...
by Saltie06 New Member in Getting Data In 08-09-2010
0 3
0
3
heterodyned

monitoring for /root/.bash_history works for particular copies of inputs.conf (depending on directory structure)

Hello Folks, I have two copies of inputs.conf, one is under the etc/apps/local directory ( created the local and pla...
by heterodyned Path Finder in Getting Data In 08-09-2010
0 2
0
2
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2026-2027 SplunkTrust is officially open. If ...
Top Solution Authors
View All