Getting Data In

Community Activity

multiple inputs parser error When i try and run a multiple input search running 4.1.2 on windows 7 im getting an error message that causes search ... by riderofyamaha Explorer in Getting Data In 07-07-2010 0 3	0	3
SplunkLightweightForwarder app require inputs.conf? Or can i enable "applicationx" with its own inputs.conf. only the lightweightforwarder and the "applicationx" apps a... by hiddenkirby Contributor in Getting Data In 07-07-2010 0 3	0	3
BIND IP Causing issues with RTSearch... We have done an interface binding (to IP: index1_IP) on one of our indexers. This was done on one of the indexer (in... by balbano Contributor in Getting Data In 07-07-2010 0 4	0	4
Indexing does not start on HP-UX 11.31 I have a fresh install of 4.1.2 on a HP-UX 11v3 box and it automatically paused indexing. I've moved the indexes over... by mattgates Explorer in Getting Data In 07-06-2010 0 1	0	1
Why does Splunk complain about a missing parenthetical? This is a very vague question. I have received a query from a partner who has observed Splunk erroring out complaini... by hulahoop Splunk Employee in Getting Data In 07-06-2010 2 3	2	3
Size limit on for an event? Part 2 Hi, I searched the Splunk>answers and saw someone had asked the question before. But my situation is a little differe... by alextsui Path Finder in Getting Data In 07-06-2010 1 5	1	5
Integrating a series of flat values into Splunk Hello all, I'm on the fish for ideas or anybody who has previous experience with this. Essentially, we have two tab... by srw46 Path Finder in Getting Data In 07-05-2010 1 3	1	3
Does SEDCMD work line-by-line or on the entire event? Out of the box, the unix sed command operates on a line-by-line basis. Is this the same for the SEDCMD setting in pr... by Lowell Super Champion in Getting Data In 07-02-2010 2 5	2	5
time stamping problem using TIME_PREFIX I have events that get written to a log file with the timestamp being included in this format <date>7/2/2010 1:13... by cpenkert Path Finder in Getting Data In 07-02-2010 0 4	0	4
Active Directory monitor not enumerating existing objects I've enabled the Active Directory monitoring module. I'm getting events as objects are modified but I would expect th... by erga00 Path Finder in Getting Data In 07-02-2010 1 2	1	2
Sourcetypes Definition with lea_opsec If I use lea_opsec to gather Checkpoint informations, I can define a simple data input for that. But if I get Logeve... by simuvid Splunk Employee in Getting Data In 07-01-2010 0 1	0	1
Splunk on a Domain Controller Is there any possibility to run an Splunk Forwarder on a Windows 2008 Domain Controller so that the Forwarder is runn... by simuvid Splunk Employee in Getting Data In 07-01-2010 1 3	1	3
where is the forwarded data? I configured a linux forwarder. The receiving one is a windows splunk server. The splunkd.log says that events are d... by mihika Engager in Getting Data In 06-30-2010 0 1	0	1
Searching mulitple Time Fields within a record Relatively new to splunk. I have a csv that has been splunked and splunk extracted the header record and assigned the... by astsgops New Member in Getting Data In 06-30-2010 0 1	0	1
Why is /etc/shadow being indexed? Does fschange index files? unix [monitor:///etc] unix _blacklist = (/etc/shadow) system _rcvbuf = 1572864 unix _whitelist ... by oreoshake Communicator in Getting Data In 06-30-2010 1 8	1	8
Disable loading of splunk-regmon Hi, How can I stop the loading of splunk-regmon? I'm getting these errors: ERROR ExecProcessor - message from ... by Derek Path Finder in Getting Data In 06-30-2010 1 4	1	4
Splunk not receiving any events from custom (scripted) inputs Hello, I created a windows executable which reads lines from a file and outputs to console and made Splunk run this ... by hiwell Explorer in Getting Data In 06-29-2010 0 4	0	4
merging data at index time or using the second date for the time stamp I have a log that looks like this: 2010/06/28 12:44:21 - -ERROR(Version: 1.0 Buildguy from 2009-05-12 08.45.26) : 2... by kmaynard616 Engager in Getting Data In 06-29-2010 1 1	1	1
Performance of Forwarder in high volume environment Hello guys, I am estimating to receive firewall events of ~200K EPS from 10 core firewalls. My initial thoughts are ... by silvermail Path Finder in Getting Data In 06-29-2010 3 5	3	5
How to index current firmware version of Dell hardware? How could I the capture firmware version of a Dell chassis/blade etc. and index it into Splunk? by muebel SplunkTrust in Getting Data In 06-29-2010 0 3	0	3
Mail headers and received timestamps I'm running a mail delivery test from outside our network to watch for long delays on delivery. Splunk is all set to ... by twinspop Influencer in Getting Data In 06-29-2010 0 4	0	4
Will Splunk index events older than existing indexed events (same source) Hi all, I have a fairly basic (but confusing) question for you all. Essentially, this is the go...: For a prod Apac... by aaronnicoli Path Finder in Getting Data In 06-29-2010 1 5	1	5
Cisco appz for all addresses I'm in the process of figuring out the cisco-related apps and add-ons, and one notable point is that by default 10.* ... by cmeo Contributor in Getting Data In 06-29-2010 1 2	1	2
Is there a maximum number of forwarders per indexer? Is there a maximum number of forwarders that a single indexer can support, or is the limiting factor on the indexer j... by Jeremiah Motivator in Getting Data In 06-28-2010 1 5	1	5
What is splunk's capacity for receiving UDP events/second? We have an index that gets around 2million events/hour and it seems not a sizable number of events are not making it ... by Chris_R_ Splunk Employee in Getting Data In 06-28-2010 2 1	2	1