Getting Data In

Community Activity

Newbie Question: Getting Data into a Distributed Cluster Hey all! I am trying to understand splunk a little better. I am trying to setup a search head and two indexers. I ... by zadunn Engager in Getting Data In 06-17-2010 1 1	1	1
Cisco Firewall Add-On I downloaded and installed the Cisco Firewall Add-On and it properly renamed the sourcetype of my ASA, FWSM and PIX f... by johndursplk Engager in Getting Data In 06-17-2010 1 3	1	3
cannot get data from directory path i need to index a bunch of xml logs that have an extension of .stats i was able to just upload one of them from the ... by jsharvina New Member in Getting Data In 06-16-2010 0 3	0	3
What is the smallest Splunk license I can get or split to? I currently have a 1GB/day Splunk license and I need to have it split up into a smaller 200MB, 300MB, and a 500MB lic... by maverick Splunk Employee in Getting Data In 06-16-2010 1 1	1	1
Do you think splunk could scale to 1 petabyte a day? Do you think splunk could scale to 1 petabyte a day? What is the amount indexed by the largest installation out ther... by oreoshake Communicator in Getting Data In 06-15-2010 1 2	1	2
What's the best practice to ensure all your forwarders have forwarded all the events up to a certain timestamp? Here's one possible solution I think would work if the there are constant events coming in from each source. search ... by dinh Path Finder in Getting Data In 06-14-2010 5 6	5	6
How to Configure timestamps for events with multiple timestamps I followed the directions for configuring custom timestamps for events with multiple timestamps but I am not getting ... by mawwx3 Explorer in Getting Data In 06-14-2010 1 6	1	6
Splunk train sourcetype doesn't work, gives "Parameters must be in the form '-parameter value'" When i try to train splunk to automatically recognize files of a given type, I get the following: # $SPLUNK_HOME/bin... by jrodman Splunk Employee in Getting Data In 06-14-2010 0 1	0	1
fschange pollPeriod parameter If I specify pollPeriod parameter for fschange, is it supposed to generate an event each time it checks file for chan... by kkuminsky Path Finder in Getting Data In 06-14-2010 0 2	0	2
How do I upgrade my Windows 32-bit splunk install to a 64-bit install? I'm looking to upgrade my splunk forwarder from a 32-bit Windows version to the 64-bit windows version. Can I simply... by Lowell Super Champion in Getting Data In 06-12-2010 1 1	1	1
Windows WMI configuration Hi, Is there a way to configure how Splunk get the data from WMI for event logs, ex: how often Splunk check the host... by phoenixsecure Engager in Getting Data In 06-11-2010 1 2	1	2
WMI event logs manager Hi, I defined over 60 hosts in Remote Windows Event log manager on splunk but when I go back in the manager I only s... by phoenixsecure Engager in Getting Data In 06-11-2010 1 1	1	1
How does the connection process work when querying a large number of WMI hosts for statistics (not eventlogs) If have 100 desktops i want to collect a few statistics from.. say every 30s... does Splunk make 100 queries every 3... by Michael_Wilde Splunk Employee in Getting Data In 06-11-2010 2 1	2	1
Best Practices for Multi-User Search Performance Hey guys, I currently have a 3-server architecture (2 central indexers with 1 search head). We are looking to have ... by balbano Contributor in Getting Data In 06-11-2010 1 6	1	6
Could you provide more monitoring detail on a directory monitored via batch/sinkhole ? I have 10's of thousands of files(tarballs) i want to monitor via batch/sinkhole. [batch:///var/log/archived_files] ... by Chris_R_ Splunk Employee in Getting Data In 06-10-2010 1 2	1	2
How to get Splunk to work with Sawmill server? Hi, At the moment we have had number Ironport appliances deployed but their log files being uploaded to FTP server (... by thinguyen Engager in Getting Data In 06-10-2010 2 3	2	3
How do I make a report save to a share on a different server every 24 hours? I run a report every 24 hours, and I want to make the .csv results file available to multiple users afterwards. Can ... by Mick Splunk Employee in Getting Data In 06-10-2010 1 3	1	3
Monitoring changes to configuration files Trying to monitor changes to configuration files. Followed this article: http://www.splunk.com/base/Documentation/4.... by kkuminsky Path Finder in Getting Data In 06-10-2010 1 4	1	4
Access splunk manager from a public URL I have splunk hosted on a win2k machine with IIS7.5 running. How do I configure splunk so I can access it from my lo... by robvolk New Member in Getting Data In 06-10-2010 0 4	0	4
Flashtimeline renders events at wrong time for users in different timezones We have users that are in another timezone (30 minutes off the servers) and events in their flashtimeline are appeari... by nclarkau Path Finder in Getting Data In 06-09-2010 0 2	0	2
How do I install the Cisco MARS Archive add-on? How do I install and configure the Cisco MARS archive add-on on Splunkbase? by Will_Hayes Splunk Employee in Getting Data In 06-09-2010 0 3	0	3
syslog using Splunk Hi, can anyone tell me if I could do this using Splunk: Log from particular host to a particular directory, Archive l... by uber_cookie New Member in Getting Data In 06-09-2010 0 1	0	1
Experiences rolling frozen storage into HSM (Hierarchal Storage Management) Does anyone have experience integrating splunk with a hierarchal storage management system (like AMASS, Legato, or T... by dwaddle SplunkTrust in Getting Data In 06-08-2010 1 1	1	1
Some of my indexes have stopped indexing... For some reason, looks like 2-3 of my indexes have stopped indexing. The monitor point to the indexes is pointed to d... by balbano Contributor in Getting Data In 06-07-2010 0 3	0	3
How to send a notification when the my iindexer process through a certain amount of forwarded data I want a search that will tell me the total throughput of my indexing server, and then setup a notification if that t... by seanlon11 Path Finder in Getting Data In 06-07-2010 0 8	0	8