Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
mmletzko

lea-loggrabber.sh for Checkpoint not quite working, logs are not showing in Splunk

I have the lea loggrabber for Checkpoint setup but its not quite working...I am missing something. When I execute th...
by mmletzko Path Finder in Getting Data In 06-21-2010
0 3
0
3
Genti

Splunk stopped indexing syslog (udp:514) data

@ a customers site: " Splunk was indexing udp:514 data until this Wednesday when it stopped altogether. Using TCPDump...
by Genti Splunk Employee Splunk Employee in Getting Data In 06-18-2010
0 1
0
1
kris2000

Reliability of a forwarder

Hello everyone , We are planning to have a Splunk setup as below: LightForwarders -> Forwarders -> Indexers Assumi...
by kris2000 Explorer in Getting Data In 06-18-2010
1 2
1
2
zadunn

Newbie Question: Getting Data into a Distributed Cluster

Hey all! I am trying to understand splunk a little better. I am trying to setup a search head and two indexers. I ...
by zadunn Engager in Getting Data In 06-17-2010
1 1
1
1
johndursplk

Cisco Firewall Add-On

I downloaded and installed the Cisco Firewall Add-On and it properly renamed the sourcetype of my ASA, FWSM and PIX f...
by johndursplk Engager in Getting Data In 06-17-2010
1 3
1
3
jsharvina

cannot get data from directory path

i need to index a bunch of xml logs that have an extension of .stats i was able to just upload one of them from the ...
by jsharvina New Member in Getting Data In 06-16-2010
0 3
0
3
maverick

What is the smallest Splunk license I can get or split to?

I currently have a 1GB/day Splunk license and I need to have it split up into a smaller 200MB, 300MB, and a 500MB lic...
by maverick Splunk Employee Splunk Employee in Getting Data In 06-16-2010
1 1
1
1
oreoshake

Do you think splunk could scale to 1 petabyte a day?

Do you think splunk could scale to 1 petabyte a day? What is the amount indexed by the largest installation out ther...
by oreoshake Communicator in Getting Data In 06-15-2010
1 2
1
2
dinh

What's the best practice to ensure all your forwarders have forwarded all the events up to a certain timestamp?

Here's one possible solution I think would work if the there are constant events coming in from each source. search ...
by dinh Path Finder in Getting Data In 06-14-2010
5 6
5
6
mawwx3

How to Configure timestamps for events with multiple timestamps

I followed the directions for configuring custom timestamps for events with multiple timestamps but I am not getting ...
by mawwx3 Explorer in Getting Data In 06-14-2010
1 6
1
6
jrodman

Splunk train sourcetype doesn't work, gives "Parameters must be in the form '-parameter value'"

When i try to train splunk to automatically recognize files of a given type, I get the following: # $SPLUNK_HOME/bin...
by jrodman Splunk Employee Splunk Employee in Getting Data In 06-14-2010
0 1
0
1
kkuminsky

fschange pollPeriod parameter

If I specify pollPeriod parameter for fschange, is it supposed to generate an event each time it checks file for chan...
by kkuminsky Path Finder in Getting Data In 06-14-2010
0 2
0
2
Lowell

How do I upgrade my Windows 32-bit splunk install to a 64-bit install?

I'm looking to upgrade my splunk forwarder from a 32-bit Windows version to the 64-bit windows version. Can I simply...
by Lowell Super Champion in Getting Data In 06-12-2010
1 1
1
1
phoenixsecure

Windows WMI configuration

Hi, Is there a way to configure how Splunk get the data from WMI for event logs, ex: how often Splunk check the host...
by phoenixsecure Engager in Getting Data In 06-11-2010
1 2
1
2
phoenixsecure

WMI event logs manager

Hi, I defined over 60 hosts in Remote Windows Event log manager on splunk but when I go back in the manager I only s...
by phoenixsecure Engager in Getting Data In 06-11-2010
1 1
1
1
Michael_Wilde

How does the connection process work when querying a large number of WMI hosts for statistics (not eventlogs)

If have 100 desktops i want to collect a few statistics from.. say every 30s... does Splunk make 100 queries every 3...
by Michael_Wilde Splunk Employee Splunk Employee in Getting Data In 06-11-2010
2 1
2
1
balbano

Best Practices for Multi-User Search Performance

Hey guys, I currently have a 3-server architecture (2 central indexers with 1 search head). We are looking to have ...
by balbano Contributor in Getting Data In 06-11-2010
1 6
1
6
Chris_R_

Could you provide more monitoring detail on a directory monitored via batch/sinkhole ?

I have 10's of thousands of files(tarballs) i want to monitor via batch/sinkhole. [batch:///var/log/archived_files] ...
by Chris_R_ Splunk Employee Splunk Employee in Getting Data In 06-10-2010
1 2
1
2
thinguyen

How to get Splunk to work with Sawmill server?

Hi, At the moment we have had number Ironport appliances deployed but their log files being uploaded to FTP server (...
by thinguyen Engager in Getting Data In 06-10-2010
2 3
2
3
Mick

How do I make a report save to a share on a different server every 24 hours?

I run a report every 24 hours, and I want to make the .csv results file available to multiple users afterwards. Can ...
by Mick Splunk Employee Splunk Employee in Getting Data In 06-10-2010
1 3
1
3
kkuminsky

Monitoring changes to configuration files

Trying to monitor changes to configuration files. Followed this article: http://www.splunk.com/base/Documentation/4....
by kkuminsky Path Finder in Getting Data In 06-10-2010
1 4
1
4
robvolk

Access splunk manager from a public URL

I have splunk hosted on a win2k machine with IIS7.5 running. How do I configure splunk so I can access it from my lo...
by robvolk New Member in Getting Data In 06-10-2010
0 4
0
4
nclarkau

Flashtimeline renders events at wrong time for users in different timezones

We have users that are in another timezone (30 minutes off the servers) and events in their flashtimeline are appeari...
by nclarkau Path Finder in Getting Data In 06-09-2010
0 2
0
2
Will_Hayes

How do I install the Cisco MARS Archive add-on?

How do I install and configure the Cisco MARS archive add-on on Splunkbase?
by Will_Hayes Splunk Employee Splunk Employee in Getting Data In 06-09-2010
0 3
0
3
uber_cookie

syslog using Splunk

Hi, can anyone tell me if I could do this using Splunk: Log from particular host to a particular directory, Archive l...
by uber_cookie New Member in Getting Data In 06-09-2010
0 1
0
1
Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...
Top Solution Authors
View All