Getting Data In

Community Activity

Is there a way to route data being sent to a UDP port to a specific index based on the source host? My Splunk server is listening to UDP port 514 for syslog information. How can I route data to a given index based on... by cdavidy Explorer in Getting Data In 05-03-2010 0 1	0	1
When a file is already set to index to splunk, and that file gets overwritten with updates, meaning instead of file being appended, does splunk smart enough to not to reindex already indexed data and only index what's newly aded? Instead of file being appended, if the file gets overwritted or rewrited, does splunk re-evaluates the entire file da... by clyde772 Communicator in Getting Data In 05-02-2010 1 1	1	1
Can I linebreak indexed data that's not correctly linebroken? I have seen manytime where Splunk didn't copped either multi or single line data correctly ending up with events that... by clyde772 Communicator in Getting Data In 05-01-2010 0 1	0	1
How can I extract the DATE from the middle of an event? I have an ISA web log of the following format. Splunk doesn't correctly identify the timestamp in every event, even ... by Ron_Naken Splunk Employee in Getting Data In 04-30-2010 4 2	4	2
fschange creating event for each line of file. I am trying to implement file integrity monitoring. I have configured fschange as follows: [fschange:/opt/bea/10_sp0... by jbidinger Explorer in Getting Data In 04-30-2010 0 6	0	6
how do I change a host when seeing multiple hosts? I see the same host in my Summary page in Search app with same event count. They are the same host but show up like:... by micropotato Engager in Getting Data In 04-30-2010 1 1	1	1
What's the limit of index count per indexer? Hi everybody At the moment I've got about 170 indexes on my indexer. I What's the best practice limit of numbers of... by Simon Contributor in Getting Data In 04-29-2010 0 2	0	2
What is the purpose of the _s _st and _h indexed fields? Can someone shed light on the purpose of the _s _st and _h indexed fields? These seem to correspond to source, sourc... by Lowell Super Champion in Getting Data In 04-29-2010 0 2	0	2
Agent vs Agentless event gathering on Windows Regarding agent vs agentless data / event gatering, WMI (agentless) seems easier to setup from within Splunk to pull ... by maverick Splunk Employee in Getting Data In 04-28-2010 1 2	1	2
How to take advantage of a multi-core indexer? My indexer has a Intel Xeon X5570 which has four cores. http://ark.intel.com/Product.aspx?id=37111 How can I make s... by muebel SplunkTrust in Getting Data In 04-27-2010 1 1	1	1
Who is forwarding data How can I tell which servers in my enterprise are forwarding to the master server. We do automated installs of vm's a... by bc_unixadm Explorer in Getting Data In 04-27-2010 1 5	1	5
Splunking my Checkpoint firewall logs Can Splunk index events from my Checkpoint firewall logs? If so, how can I set that up? by maverick Splunk Employee in Getting Data In 04-27-2010 1 4	1	4
Use the Deployment Manager to change Splunk Forwarding agent passwords? Currently, all agents installed on hosts default to 'changeme' and this credential is still used when the forwarder i... by jradkowskiAAMC Explorer in Getting Data In 04-26-2010 0 2	0	2
Forwarded events are showing on CLI output during CLI search operation. I had configured splunk forwarder and receiver in a Linux system as per the Admin manual. I tried searching the forwa... by sivakumar_inbox Engager in Getting Data In 04-26-2010 1 2	1	2
index settings using "auto" - what is my bucket size? We are on 4.05 and are using the default of memPoolMB = auto in indexes.conf. Is there a way I can find out what size... by cpenkert Path Finder in Getting Data In 04-24-2010 1 5	1	5
If using the LWF, what do I need to enable to send syslog (udp) to a 3rd party system? Referenced Doc: http://www.splunk.com/base/Documentation/4.1/Admin/Moreaboutforwarders I need to be able to send da... by SK110176 Path Finder in Getting Data In 04-24-2010 1 4	1	4
I've set up a forwarder but I'm not receving any events on the splunk indexer. I've verified that the indexer (receiver) is the same or later version of Splunk as the forwarder. What log or config... by Jaci Splunk Employee in Getting Data In 04-23-2010 4 6	4	6
Splunk 3.4.4 LWF doesn´t process data until logrotate happens. Why? We have on four Linux SLES10_64 Servers Splunk 3.4.4. Forwarders installed. Usually our production logs produce a con... by tpaulsen Contributor in Getting Data In 04-23-2010 0 1	0	1
how do i segregate data from one splunk forwarder in a seperate index? I have one splunk forwarder I need to segregate from other indexes. I have created its own index and I need to know h... by Alan_Bradley Path Finder in Getting Data In 04-23-2010 1 2	1	2
Too many license violations, how do I get searches working again? Currently, when I try to run a search in Splunk, I get the following error message: "Error in 'UnifiedSearch': You... by mctester Communicator in Getting Data In 04-22-2010 1 1	1	1
How to forward data to different indexes from one single input.conf forwarder to one single indexer? Hello, i want to collect logs from one forwarder (Splunk 4.0.10) and forward the data to different indexes on one in... by tpaulsen Contributor in Getting Data In 04-22-2010 1 7	1	7
Splunkweb crashes, although splunkd is still running, is this a known problem? This has happened twice so far in a week. Users begin contacting me that they are unable to log in. Both times I ra... by tier2ops Explorer in Getting Data In 04-21-2010 1 6	1	6
overriding sourcetype with sourcetype= in props.conf Hello, when using the following setup in props.conf, i was able to get the sourcetypes I want. [source::/var/splunk/... by alextsui Path Finder in Getting Data In 04-21-2010 2 1	2	1
Trouble Indexing Multiple sourcetypes from a Single monitor I have a set of logs that no longer appear to be being indexed. I had originally configured the monitor as follows...... by jheilman Explorer in Getting Data In 04-21-2010 0 2	0	2
How to Force Event Timezone Settings per Host Hi Guys, We have built a small Splunk app to retrieve and index web usage info from multiple SQL databases. My Splun... by rbruno7 Explorer in Getting Data In 04-21-2010 0 6	0	6